Mitigating Use-After-Free Attack with Application Program Loader

被引:0
|
作者
Saito, Takamichi [1 ]
Sugawara, Ryota [1 ]
Yokoyama, Masateru [1 ]
Kondo, Shuta [1 ]
Miyazaki, Hiroyuki [1 ]
Bing, Wang [1 ]
Watanabe, Ryohei [1 ]
机构
[1] Meiji Univ, Dept Sci & Engn, Tama Ku, 1-1-1 Higashi Mita, Kawasaki, Kanagawa 2148571, Japan
来源
2017 IEEE 31ST INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS (AINA) | 2017年
关键词
Mitigation; Use-After-Free; Vulnerability; Memory Corruption;
D O I
10.1109/AINA.2017.62
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
In the area of software security, use-after-free vulnerabilities have been reported since 2006. When the target vulnerable application is run, the attack exploits a dangling pointer after the heap memory is released. Until today, use-after-free attacks have been frequently reported in popular software such as browsers. This is a serious software security problem because a use-after-free attack allows an attacker to execute an arbitrary code to hijack an application control flow or to force a system crash. Some countermeasures have been proposed to thwart such attacks. However, most of these countermeasures have some problems such as the necessity of a source code or the problem of dependency. In this paper, we propose and evaluate the implementation of an application-level program loader to mitigate the use-after-free attack.
引用
收藏
页码:919 / 924
页数:6
相关论文
共 50 条
  • [41] 基于S2E的Use-After-Free漏洞检测方案
    冯震
    聂森
    王轶骏
    薛质
    计算机应用与软件, 2016, 33 (04) : 273 - 276
  • [42] Automated Use-After-Free Detection and Exploit Mitigation: How Far Have We Gone?
    Gui, Binfa
    Song, Wei
    Xiong, Hailong
    Huang, Jeff
    IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2022, 48 (11) : 4569 - 4589
  • [43] HeapRevolver: Delaying and Randomizing Timing of Release of Freed Memory Area to Prevent Use-After-Free Attacks
    Yamauchi, Toshihiro
    Ikegami, Yuta
    NETWORK AND SYSTEM SECURITY, (NSS 2016), 2016, 9955 : 219 - 234
  • [44] UAFSan: An Object-Identifier-Based Dynamic Approach for Detecting Use-After-Free Vulnerabilities
    Gui, Binfa
    Song, Wei
    Huang, Jeff
    ISSTA '21: PROCEEDINGS OF THE 30TH ACM SIGSOFT INTERNATIONAL SYMPOSIUM ON SOFTWARE TESTING AND ANALYSIS, 2021, : 309 - 321
  • [45] FREEWILL: Automatically Diagnosing Use-after-free Bugs via Reference Miscounting Detection on Binaries
    He, Liang
    Hu, Hong
    Su, Purui
    Cai, Yan
    Liang, Zhenkai
    PROCEEDINGS OF THE 31ST USENIX SECURITY SYMPOSIUM, 2022, : 2497 - 2512
  • [46] CRCount: Pointer Invalidation with Reference Counting to Mitigate Use-after-free in Legacy C/C plus
    Shin, Jangseop
    Kwon, Donghyun
    Seo, Jiwon
    Cho, Yeongpil
    Paek, Yunheung
    26TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2019), 2019,
  • [47] 二进制程序中的use-after-free漏洞检测技术
    韩心慧
    魏爽
    叶佳奕
    张超
    叶志远
    清华大学学报(自然科学版), 2017, 57 (10) : 1022 - 1029
  • [48] UAF-GUARD: Defending the use-after-free exploits via fine-grained memory permission management
    Xu, Guangquan
    Lei, Wenqing
    Gong, Lixiao
    Liu, Jian
    Bai, Hongpeng
    Chen, Kai
    Wang, Ran
    Wang, Wei
    Liang, Kaitai
    Wang, Weizhe
    Meng, Weizhi
    Liu, Shaoying
    COMPUTERS & SECURITY, 2023, 125
  • [49] Stealth Loader: Trace-Free Program Loading for API Obfuscation
    Kawakoya, Yuhei
    Shioji, Eitaro
    Otsuki, Yuto
    Iwamura, Makoto
    Yada, Takeshi
    RESEARCH IN ATTACKS, INTRUSIONS, AND DEFENSES (RAID 2017), 2017, 10453 : 217 - 237
  • [50] Spatio-Temporal Context Reduction: A Pointer-Analysis-Based Static Approach for Detecting Use-After-Free Vulnerabilities
    Yan, Hua
    Sui, Yulei
    Chen, Shiping
    Xue, Jingling
    PROCEEDINGS 2018 IEEE/ACM 40TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE), 2018, : 327 - 337
12345