TY - JOUR
T1 - Mitigating use-after-free attacks using memory-reuse-prohibited library
AU - Yamauchi, Toshihiro
AU - Ikegami, Yuta
AU - Ban, Yuya
N1 - Funding Information:
We would like to thank Hiroyuki Uekawa of Okayama University for his support. This research was partially supported by Grant-in-Aid for Scientific Research 16H02829.
Publisher Copyright:
Copyright © 2017 The Institute of Electronics, Information and Communication Engineers.
PY - 2017/10
Y1 - 2017/10
N2 - Recently, there has been an increase in use-after-free (UAF) vulnerabilities, which are exploited using a dangling pointer that refers to a freed memory. In particular, large-scale programs such as browsers often include many dangling pointers, and UAF vulnerabilities are frequently exploited by drive-by download attacks. Various methods to prevent UAF attacks have been proposed. However, only a few methods can effectively prevent UAF attacks during runtime with low overhead. In this paper, we propose HeapRevolver, which is a novel UAF attackpreventionmethod that delays and randomizes the timing of release of freed memory area by using a memory-reuse-prohibited library, which prohibits a freed memory area from being reused for a certain period. The first condition for reuse is that the total size of the freed memory area is beyond the designated size. The threshold for the conditions of reuse of the freed memory area can be randomized by HeapRevolver. Furthermore, we add a second condition for reuse in which the freed memory area is merged with an adjacent freed memory area before release. Furthermore, HeapRevolver can be applied without modifying the target programs. In this paper, we describe the design and implementation of HeapRevolver in Linux and Windows, and report its evaluation results. The results show that HeapRevolver can prevent attacks that exploit existing UAF vulnerabilities. In addition, the overhead is small.
AB - Recently, there has been an increase in use-after-free (UAF) vulnerabilities, which are exploited using a dangling pointer that refers to a freed memory. In particular, large-scale programs such as browsers often include many dangling pointers, and UAF vulnerabilities are frequently exploited by drive-by download attacks. Various methods to prevent UAF attacks have been proposed. However, only a few methods can effectively prevent UAF attacks during runtime with low overhead. In this paper, we propose HeapRevolver, which is a novel UAF attackpreventionmethod that delays and randomizes the timing of release of freed memory area by using a memory-reuse-prohibited library, which prohibits a freed memory area from being reused for a certain period. The first condition for reuse is that the total size of the freed memory area is beyond the designated size. The threshold for the conditions of reuse of the freed memory area can be randomized by HeapRevolver. Furthermore, we add a second condition for reuse in which the freed memory area is merged with an adjacent freed memory area before release. Furthermore, HeapRevolver can be applied without modifying the target programs. In this paper, we describe the design and implementation of HeapRevolver in Linux and Windows, and report its evaluation results. The results show that HeapRevolver can prevent attacks that exploit existing UAF vulnerabilities. In addition, the overhead is small.
KW - Memory-reuse-prohibited library
KW - System security
KW - UAF attack-prevention
KW - Use-after-free (UAF) vulnerabilities
UR - http://www.scopus.com/inward/record.url?scp=85030232120&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85030232120&partnerID=8YFLogxK
U2 - 10.1587/transinf.2016INP0020
DO - 10.1587/transinf.2016INP0020
M3 - Article
AN - SCOPUS:85030232120
SN - 0916-8532
VL - E100D
SP - 2295
EP - 2306
JO - IEICE Transactions on Information and Systems
JF - IEICE Transactions on Information and Systems
IS - 10
ER -