Memory allocation costs in large C and C++ programs
Software—Practice & Experience
Garbage collection: algorithms for automatic dynamic memory management
Garbage collection: algorithms for automatic dynamic memory management
Hoard: a scalable memory allocator for multithreaded applications
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
Secure Execution via Program Shepherding
Proceedings of the 11th USENIX Security Symposium
Secure program execution via dynamic information flow tracking
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
On the effectiveness of address-space randomization
Proceedings of the 11th ACM conference on Computer and communications security
Hardware and Binary Modification Support for Code Pointer Protection From Buffer Overflow
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Minos: Control Data Attack Prevention Orthogonal to Memory Model
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
DieHard: probabilistic memory safety for unsafe languages
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
PointguardTM: protecting pointers from buffer overflow vulnerabilities
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Non-control-data attacks are realistic threats
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Exterminator: automatically correcting memory errors with high probability
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Hardbound: architectural support for spatial safety of the C programming language
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Archipelago: trading address space for reliability and security
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Samurai: protecting critical data in unsafe languages
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Data Protection in Memory Using Byte Reordering
PAISI, PACCF and SOCO '08 Proceedings of the IEEE ISI 2008 PAISI, PACCF, and SOCO international workshops on Intelligence and Security Informatics
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Memory management thread for heap allocation intensive sequential applications
Proceedings of the 10th workshop on MEmory performance: DEaling with Applications, systems and architecture
Proceedings of the 17th ACM conference on Computer and communications security
SecureME: a hardware-software approach to full system security
Proceedings of the international conference on Supercomputing
Cost-effectively offering private buffers in SoCs and CMPs
Proceedings of the international conference on Supercomputing
Buffer-integrated-Cache: a cost-effective SRAM architecture for handheld and embedded platforms
Proceedings of the 48th Design Automation Conference
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
Runtime countermeasures for code injection attacks against C and C++ programs
ACM Computing Surveys (CSUR)
Automatic parallelization of fine-grained meta-functions on a chip multiprocessor
CGO '11 Proceedings of the 9th Annual IEEE/ACM International Symposium on Code Generation and Optimization
Securing heap memory by data pointer encoding
Future Generation Computer Systems
Watchdog: hardware for safe and secure manual memory management and full memory safety
Proceedings of the 39th Annual International Symposium on Computer Architecture
Automatic parallelization of fine-grained metafunctions on a chip multiprocessor
ACM Transactions on Architecture and Code Optimization (TACO)
WatchdogLite: Hardware-Accelerated Compiler-Based Pointer Checking
Proceedings of Annual IEEE/ACM International Symposium on Code Generation and Optimization
| Hi-index | 0.00 |
The goal of this paper is to propose a scheme that provides comprehensive security protection for the heap. Heap vulnerabilities are increasingly being exploited for attacks on computer programs. In most implementations, the heap management library keeps the heap meta-data (heap structure information) and the application's heap data in an interleaved fashion and does not protect them against each other. Such implementations are inherently unsafe: vulnerabilities in the application can cause the heap library to perform unintended actions to achieve control-flow and non-control attacks.Unfortunately, current heap protection techniques are limited in that they use too many assumptions on how the attacks will be performed, require new hardware support, or require too many changes to the software developers' toolchain. We propose Heap Server, a new solution that does not have such drawbacks. Through existing virtual memory and inter-process protection mechanisms, Heap Server prevents the heap meta-data from being illegally overwritten, and heap data from being meaningfully overwritten. We show that through aggressive optimizations and parallelism, Heap Server protects the heap with nearly-negligible performance overheads even on heap-intensive applications. We also verify the protection against several real-world exploits and attack kernels.