ID | 62351 |
フルテキストURL | |
著者 |
Yamauchi, Toshihiro
Graduate School of Natural Science and Technology, Okayama University
ORCID
Kaken ID
publons
researchmap
Ikegami, Yuta
Graduate School of Natural Science and Technology, Okayama University
Ban, Yuya
Graduate School of Natural Science and Technology, Okayama University
|
寄与者 |
Hiroyuki Uekawa
Okayama University
|
抄録 | Recently, there has been an increase in use-after-free (UAF) vulnerabilities, which are exploited using a dangling pointer that refers to a freed memory. In particular, large-scale programs such as browsers often include many dangling pointers, and UAF vulnerabilities are frequently exploited by drive-by download attacks. Various methods to prevent UAF attacks have been proposed. However, only a few methods can effectively prevent UAF attacks during runtime with low overhead. In this paper, we propose HeapRevolver, which is a novel UAF attackprevention method that delays and randomizes the timing of release of freed memory area by using a memory-reuse-prohibited library, which prohibits a freed memory area from being reused for a certain period. The first condition for reuse is that the total size of the freed memory area is beyond the designated size. The threshold for the conditions of reuse of the freed memory area can be randomized by HeapRevolver. Furthermore, we add a second condition for reuse in which the freed memory area is merged with an adjacent freed memory area before release. Furthermore, HeapRevolver can be applied without modifying the target programs. In this paper, we describe the design and implementation of HeapRevolver in Linux and Windows, and report its evaluation results. The results show that HeapRevolver can prevent attacks that exploit existing UAF vulnerabilities. In addition, the overhead is small.
|
発行日 | 2017
|
出版物タイトル |
IEICE Transactions on Information and Systems
|
巻 | E100.D巻
|
号 | 10号
|
出版者 | Institute of Electronics, Information and Communications Engineers (IEICE)
|
開始ページ | 2295
|
終了ページ | 2306
|
ISSN | 0916-8532
|
資料タイプ |
学術雑誌論文
|
関連URL | isVersionOf https://doi.org/10.1587/transinf.2016inp0020
|
言語 |
英語
|
著作権者 | © 2017 The Institute of Electronics, Information and Communication Engineers
|
論文のバージョン | publisher
|
DOI | |
Web of Science KeyUT | |
助成機関名 |
日本学術振興会
|