Use-After-Free Mitigation via Protected Heap Allocation

Use after free (UAF) exploits have contributed to many software memory corruption attacks in recent practice. They are especially popular in the world of web browsers. Despite many successful UAF exploits against widelyused applications, state-of-the-art defense mechanisms have proved to still leave the systems vulnerable. In this paper, we argue that a successful UAF exploit is feasible because of the fine-grained determinism provided by existing heap memory allocators. We introduce a new defense strategy, ZEUS, that leverages additional memory buffers to make allocation outcomes locally unpredictable to adversaries. This fine-grained non-determinism prevents exact alignment of subsequent allocations and in-object member fields. It significantly lowers the success rate of a UAF exploit even in the presence of heap sprays. We validated our defense using real recent UAF exploits against several CVE vulnerabilities in large and popular software packages (FireFox and Tor browsers). ZEUS was able to terminate all the exploits in early stages and prevented successful location of the gadget addresses for the follow-up return-oriented programming steps of the intrusion. ZEUS's runtime performance overhead was negligible (1.2% on average).