Mpchecker: Use-After-Free Vulnerabilities Protection Based on Multi-Level Pointers

Mpchecker: Use-After-Free Vulnerabilities Protection Based on Multi-Level Pointers

Highly efficient languages, such as C/C++, have low-level control over memory. Due to the lack of validity detection for pointers and garbage collection for memory, developers are responsible for dynamic memory management by explicitly allocating and deallocating memory. However, explicit memory man...

Full description

Bibliographic Details
Main Authors: Weizhong Qiang, Weifeng Li, Hai Jin, Jayachander Surbiryala
Format: Article
Language:English
Published: IEEE 2019-01-01
Series:IEEE Access
Subjects:
Software security
dangling pointers
use-after-free
LLVM
Online Access:https://ieeexplore.ieee.org/document/8675929/
id doaj-61ccc247e6cd47b7a5a69b9a559e4227
record_format Article
spelling doaj-61ccc247e6cd47b7a5a69b9a559e42272021-03-29T22:42:02ZengIEEEIEEE Access2169-35362019-01-017459614597710.1109/ACCESS.2019.29080228675929Mpchecker: Use-After-Free Vulnerabilities Protection Based on Multi-Level PointersWeizhong Qiang0https://orcid.org/0000-0003-4390-3819Weifeng Li1Hai Jin2https://orcid.org/0000-0002-3934-7605Jayachander Surbiryala3Services Computing Technology and System Laboratory, Cluster and Grid Computing Laboratory, National Engineering Research Center for Big Data Technology and System, Big Data Security Engineering Research Center, School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, ChinaServices Computing Technology and System Laboratory, Cluster and Grid Computing Laboratory, National Engineering Research Center for Big Data Technology and System, Big Data Security Engineering Research Center, School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, ChinaServices Computing Technology and System Laboratory, Cluster and Grid Computing Laboratory, National Engineering Research Center for Big Data Technology and System, Big Data Security Engineering Research Center, School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, ChinaDepartment of Electrical Engineering and Computer Science, University of Stavanger, Stavanger, NorwayHighly efficient languages, such as C/C++, have low-level control over memory. Due to the lack of validity detection for pointers and garbage collection for memory, developers are responsible for dynamic memory management by explicitly allocating and deallocating memory. However, explicit memory management brings a large number of memory safety-related vulnerabilities, such as use-after-free. The threat of use-after-free vulnerabilities has become more and more serious due to their high level of the severity and quick emergence of the number. In this paper, a dynamic defense system is proposed against use-after-free exploits by introducing an approach based on multi-level pointers that insert intermediate pointers between a heap object and its related pointers. First, the relationship between a heap object to be protected, and the related pointers pointing to it, is established by combing with intermediate pointers. Then, all of the accesses to this object via its related pointers can only be achieved through these intermediate pointers. Finally, to prevent the dangling pointers from being dereferenced to this object, all the intermediate pointers related to this object are invalidated when it is freed so that any access to a freed object can be prevented due to the invalidated intermediate pointers. The prototype system MPChecker is implemented, which can prevent use-after-free exploits for C/C++ multi-threaded programs. Compared with the related methods, MPChecker can protect pointers that are copied in a type-unsafe way from being de-referenced to freed objects. In addition, it can also defend against dangling pointers located on the whole memory, including the stack, the heap, and global memory, rather than the heap only. The defense capability is proved by protecting against two exploits to a real-world program, comparing the support of type-unsafe copy with a self-written program. The performance evaluation of MPChecker with some benchmarks, multi-threaded programs, and real-world programs, shows its comparable efficiency.https://ieeexplore.ieee.org/document/8675929/Software securitydangling pointersuse-after-freeLLVM
collection DOAJ
language English
format Article
sources DOAJ
author Weizhong Qiang
Weifeng Li
Hai Jin
Jayachander Surbiryala
spellingShingle Weizhong Qiang
Weifeng Li
Hai Jin
Jayachander Surbiryala
Mpchecker: Use-After-Free Vulnerabilities Protection Based on Multi-Level Pointers
IEEE Access
Software security
dangling pointers
use-after-free
LLVM
author_facet Weizhong Qiang
Weifeng Li
Hai Jin
Jayachander Surbiryala
author_sort Weizhong Qiang
title Mpchecker: Use-After-Free Vulnerabilities Protection Based on Multi-Level Pointers
title_short Mpchecker: Use-After-Free Vulnerabilities Protection Based on Multi-Level Pointers
title_full Mpchecker: Use-After-Free Vulnerabilities Protection Based on Multi-Level Pointers
title_fullStr Mpchecker: Use-After-Free Vulnerabilities Protection Based on Multi-Level Pointers
title_full_unstemmed Mpchecker: Use-After-Free Vulnerabilities Protection Based on Multi-Level Pointers
title_sort mpchecker: use-after-free vulnerabilities protection based on multi-level pointers
publisher IEEE
series IEEE Access
issn 2169-3536
publishDate 2019-01-01
description Highly efficient languages, such as C/C++, have low-level control over memory. Due to the lack of validity detection for pointers and garbage collection for memory, developers are responsible for dynamic memory management by explicitly allocating and deallocating memory. However, explicit memory management brings a large number of memory safety-related vulnerabilities, such as use-after-free. The threat of use-after-free vulnerabilities has become more and more serious due to their high level of the severity and quick emergence of the number. In this paper, a dynamic defense system is proposed against use-after-free exploits by introducing an approach based on multi-level pointers that insert intermediate pointers between a heap object and its related pointers. First, the relationship between a heap object to be protected, and the related pointers pointing to it, is established by combing with intermediate pointers. Then, all of the accesses to this object via its related pointers can only be achieved through these intermediate pointers. Finally, to prevent the dangling pointers from being dereferenced to this object, all the intermediate pointers related to this object are invalidated when it is freed so that any access to a freed object can be prevented due to the invalidated intermediate pointers. The prototype system MPChecker is implemented, which can prevent use-after-free exploits for C/C++ multi-threaded programs. Compared with the related methods, MPChecker can protect pointers that are copied in a type-unsafe way from being de-referenced to freed objects. In addition, it can also defend against dangling pointers located on the whole memory, including the stack, the heap, and global memory, rather than the heap only. The defense capability is proved by protecting against two exploits to a real-world program, comparing the support of type-unsafe copy with a self-written program. The performance evaluation of MPChecker with some benchmarks, multi-threaded programs, and real-world programs, shows its comparable efficiency.
topic Software security
dangling pointers
use-after-free
LLVM
url https://ieeexplore.ieee.org/document/8675929/
work_keys_str_mv AT weizhongqiang mpcheckeruseafterfreevulnerabilitiesprotectionbasedonmultilevelpointers
AT weifengli mpcheckeruseafterfreevulnerabilitiesprotectionbasedonmultilevelpointers
AT haijin mpcheckeruseafterfreevulnerabilitiesprotectionbasedonmultilevelpointers
AT jayachandersurbiryala mpcheckeruseafterfreevulnerabilitiesprotectionbasedonmultilevelpointers
_version_ 1724191036538880000

Similar Items