Mitigating Use-After-Free Attack with Application Program Loader

被引：0

作者：

Saito, Takamichi ^{[1
]}

Sugawara, Ryota ^{[1
]}

Yokoyama, Masateru ^{[1
]}

Kondo, Shuta ^{[1
]}

Miyazaki, Hiroyuki ^{[1
]}

Bing, Wang ^{[1
]}

Watanabe, Ryohei ^{[1
]}

机构：

[1] Meiji Univ, Dept Sci & Engn, Tama Ku, 1-1-1 Higashi Mita, Kawasaki, Kanagawa 2148571, Japan

来源：

2017 IEEE 31ST INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS (AINA) | 2017年

关键词：

Mitigation; Use-After-Free; Vulnerability; Memory Corruption;

D O I：

10.1109/AINA.2017.62

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

In the area of software security, use-after-free vulnerabilities have been reported since 2006. When the target vulnerable application is run, the attack exploits a dangling pointer after the heap memory is released. Until today, use-after-free attacks have been frequently reported in popular software such as browsers. This is a serious software security problem because a use-after-free attack allows an attacker to execute an arbitrary code to hijack an application control flow or to force a system crash. Some countermeasures have been proposed to thwart such attacks. However, most of these countermeasures have some problems such as the necessity of a source code or the problem of dependency. In this paper, we propose and evaluate the implementation of an application-level program loader to mitigate the use-after-free attack.

引用

页码：919 / 924

页数：6

共 50 条

[1] Mitigating Use-After-Free Attack using Library Considering Size and Number of Freed Memory
Ban, Yuya
Yamauchi, Toshihiro
2018 SIXTH INTERNATIONAL SYMPOSIUM ON COMPUTING AND NETWORKING WORKSHOPS (CANDARW 2018), 2018, : 398 - 404
[2] Mitigating Use-After-Free Attacks Using Memory-Reuse-Prohibited Library
Yamauchi, Toshihiro
Ikegami, Yuta
Ban, Yuya
IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS, 2017, E100D (10): : 2295 - 2306
[3] Dynamic Detection of Use-After-Free Bugs
S. A. Asryan
S. S. Gaissaryan
Sh. F. Kurmangaleev
A. M. Aghabalyan
N. G. Hovsepyan
S. S. Sargsyan
Programming and Computer Software, 2019, 45 : 365 - 371
[4] Detect use-after-free vulnerabilities in binaries
Han X.
Wei S.
Ye J.
Zhang C.
Ye Z.
Qinghua Daxue Xuebao/Journal of Tsinghua University, 2017, 57 (10): : 1022 - 1029
[5] Dynamic Detection of Use-After-Free Bugs
Asryan, S. A.
Gaissaryan, S. S.
Kurmangaleev, Sh F.
Aghabalyan, A. M.
Hovsepyan, N. G.
Sargsyan, S. S.
PROGRAMMING AND COMPUTER SOFTWARE, 2019, 45 (07) : 365 - 371
[6] DangSan: Scalable Use-after-free Detection
van der Kouwe, Erik
Nigade, Vinod
Giuffrida, Cristiano
PROCEEDINGS OF THE TWELFTH EUROPEAN CONFERENCE ON COMPUTER SYSTEMS (EUROSYS 2017), 2017, : 405 - 419
[7] A Fuzzer for Detecting Use-After-Free Vulnerabilities
Zhao, Xiaoqi
Qu, Haipeng
Yi, Jiaohong
Wang, Jinlong
Tian, Miaoqing
Zhao, Feng
MATHEMATICS, 2024, 12 (21)
[8] UFO: Predictive Concurrency Use-After-Free Detection
Huang, Jeff
PROCEEDINGS 2018 IEEE/ACM 40TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE), 2018, : 609 - 619
[9] Preventing Use-after-free with Dangling Pointers Nullification
Lee, Byoungyoung
Song, Chengyu
Jang, Yeongjin
Wang, Tielei
Kim, Taesoo
Lu, Long
Lee, Wenke
22ND ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2015), 2015,
[10] Uncovering Use-After-Free Conditions In Compiled Code
Dewey, David
Reaves, Bradley
Traynor, Patrick
PROCEEDINGS 10TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY ARES 2015, 2015, : 90 - 99

← 1 2 3 4 5 →