Garbage collection in an uncooperative environment
Software—Practice & Experience
Efficient detection of all pointer and array access errors
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
The synergy between non-blocking synchronization and operating system structure
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Region-based memory management in cyclone
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Reconsidering custom memory allocation
OOPSLA '02 Proceedings of the 17th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Memory safety without runtime checks or garbage collection
Proceedings of the 2003 ACM SIGPLAN conference on Language, compiler, and tool for embedded systems
An efficient and backwards-compatible transformation to ensure memory safety of C programs
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Run-time Detection of Heap-based Overflows
LISA '03 Proceedings of the 17th USENIX conference on System administration
A locality-improving dynamic memory allocator
Proceedings of the 2005 workshop on Memory system performance
Dynamic memory optimization using pool allocation and prefetching
ACM SIGARCH Computer Architecture News - Special issue on the 2005 workshop on binary instrumentation and application
DieHard: probabilistic memory safety for unsafe languages
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Efficiently Detecting All Dangling Pointer Uses in Production Servers
DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
Non-control-data attacks are realistic threats
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Proceedings of the 6th international symposium on Memory management
Archipelago: trading address space for reliability and security
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Preventing Memory Error Exploits with WIT
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Breaking the memory secrecy assumption
Proceedings of the Second European Workshop on System Security
SWIPE: eager erasure of sensitive data in large scale systems software
Proceedings of the second ACM conference on Data and Application Security and Privacy
Proceedings of the Tenth International Symposium on Code Generation and Optimization
Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Adaptive defenses for commodity software through virtual application partitioning
Proceedings of the 2012 ACM conference on Computer and communications security
Memory errors: the past, the present, and the future
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Safe and automatic live update for operating systems
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
Towards hinted collection: annotations for decreasing garbage collector pause times
Proceedings of the 2013 international symposium on memory management
Hi-index | 0.00 |
Use-after-free vulnerabilities exploiting so-called dangling pointers to deallocated objects are just as dangerous as buffer overflows: they may enable arbitrary code execution. Unfortunately, state-of-the-art defenses against use-after-free vulnerabilities require compiler support, pervasive source code modifications, or incur high performance overheads. This paper presents and evaluates Cling, a memory allocator designed to thwart these attacks at runtime. Cling utilizes more address space, a plentiful resource on modern machines, to prevent type-unsafe address space reuse among objects of different types. It infers type information about allocated objects at runtime by inspecting the call stack of memory allocation routines. Cling disrupts a large class of attacks against use-after-free vulnerabilities, notably including those hijacking the C++ virtual function dispatch mechanism, with low CPU and physical memory overhead even for allocation intensive applications.