أعرض في EDS

Mpchecker: Use-After-Free Vulnerabilities Protection Based on Multi-Level Pointers

التفاصيل البيبلوغرافية
العنوان:	Mpchecker: Use-After-Free Vulnerabilities Protection Based on Multi-Level Pointers
المؤلفون:	Weifeng Li, Weizhong Qiang, Hai Jin, Jayachander Surbiryala
المصدر:	IEEE Access, Vol 7, Pp 45961-45977 (2019)
بيانات النشر:	Institute of Electrical and Electronics Engineers (IEEE), 2019.
سنة النشر:	2019
مصطلحات موضوعية:	General Computer Science, Computer science, Software security, 0211 other engineering and technologies, 02 engineering and technology, computer.software_genre, Dynamic memory management, 0202 electrical engineering, electronic engineering, information engineering, Explicit memory, General Materials Science, Heap (data structure), 021110 strategic, defence & security studies, Programming language, General Engineering, 020207 software engineering, Static analysis, Data structure, use-after-free, Memory management, Dangling pointer, LLVM, TheoryofComputation_LOGICSANDMEANINGSOFPROGRAMS, Pointer (computer programming), lcsh:Electrical engineering. Electronics. Nuclear engineering, lcsh:TK1-9971, computer, dangling pointers, Garbage collection
الوصف:	Highly efficient languages, such as C/C++, have low-level control over memory. Due to the lack of validity detection for pointers and garbage collection for memory, developers are responsible for dynamic memory management by explicitly allocating and deallocating memory. However, explicit memory management brings a large number of memory safety-related vulnerabilities, such as use-after-free. The threat of use-after-free vulnerabilities has become more and more serious due to their high level of the severity and quick emergence of the number. In this paper, a dynamic defense system is proposed against use-after-free exploits by introducing an approach based on multi-level pointers that insert intermediate pointers between a heap object and its related pointers. First, the relationship between a heap object to be protected, and the related pointers pointing to it, is established by combing with intermediate pointers. Then, all of the accesses to this object via its related pointers can only be achieved through these intermediate pointers. Finally, to prevent the dangling pointers from being dereferenced to this object, all the intermediate pointers related to this object are invalidated when it is freed so that any access to a freed object can be prevented due to the invalidated intermediate pointers. The prototype system MPChecker is implemented, which can prevent use-after-free exploits for C/C++ multi-threaded programs. Compared with the related methods, MPChecker can protect pointers that are copied in a type-unsafe way from being de-referenced to freed objects. In addition, it can also defend against dangling pointers located on the whole memory, including the stack, the heap, and global memory, rather than the heap only. The defense capability is proved by protecting against two exploits to a real-world program, comparing the support of type-unsafe copy with a self-written program. The performance evaluation of MPChecker with some benchmarks, multi-threaded programs, and real-world programs, shows its comparable efficiency.
تدمد:	2169-3536
URL الوصول:	https://explore.openaire.eu/search/publication?articleId=doi_dedup___::9b1f7bb865b3ccea695e02b932ea1199 https://doi.org/10.1109/access.2019.2908022
حقوق:	OPEN
رقم الأكسشن:	edsair.doi.dedup.....9b1f7bb865b3ccea695e02b932ea1199
قاعدة البيانات:	OpenAIRE

الوصف
تدمد:	21693536