| ID | 60838 |
| フルテキストURL | |
| 著者 |
Yamauchi, Toshihiro
Graduate School of Natural Science and Technology, Okayama University
ORCID
Kaken ID
publons
researchmap
Ikegami, Yuta
Graduate School of Natural Science and Technology, Okayama University
|
| 抄録 | Recently, there has been an increase in use-after-free (UAF) vulnerabilities, which are exploited using a dangling pointer that refers to a freed memory. Various methods to prevent UAF attacks have been proposed. However, only a few methods can effectively prevent UAF attacks during runtime with low overhead. In this paper, we propose HeapRevolver, which is a novel UAF attack-prevention method that delays and randomizes the timing of release of freed memory area by using a memory-reuse-prohibited library, which prohibits a freed memory area from being reused for a certain period. In this paper, we describe the design and implementation of HeapRevolver in Linux and Windows, and report its evaluation results. The results show that HeapRevolver can prevent attacks that exploit existing UAF vulnerabilities. In addition, the overhead is small.
|
| キーワード | Use-after-free (UAF) vulnerabilities
UAF attack-prevention
Memory-reuse-prohibited library
System security
|
| 備考 | Part of the Lecture Notes in Computer Sciencebook series (LNCS, volume 9955)
|
| 発行日 | 2016-09-21
|
| 出版物タイトル |
Network and System Security(NSS)
|
| 巻 | 2016巻
|
| 出版者 | Springer
|
| 開始ページ | 219
|
| 終了ページ | 234
|
| ISBN | 978-3-319-46297-4
|
| 資料タイプ |
会議発表論文
|
| 関連URL | isVersionOf https://doi.org/10.1007/978-3-319-46298-1_15
|
| 言語 |
英語
|
| 論文のバージョン | author
|
| DOI | |
| Web of Science KeyUT |
