Mitigating Use-after-Free Attack Using Library Considering Size and Number of Freed Memory

Use-after-free (UAF) vulnerabilities, which are abused by exploiting a dangling pointer that refers to a freed memory, execute an arbitrary code. The vulnerability is caused by bug in a program. In particular, it is contained in a large scale program such as browser. HeapRevolver [1] [2], which prohibits freed memory area from being reused for a certain period, has been proposed. HeapRevolver in Windows uses the number of the freed memory areas for prohibiting as a trigger to release the freed memory area. In other words, HeapRevolver uses the number of the freed memory areas as a threshold for releasing. However, when the size of individual freed memory areas is large, the HeapRevolver on Windows increases the memory overhead. In this paper, we propose improved HeapRevolver for Windows considering the size and number of the freed memory areas. Improved HeapRevolver enables to prohibit the reuse of the certain number of the freed memory areas at any time via the size and number of the freed memory areas as a threshold. The evaluation results show that the improved HeapRevolver can prevent attacks that exploiting UAF vulnerabilities. In particular, when the size of individual freed memory areas is small in the programs, it is effective to decrease the attack success rate.

© 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

6th International Symposium on Computing and Networking (CANDAR) - Across Practical Development and Theoretical Research, Takayama, JAPAN, Nov. 27-30, 2018