An Efficient Use-after-Free Mitigation Approach via Static Dangling Pointer Nullification

被引：0

作者：

Yu, Yue ^{[1
,2
]}

Jia, Xiaoqi ^{[1
,2
]}

An, Xun ^{[1
,2
]}

Zhang, Shengzhi ^{[3
]}

机构：

[1] Chinese Acad Sci, Inst Informat Engn, BKLONSPT Beijing Key Lab Network Secur & Protect, CAS KLONAT Key Lab Network Assessment Technol, Beijing, Peoples R China

[2] Univ Chinese Acad Sci, Sch Cyber Secur, Beijing, Peoples R China

[3] Boston Univ, Metropolitan Coll, Boston, MA 02215 USA

来源：

ICT SYSTEMS SECURITY AND PRIVACY PROTECTION (SEC 2022) | 2022年 / 648卷

关键词：

Use-after-free vulnerability; Vulnerability mitigation; Alias analysis; Dangling pointer; SAFETY;

D O I：

10.1007/978-3-031-06975-8_29

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

UAF (use-after-free) is one of the most severe program vulnerabilities, caused by dangling pointers. Existing vulnerability mitigation approaches either attempt to block possible exploitation without fixing the root cause problem, or identify and remove dangling pointers with huge runtime overhead. In this paper, we present SDPN (Static Dangling Pointer Nullification) to defeat use-after-free vulnerability by eliminating dangling pointers filtered in multiple stages during compilation time. We implement a prototype of SDPN and evaluate it using realworld CVE vulnerabilities, and the results show that SDPN can effectively protect programs from use-after-free vulnerability. We also test SDPN using SPEC 2006 and the experimental results demonstrate that the time overhead introduced by SDPN is almost negligible, i.e., <1%.

引用

页码：507 / 523

页数：17

共 50 条

[41] All Use-After-Free Vulnerabilities Are Not Created Equal: An Empirical Study on Their Characteristics and Detectability
Chen, Zeyu
Liu, Daiping
Xiao, Jidong
Wang, Haining
[J]. PROCEEDINGS OF THE 26TH INTERNATIONAL SYMPOSIUM ON RESEARCH IN ATTACKS, INTRUSIONS AND DEFENSES, RAID 2023, 2023, : 623 - 638
[42] Mitigating Use-After-Free Attacks Using Memory-Reuse-Prohibited Library
Yamauchi, Toshihiro
Ikegami, Yuta
Ban, Yuya
[J]. IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS, 2017, E100D (10): : 2295 - 2306
[43] HeapRevolver: Delaying and Randomizing Timing of Release of Freed Memory Area to Prevent Use-After-Free Attacks
Yamauchi, Toshihiro
Ikegami, Yuta
[J]. NETWORK AND SYSTEM SECURITY, (NSS 2016), 2016, 9955 : 219 - 234
[44] 基于S2E的Use-After-Free漏洞检测方案
冯震
聂森
王轶骏
薛质
[J]. 计算机应用与软件, 2016, 33 (04) : 273 - 276
[45] Mitigating Use-After-Free Attack using Library Considering Size and Number of Freed Memory
Ban, Yuya
Yamauchi, Toshihiro
[J]. 2018 SIXTH INTERNATIONAL SYMPOSIUM ON COMPUTING AND NETWORKING WORKSHOPS (CANDARW 2018), 2018, : 398 - 404
[46] 二进制程序中的use-after-free漏洞检测技术
韩心慧
魏爽
叶佳奕
张超
叶志远
[J]. 清华大学学报(自然科学版), 2017, 57 (10) : 1022 - 1029
[47] Efficient approach to the free energy of crystals via Monte Carlo simulations
Navascues, G.
Velasco, E.
[J]. PHYSICAL REVIEW E, 2015, 92 (02):
[48] Efficient Pattern-based Static Analysis Approach via Regular-Expression Rules
Zhang, Xiaowen
Zhou, Ying
Tan, Shin Hwei
[J]. 2023 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ANALYSIS, EVOLUTION AND REENGINEERING, SANER, 2023, : 132 - 143
[49] Static, free vibration, and buckling analyses of laminated composite plates via an isogeometric meshfree collocation approach
Huang, Jiazhao
Nguyen-Thanh, Nhon
Gao, Jingwen
Fan, Zheng
Zhou, Kun
[J]. COMPOSITE STRUCTURES, 2022, 285
[50] Static and dynamic cultivated land use efficiency in China: A minimum distance to strong efficient frontier approach
Han, Haibin
Zhang, Xiaoyu
[J]. JOURNAL OF CLEANER PRODUCTION, 2020, 246

← 1 2 3 4 5 →