Dynamic Detection of Use-After-Free Bugs

被引：1

作者：

Asryan, S. A. ^{[2
]}

Gaissaryan, S. S. ^{[1
,3
,5
,6
]}

Kurmangaleev, Sh F. ^{[1
]}

Aghabalyan, A. M. ^{[4
]}

Hovsepyan, N. G. ^{[4
]}

Sargsyan, S. S. ^{[4
]}

机构：

[1] Russian Acad Sci, Ivannikov Inst Syst Programming, Moscow 109004, Russia

[2] Armenia Natl Acad Sci, Inst Problems Informat & Automat, Yerevan 0014, Armenia

[3] Moscow MV Lomonosov State Univ, Fac Computat Math & Cybernet, Moscow 119991, Russia

[4] Erevan State Univ, Yerevan 0025, Armenia

[5] Moscow Inst Phys & Technol, Dolgoprudnyi, Moscow Oblast, Russia

[6] State Univ Higher Sch Econ, Moscow 101000, Russia

来源：

PROGRAMMING AND COMPUTER SOFTWARE | 2019年 / 45卷 / 07期

基金：

俄罗斯基础研究基金会;

关键词：

Data handling - Program debugging;

D O I：

10.1134/S0361768819070028

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

A novel method for detecting use-after-free bugs based on the program dynamic analysis is described. In memory unsafe programming languages, such as C or C++, this class of bugs mainly occurs when the program tries to access an area of dynamically allocated memory that has been already freed. For each program execution path, the method checks the correction of the allocation, deallocation, and access operations. Since the dynamic analysis is used, bugs can be found only in the parts of the code that was actually executed. The symbolic program execution with the help of SMT (Satisfiability Modulo Theories) solvers is used. This allows us to generate data the processing of which produces new execution paths.

引用

页码：365 / 371

页数：7

共 50 条

[31] MarkUs: Drop-in use-after-free prevention for low-level languages
Ainsworth, Sam
Jones, Timothy M.
[J]. 2020 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP 2020), 2020, : 578 - 591
[32] Mpchecker: Use-After-Free Vulnerabilities Protection Based on Multi-Level Pointers
Qiang, Weizhong
Li, Weifeng
Jin, Hai
Surbiryala, Jayachander
[J]. IEEE ACCESS, 2019, 7 : 45961 - 45977
[33] Static Detection of Use-After-Free Vulnerability in Binaries via Constrained Path-Sensitive Value-Set Analysis
Wu, Tianjun
Yang, Yuexiang
[J]. BASIC & CLINICAL PHARMACOLOGY & TOXICOLOGY, 2019, 124 : 140 - 140
[34] All Use-After-Free Vulnerabilities Are Not Created Equal: An Empirical Study on Their Characteristics and Detectability
Chen, Zeyu
Liu, Daiping
Xiao, Jidong
Wang, Haining
[J]. PROCEEDINGS OF THE 26TH INTERNATIONAL SYMPOSIUM ON RESEARCH IN ATTACKS, INTRUSIONS AND DEFENSES, RAID 2023, 2023, : 623 - 638
[35] An Efficient Use-after-Free Mitigation Approach via Static Dangling Pointer Nullification
Yu, Yue
Jia, Xiaoqi
An, Xun
Zhang, Shengzhi
[J]. ICT SYSTEMS SECURITY AND PRIVACY PROTECTION (SEC 2022), 2022, 648 : 507 - 523
[36] Mitigating Use-After-Free Attacks Using Memory-Reuse-Prohibited Library
Yamauchi, Toshihiro
Ikegami, Yuta
Ban, Yuya
[J]. IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS, 2017, E100D (10): : 2295 - 2306
[37] HeapRevolver: Delaying and Randomizing Timing of Release of Freed Memory Area to Prevent Use-After-Free Attacks
Yamauchi, Toshihiro
Ikegami, Yuta
[J]. NETWORK AND SYSTEM SECURITY, (NSS 2016), 2016, 9955 : 219 - 234
[38] A Robust and Efficient Defense against Use-after-Free Exploits via Concurrent Pointer Sweeping
Liu, Daiping
Zhang, Mingwei
Wang, Haining
[J]. PROCEEDINGS OF THE 2018 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (CCS'18), 2018, : 1635 - 1648
[39] 基于S2E的Use-After-Free漏洞检测方案
冯震
聂森
王轶骏
薛质
[J]. 计算机应用与软件, 2016, 33 (04) : 273 - 276
[40] Mitigating Use-After-Free Attack using Library Considering Size and Number of Freed Memory
Ban, Yuya
Yamauchi, Toshihiro
[J]. 2018 SIXTH INTERNATIONAL SYMPOSIUM ON COMPUTING AND NETWORKING WORKSHOPS (CANDARW 2018), 2018, : 398 - 404

← 1 2 3 4 5 →