DieHarder: securing the heap

@inproceedings{Novark2010DieHarderST,
  title={DieHarder: securing the heap},
  author={Gene Novark and E. Berger},
  booktitle={CCS '10},
  year={2010}
}
Heap-based attacks depend on a combination of memory management error and an exploitable memory allocator. Many allocators include ad hoc countermeasures against particular exploits but their effectiveness against future exploits has been uncertain. This paper presents the first formal treatment of the impact of allocator design on security. It analyzes a range of widely-deployed memory allocators, including those used by Windows, Linux, FreeBSD and OpenBSD, and shows that they remain… 

Figures and Tables from this paper

FreeGuard: A Faster Secure Heap Allocator
TLDR
FreeGuard is introduced, a secure memory allocator that prevents or reduces a wide range of heap-related security attacks, such as heap overflows, heap over-reads, use-after-frees, as well as double and invalid frees.
ShadowHeap: Memory Safety through Efficient Heap Metadata Validation
TLDR
By maintaining a copy of heap metadata in a shadow-heap and verifying the heap integrity upon each call to the underlying allocator the authors can detect most heap metadata manipulation techniques and demonstrate that ShadowHeap is a practical mitigation approach.
HEAPSTER: Analyzing the Security of Dynamic Allocators for Monolithic Firmware Images
TLDR
HEAPSTER is a system that automatically identifies the heap library used by a monolithic firmware image, and tests its security with symbolic execution and bounded model checking, and raises some concerns over the security of dynamic memory allocators employed by IoT devices.
Shadow-Heap: Preventing Heap-based Memory Corruptions by Metadata Validation
TLDR
By maintaining a copy of heap metadata in a shadow-heap and verifying the heap integrity upon each call to the underlying allocator the authors can detect most heap metadata manipulation techniques and demonstrate that Shadow-Heap is a practical mitigation approach.
HeapRevolver: Delaying and Randomizing Timing of Release of Freed Memory Area to Prevent Use-After-Free Attacks
TLDR
HeapRevolver is a novel UAF attack-prevention method that delays and randomizes the timing of release of freed memory area by using a memory-reuse-prohibited library, which prohibits a freedMemory area from being reused for a certain period.
HeapSentry: Kernel-Assisted Protection against Heap Overflows
TLDR
HeapSentry is a system designed to detect and stop heap overflow attacks through the cooperation of the memory allocation library of a program and the operating system's kernel, and provides stronger security guarantees than the current state of the art in heap protection mechanisms for a modest performance overhead.
HeapHopper: Bringing Bounded Model Checking to Heap Implementation Security
TLDR
HEAPHOPPER is presented, an automated approach, based on model checking and symbolic execution, to analyze the exploitability of heap implementations in the presence of memory corruption, and shows how a newly introduced caching mechanism in ptmalloc significantly weakens its security.
Preventing Use-After-Free Attacks with Fast Forward Allocation
TLDR
The idea of one-time allocation (OTA) is proposed to resurrect and provide a practical implementation with efficient execution and moderate memory overhead and the results show that OTA can be a strong and practical solution to thwart use-after-free threats.
Use-After-Free Mitigation via Protected Heap Allocation
  • Mingbo Zhang, S. Zonouz
  • Computer Science
    2018 IEEE Conference on Dependable and Secure Computing (DSC)
  • 2018
TLDR
This paper introduces a new defense strategy, Zeus, that leverages additional memory buffers to make allocation outcomes locally unpredictable to adversaries and significantly lowers the success rate of a UAF exploit even in the presence of heap sprays.
Safe Trans Loader: Mitigation and Prevention of Memory Corruption Attacks for Released Binaries
TLDR
An application-level loader called Safe Trans Loader (STL) is proposed that mitigates or prevents memory corruption attacks and can be applied to already released executable binaries in an operational phase.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 59 REFERENCES
Security of memory allocators for C and C
TLDR
A significant improvement is presented for memory allocators in order to increase robustness against code injection attacks in terms of performance and memory usage and it is shown that the associated overhead is negligible.
Run-time Detection of Heap-based Overflows
TLDR
This paper presents a technique that protects the heap management information and allows for run-time detection of heap-based overflows, and proposes a detection scheme that has been implemented as a patch to the GNU Lib C.
Comprehensively and efficiently protecting the heap
TLDR
Through existing virtual memory and inter-process protection mechanisms, Heap Server prevents the heap meta-data from being illegally overwritten, and heap data from being meaningfully overwritten and verified against several real-world exploits and attack kernels.
Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits
TLDR
This paper develops a systematic study of a particular kind of obfuscation called address obfuscation that randomizes the location of victim program data and code, and presents an implementation that transforms object files and executables at link-time and load-time.
HeapShield : Library-Based Heap Overflow Protection for Free
TLDR
HeapShield is presented, an approach that prevents all library-based heap overflows at runtime that works with arbitrary, unaltered binaries and incurs no space overhead and is efficient, imposing minimal impact on real application performance.
Archipelago: trading address space for reliability and security
TLDR
It is shown that Archipelago allows applications to continue to run correctly in the face of thousands of memory errors, making it especially suitable to protect servers that have known security vulnerabilities due to heap memory errors.
Efficient Techniques for Comprehensive Protection from Memory Error Exploits
TLDR
This approach argues that this approach provides probabilistic protection against all memory error exploits, whether they be known or novel, and is implemented as a fully automatic source-to-source transformation which is compatible with legacy C code.
Preventing Memory Error Exploits with WIT
TLDR
This work presents write integrity testing (WIT), a new technique that provides practical protection from memory errors that compiles C and C++ programs without modifications, it has high coverage with no false positives, and it has low overhead.
DieHard: probabilistic memory safety for unsafe languages
TLDR
Analytical and experimental results are presented that show DieHard's resilience to a wide range of memory errors, including a heap-based buffer overflow in an actual application.
On the effectiveness of address-space randomization
TLDR
Aderandomization attack is demonstrated that will convert any standard buffer-overflow exploit into an exploit that works against systems protected by address-space randomization, and it is concluded that, on 32-bit architectures, the only benefit of PaX-like address- space randomization is a small slowdown in worm propagation speed.
...
1
2
3
4
5
...