Mitigating Use-After-Free Attack with Application Program Loader

被引：0

作者：

Saito, Takamichi ^{[1
]}

Sugawara, Ryota ^{[1
]}

Yokoyama, Masateru ^{[1
]}

Kondo, Shuta ^{[1
]}

Miyazaki, Hiroyuki ^{[1
]}

Bing, Wang ^{[1
]}

Watanabe, Ryohei ^{[1
]}

机构：

[1] Meiji Univ, Dept Sci & Engn, Tama Ku, 1-1-1 Higashi Mita, Kawasaki, Kanagawa 2148571, Japan

来源：

2017 IEEE 31ST INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS (AINA) | 2017年

关键词：

Mitigation; Use-After-Free; Vulnerability; Memory Corruption;

D O I：

10.1109/AINA.2017.62

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

In the area of software security, use-after-free vulnerabilities have been reported since 2006. When the target vulnerable application is run, the attack exploits a dangling pointer after the heap memory is released. Until today, use-after-free attacks have been frequently reported in popular software such as browsers. This is a serious software security problem because a use-after-free attack allows an attacker to execute an arbitrary code to hijack an application control flow or to force a system crash. Some countermeasures have been proposed to thwart such attacks. However, most of these countermeasures have some problems such as the necessity of a source code or the problem of dependency. In this paper, we propose and evaluate the implementation of an application-level program loader to mitigate the use-after-free attack.

引用

页码：919 / 924

页数：6

共 50 条

[21] xTag: Mitigating Use-After-Free Vulnerabilities via Software-Based Pointer Tagging on Intel x86-64
Bernhard, Lukas
Rodler, Michael
Holz, Thorsten
Davit, Lucas
2022 IEEE 7TH EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY (EUROS&P 2022), 2022, : 502 - 519
[22] Identifying Use-After-Free Variables in Fire-and-Forget Tasks
Krishna, Jyothi V. S.
Litvinov, Vassily
2017 IEEE INTERNATIONAL PARALLEL AND DISTRIBUTED PROCESSING SYMPOSIUM WORKSHOPS (IPDPSW), 2017, : 1086 - 1094
[23] MineSweeper: A "Clean Sweep" for Drop-In Use-after-Free Prevention
Erdos, Marton
Ainsworth, Sam
Jones, Timothy M.
ASPLOS '22: PROCEEDINGS OF THE 27TH ACM INTERNATIONAL CONFERENCE ON ARCHITECTURAL SUPPORT FOR PROGRAMMING LANGUAGES AND OPERATING SYSTEMS, 2022, : 212 - 225
[24] POSTER: UAFChecker: Scalable Static Detection of Use-After-Free Vulnerabilities
Ye, Jiayi
Zhang, Chao
Han, Xinhui
CCS'14: PROCEEDINGS OF THE 21ST ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2014, : 1529 - 1531
[25] FreeSentry: Protecting Against Use-After-Free Vulnerabilities Due to Dangling Pointers
Younan, Yves
22ND ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2015), 2015,
[26] Refining Use-after-free Defense: Eliminating Dangling Pointers in Registers and Memory
An, Xun
Zhou, Qihang
Du, HaiChao
Song, ZhenYu
Jia, Xiaoqi
PROCEEDINGS OF THE 2023 30TH ASIA-PACIFIC SOFTWARE ENGINEERING CONFERENCE, APSEC 2023, 2023, : 493 - 502
[27] From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel
Xu, Wen
Li, Juanru
Shu, Junliang
Yang, Wenbo
Xie, Tianyi
Zhang, Yuanyuan
Gu, Dawu
CCS'15: PROCEEDINGS OF THE 22ND ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2015, : 414 - 425
[28] FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities
Wu, Wei
Chen, Yueqi
Xu, Jun
Xing, Xinyu
Gong, Xiaorui
Zou, Wei
PROCEEDINGS OF THE 27TH USENIX SECURITY SYMPOSIUM, 2018, : 781 - 797
[29] Multi-level Directed Fuzzing for Detecting Use-after-Free Vulnerabilities
Zhang, Yuntao
Wang, Zhongru
Yu, Weiqiang
Fang, Binxing
2021 IEEE 20TH INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM 2021), 2021, : 569 - 576
[30] Static Analysis Framework for Detecting Use-After-Free Bugs in C plus
Teodorescu, Vlad-Alexandru
Lucanu, Dorel
ELECTRONIC PROCEEDINGS IN THEORETICAL COMPUTER SCIENCE, 2024, (410):

← 1 2 3 4 5 →