Mpchecker: Use-After-Free Vulnerabilities Protection Based on Multi-Level Pointers
Highly efficient languages, such as C/C++, have low-level control over memory. Due to the lack of validity detection for pointers and garbage collection for memory, developers are responsible for dynamic memory management by explicitly allocating and deallocating memory. However, explicit memory man...
Main Authors: | , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2019-01-01
|
Series: | IEEE Access |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/8675929/ |
id |
doaj-61ccc247e6cd47b7a5a69b9a559e4227 |
---|---|
record_format |
Article |
spelling |
doaj-61ccc247e6cd47b7a5a69b9a559e42272021-03-29T22:42:02ZengIEEEIEEE Access2169-35362019-01-017459614597710.1109/ACCESS.2019.29080228675929Mpchecker: Use-After-Free Vulnerabilities Protection Based on Multi-Level PointersWeizhong Qiang0https://orcid.org/0000-0003-4390-3819Weifeng Li1Hai Jin2https://orcid.org/0000-0002-3934-7605Jayachander Surbiryala3Services Computing Technology and System Laboratory, Cluster and Grid Computing Laboratory, National Engineering Research Center for Big Data Technology and System, Big Data Security Engineering Research Center, School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, ChinaServices Computing Technology and System Laboratory, Cluster and Grid Computing Laboratory, National Engineering Research Center for Big Data Technology and System, Big Data Security Engineering Research Center, School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, ChinaServices Computing Technology and System Laboratory, Cluster and Grid Computing Laboratory, National Engineering Research Center for Big Data Technology and System, Big Data Security Engineering Research Center, School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, ChinaDepartment of Electrical Engineering and Computer Science, University of Stavanger, Stavanger, NorwayHighly efficient languages, such as C/C++, have low-level control over memory. Due to the lack of validity detection for pointers and garbage collection for memory, developers are responsible for dynamic memory management by explicitly allocating and deallocating memory. However, explicit memory management brings a large number of memory safety-related vulnerabilities, such as use-after-free. The threat of use-after-free vulnerabilities has become more and more serious due to their high level of the severity and quick emergence of the number. In this paper, a dynamic defense system is proposed against use-after-free exploits by introducing an approach based on multi-level pointers that insert intermediate pointers between a heap object and its related pointers. First, the relationship between a heap object to be protected, and the related pointers pointing to it, is established by combing with intermediate pointers. Then, all of the accesses to this object via its related pointers can only be achieved through these intermediate pointers. Finally, to prevent the dangling pointers from being dereferenced to this object, all the intermediate pointers related to this object are invalidated when it is freed so that any access to a freed object can be prevented due to the invalidated intermediate pointers. The prototype system MPChecker is implemented, which can prevent use-after-free exploits for C/C++ multi-threaded programs. Compared with the related methods, MPChecker can protect pointers that are copied in a type-unsafe way from being de-referenced to freed objects. In addition, it can also defend against dangling pointers located on the whole memory, including the stack, the heap, and global memory, rather than the heap only. The defense capability is proved by protecting against two exploits to a real-world program, comparing the support of type-unsafe copy with a self-written program. The performance evaluation of MPChecker with some benchmarks, multi-threaded programs, and real-world programs, shows its comparable efficiency.https://ieeexplore.ieee.org/document/8675929/Software securitydangling pointersuse-after-freeLLVM |
collection |
DOAJ |
language |
English |
format |
Article |
sources |
DOAJ |
author |
Weizhong Qiang Weifeng Li Hai Jin Jayachander Surbiryala |
spellingShingle |
Weizhong Qiang Weifeng Li Hai Jin Jayachander Surbiryala Mpchecker: Use-After-Free Vulnerabilities Protection Based on Multi-Level Pointers IEEE Access Software security dangling pointers use-after-free LLVM |
author_facet |
Weizhong Qiang Weifeng Li Hai Jin Jayachander Surbiryala |
author_sort |
Weizhong Qiang |
title |
Mpchecker: Use-After-Free Vulnerabilities Protection Based on Multi-Level Pointers |
title_short |
Mpchecker: Use-After-Free Vulnerabilities Protection Based on Multi-Level Pointers |
title_full |
Mpchecker: Use-After-Free Vulnerabilities Protection Based on Multi-Level Pointers |
title_fullStr |
Mpchecker: Use-After-Free Vulnerabilities Protection Based on Multi-Level Pointers |
title_full_unstemmed |
Mpchecker: Use-After-Free Vulnerabilities Protection Based on Multi-Level Pointers |
title_sort |
mpchecker: use-after-free vulnerabilities protection based on multi-level pointers |
publisher |
IEEE |
series |
IEEE Access |
issn |
2169-3536 |
publishDate |
2019-01-01 |
description |
Highly efficient languages, such as C/C++, have low-level control over memory. Due to the lack of validity detection for pointers and garbage collection for memory, developers are responsible for dynamic memory management by explicitly allocating and deallocating memory. However, explicit memory management brings a large number of memory safety-related vulnerabilities, such as use-after-free. The threat of use-after-free vulnerabilities has become more and more serious due to their high level of the severity and quick emergence of the number. In this paper, a dynamic defense system is proposed against use-after-free exploits by introducing an approach based on multi-level pointers that insert intermediate pointers between a heap object and its related pointers. First, the relationship between a heap object to be protected, and the related pointers pointing to it, is established by combing with intermediate pointers. Then, all of the accesses to this object via its related pointers can only be achieved through these intermediate pointers. Finally, to prevent the dangling pointers from being dereferenced to this object, all the intermediate pointers related to this object are invalidated when it is freed so that any access to a freed object can be prevented due to the invalidated intermediate pointers. The prototype system MPChecker is implemented, which can prevent use-after-free exploits for C/C++ multi-threaded programs. Compared with the related methods, MPChecker can protect pointers that are copied in a type-unsafe way from being de-referenced to freed objects. In addition, it can also defend against dangling pointers located on the whole memory, including the stack, the heap, and global memory, rather than the heap only. The defense capability is proved by protecting against two exploits to a real-world program, comparing the support of type-unsafe copy with a self-written program. The performance evaluation of MPChecker with some benchmarks, multi-threaded programs, and real-world programs, shows its comparable efficiency. |
topic |
Software security dangling pointers use-after-free LLVM |
url |
https://ieeexplore.ieee.org/document/8675929/ |
work_keys_str_mv |
AT weizhongqiang mpcheckeruseafterfreevulnerabilitiesprotectionbasedonmultilevelpointers AT weifengli mpcheckeruseafterfreevulnerabilitiesprotectionbasedonmultilevelpointers AT haijin mpcheckeruseafterfreevulnerabilitiesprotectionbasedonmultilevelpointers AT jayachandersurbiryala mpcheckeruseafterfreevulnerabilitiesprotectionbasedonmultilevelpointers |
_version_ |
1724191036538880000 |