Advanced programming in the UNIX environment
Advanced programming in the UNIX environment
Improving the cache locality of memory allocation
PLDI '93 Proceedings of the ACM SIGPLAN 1993 conference on Programming language design and implementation
Efficient detection of all pointer and array access errors
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
The memory fragmentation problem: solved?
Proceedings of the 1st international symposium on Memory management
Composing high-performance memory allocators
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Reconsidering custom memory allocation
OOPSLA '02 Proceedings of the 17th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Secure Execution via Program Shepherding
Proceedings of the 11th USENIX Security Symposium
An efficient and backwards-compatible transformation to ensure memory safety of C programs
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
On the effectiveness of address-space randomization
Proceedings of the 11th ACM conference on Computer and communications security
Run-time Detection of Heap-based Overflows
LISA '03 Proceedings of the 17th USENIX conference on System administration
Proceedings of the 12th ACM conference on Computer and communications security
Extended Protection against Stack Smashing Attacks without Performance Loss
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
PointguardTM: protecting pointers from buffer overflow vulnerabilities
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
TIED, LibsafePlus: tools for runtime buffer overflow protection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Transparent run-time defense against stack smashing attacks
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference
Instruction-level countermeasures against stack-based buffer overflow attacks
Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems
PIFT: efficient dynamic information flow tracking using secure page allocation
WESS '09 Proceedings of the 4th Workshop on Embedded Systems Security
PAriCheck: an efficient pointer arithmetic checker for C programs
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Taxonomy and classification of automatic monitoring of program security vulnerability exploitations
Journal of Systems and Software
ValueGuard: protection of native applications against data-only buffer overflows
ICISS'10 Proceedings of the 6th international conference on Information systems security
BuBBle: a javascript engine level countermeasure against heap-spraying attacks
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Runtime countermeasures for code injection attacks against C and C++ programs
ACM Computing Surveys (CSUR)
Securing heap memory by data pointer encoding
Future Generation Computer Systems
Static secure page allocation for light-weight dynamic information flow tracking
Proceedings of the 2012 international conference on Compilers, architectures and synthesis for embedded systems
Improving Memory Management Security for C and C++
International Journal of Secure Software Engineering
HeapSentry: kernel-assisted protection against heap overflows
DIMVA'13 Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
| Hi-index | 0.00 |
Bugs in dynamic memory management, including for instance heap-based buffer overflows and dangling pointers, are an important source of vulnerabilities in C and C++. Overwriting the management information of the memory allocation library is often a source of attack on these vulnerabilities. All existing countermeasures with low performance overhead rely on magic values or canaries. A secret value is placed before a crucial memory location and by monitoring whether the value has changed, overruns can be detected. Hence, if attackers are able to read arbitrary memory locations, they can bypass the countermeasure. In this paper we present an approach that, when applied to a memory allocator, will protect against this attack vector without resorting to magic. We implemented our approach by modifying an existing widely-used memory allocator. Benchmarks show that this implementation has a negligible, sometimes even beneficial, impact on performance.