Mitigating Use-After-Free Attack with Application Program Loader

被引：0

作者：

Saito, Takamichi ^{[1
]}

Sugawara, Ryota ^{[1
]}

Yokoyama, Masateru ^{[1
]}

Kondo, Shuta ^{[1
]}

Miyazaki, Hiroyuki ^{[1
]}

Bing, Wang ^{[1
]}

Watanabe, Ryohei ^{[1
]}

机构：

[1] Meiji Univ, Dept Sci & Engn, Tama Ku, 1-1-1 Higashi Mita, Kawasaki, Kanagawa 2148571, Japan

来源：

2017 IEEE 31ST INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS (AINA) | 2017年

关键词：

Mitigation; Use-After-Free; Vulnerability; Memory Corruption;

D O I：

10.1109/AINA.2017.62

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

In the area of software security, use-after-free vulnerabilities have been reported since 2006. When the target vulnerable application is run, the attack exploits a dangling pointer after the heap memory is released. Until today, use-after-free attacks have been frequently reported in popular software such as browsers. This is a serious software security problem because a use-after-free attack allows an attacker to execute an arbitrary code to hijack an application control flow or to force a system crash. Some countermeasures have been proposed to thwart such attacks. However, most of these countermeasures have some problems such as the necessity of a source code or the problem of dependency. In this paper, we propose and evaluate the implementation of an application-level program loader to mitigate the use-after-free attack.

引用

页码：919 / 924

页数：6

共 50 条

[31] An Efficient Metric-Based Approach for Static Use-After-Free Detection
Wei, Haolai
Chen, Liwei
Nie, Xiaofan
Zhang, Zhijie
Zhang, Yuantong
Shi, Gang
2022 IEEE INTL CONF ON PARALLEL & DISTRIBUTED PROCESSING WITH APPLICATIONS, BIG DATA & CLOUD COMPUTING, SUSTAINABLE COMPUTING & COMMUNICATIONS, SOCIAL COMPUTING & NETWORKING, ISPA/BDCLOUD/SOCIALCOM/SUSTAINCOM, 2022, : 58 - 65
[32] MarkUs: Drop-in use-after-free prevention for low-level languages
Ainsworth, Sam
Jones, Timothy M.
2020 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP 2020), 2020, : 578 - 591
[33] Mpchecker: Use-After-Free Vulnerabilities Protection Based on Multi-Level Pointers
Qiang, Weizhong
Li, Weifeng
Jin, Hai
Surbiryala, Jayachander
IEEE ACCESS, 2019, 7 : 45961 - 45977
[34] BUDAlloc: Defeating Use-After-Free Bugs by Decoupling Virtual Address Management from Kernel
Ahn, Junho
Lee, Jaehyeon
Lee, Kanghyuk
Gwak, Wooseok
Hwang, Minseong
Kwon, Youngjin
PROCEEDINGS OF THE 33RD USENIX SECURITY SYMPOSIUM, SECURITY 2024, 2024, : 181 - 197
[35] Machine-Learning-Guided Typestate Analysis for Static Use-After-Free Detection
Yan, Hua
Sui, Yulei
Chen, Shiping
Xue, Jingling
33RD ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE (ACSAC 2017), 2017, : 42 - 54
[36] All Use-After-Free Vulnerabilities Are Not Created Equal: An Empirical Study on Their Characteristics and Detectability
Chen, Zeyu
Liu, Daiping
Xiao, Jidong
Wang, Haining
PROCEEDINGS OF THE 26TH INTERNATIONAL SYMPOSIUM ON RESEARCH IN ATTACKS, INTRUSIONS AND DEFENSES, RAID 2023, 2023, : 623 - 638
[37] Effective Static Analysis of Concurrency Use-After-Free Bugs in Linux Device Drivers
Bai, Jia-Ju
Lawall, Julia
Chen, Qiu-Liang
Hu, Shi-Min
PROCEEDINGS OF THE 2019 USENIX ANNUAL TECHNICAL CONFERENCE, 2019, : 255 - 268
[38] An Efficient Use-after-Free Mitigation Approach via Static Dangling Pointer Nullification
Yu, Yue
Jia, Xiaoqi
An, Xun
Zhang, Shengzhi
ICT SYSTEMS SECURITY AND PRIVACY PROTECTION (SEC 2022), 2022, 648 : 507 - 523
[39] S2malloc: Statistically Secure Allocator for Use-After-Free Protection and More
Wang, Ruizhe
Xu, Meng
Asokan, N.
DETECTION OF INTRUSIONS AND MALWARE, AND VULNERABILITY ASSESSMENT, DIMVA 2024, 2024, 14828 : 23 - 43
[40] A Robust and Efficient Defense against Use-after-Free Exploits via Concurrent Pointer Sweeping
Liu, Daiping
Zhang, Mingwei
Wang, Haining
PROCEEDINGS OF THE 2018 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (CCS'18), 2018, : 1635 - 1648

← 1 2 3 4 5 →