Mitigating use-after-free attacks using memory-reuse-prohibited library

Toshihiro Yamauchi, Yuta Ikegami, Yuya Ban

Research output: Contribution to journalArticlepeer-review

2 Citations (Scopus)


Recently, there has been an increase in use-after-free (UAF) vulnerabilities, which are exploited using a dangling pointer that refers to a freed memory. In particular, large-scale programs such as browsers often include many dangling pointers, and UAF vulnerabilities are frequently exploited by drive-by download attacks. Various methods to prevent UAF attacks have been proposed. However, only a few methods can effectively prevent UAF attacks during runtime with low overhead. In this paper, we propose HeapRevolver, which is a novel UAF attackpreventionmethod that delays and randomizes the timing of release of freed memory area by using a memory-reuse-prohibited library, which prohibits a freed memory area from being reused for a certain period. The first condition for reuse is that the total size of the freed memory area is beyond the designated size. The threshold for the conditions of reuse of the freed memory area can be randomized by HeapRevolver. Furthermore, we add a second condition for reuse in which the freed memory area is merged with an adjacent freed memory area before release. Furthermore, HeapRevolver can be applied without modifying the target programs. In this paper, we describe the design and implementation of HeapRevolver in Linux and Windows, and report its evaluation results. The results show that HeapRevolver can prevent attacks that exploit existing UAF vulnerabilities. In addition, the overhead is small.

Original languageEnglish
Pages (from-to)2295-2306
Number of pages12
JournalIEICE Transactions on Information and Systems
Issue number10
Publication statusPublished - Oct 2017


  • Memory-reuse-prohibited library
  • System security
  • UAF attack-prevention
  • Use-after-free (UAF) vulnerabilities

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Computer Vision and Pattern Recognition
  • Electrical and Electronic Engineering
  • Artificial Intelligence


Dive into the research topics of 'Mitigating use-after-free attacks using memory-reuse-prohibited library'. Together they form a unique fingerprint.

Cite this