Abstract / Description of output
Low-level languages, which require manual memory management from the programmer, remain in wide use for performance-critical applications. Memory-safety bugs are common, and now a major source of exploits. In particular, a use-after-free bug occurs when an object is erroneously deallocated, whilst pointers to it remain active in memory, and those (dangling) pointers are later used to access the object. An attacker can reallocate the memory area backing an erroneously freed object, then overwrite its contents, injecting carefully chosen data into the host program, thus altering its execution and achieving privilege escalation.
We present MineSweeper, a system to mitigate use-after-free vulnerabilities by retaining freed allocations in a quarantine, until no pointers to them remain in program memory, thus preventing their reallocation until it is safe. MineSweeper performs efficient linear sweeps of memory to identify quarantined items that have no dangling pointers to them, and thus can be safely reallocated. This allows MineSweeper to be significantly more efficient than previous transitive marking procedure techniques. MineSweeper, attached to JeMalloc, improves security at an acceptable overhead in memory footprint (11.1% on average) and an execution-time cost of only 5.4% (geometric mean for SPEC CPU2006), with 9.6% additional threaded CPU usage. These figures considerably improve on the state-of-the-art for non-probabilistic drop-in temporal-safety systems, and make MineSweeper the only such scheme suitable for deployment in real-world production environments.
We present MineSweeper, a system to mitigate use-after-free vulnerabilities by retaining freed allocations in a quarantine, until no pointers to them remain in program memory, thus preventing their reallocation until it is safe. MineSweeper performs efficient linear sweeps of memory to identify quarantined items that have no dangling pointers to them, and thus can be safely reallocated. This allows MineSweeper to be significantly more efficient than previous transitive marking procedure techniques. MineSweeper, attached to JeMalloc, improves security at an acceptable overhead in memory footprint (11.1% on average) and an execution-time cost of only 5.4% (geometric mean for SPEC CPU2006), with 9.6% additional threaded CPU usage. These figures considerably improve on the state-of-the-art for non-probabilistic drop-in temporal-safety systems, and make MineSweeper the only such scheme suitable for deployment in real-world production environments.
Original language | English |
---|---|
Title of host publication | Proceedings of the 27th International Conference on Architectural Support for Programming Languages and Operating Systems |
Editors | Babak Falsafi, Michael Ferdman, Shan Lu, Tom Wenisch |
Place of Publication | New York, NY, USA |
Publisher | ACM Association for Computing Machinery |
Pages | 212-225 |
Number of pages | 14 |
ISBN (Electronic) | 9781450392051 |
DOIs | |
Publication status | Published - 28 Feb 2022 |
Event | 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems - Lausanne, Switzerland Duration: 28 Feb 2022 → 4 Mar 2022 Conference number: 27 https://asplos-conference.org/ |
Conference
Conference | 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems |
---|---|
Abbreviated title | ASPLOS 2022 |
Country/Territory | Switzerland |
City | Lausanne |
Period | 28/02/22 → 4/03/22 |
Internet address |
Keywords / Materials (for Non-textual outputs)
- temporal safety
- use-after-free
- programming language security