Defending Use-After-Free via Relationship Between Memory and Pointer

Guangquan Xu, Miao Li, Xiaotong Li, Kai Chen, Ran Wang, Wei Wang, Kaitai Liang, Qiang Tang, Shaoying Liu

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

Abstract

Existing approaches to defending Use-After-Free (UAF) exploits are usually done using static or dynamic analysis. However, both static and dynamic analysis suffer from intrinsic deficiencies. The existing static analysis is limited in handling loops, optimization of memory representation. The existing dynamic analysis, which is characterized by lacking the maintenance of pointer information, may lead to flaws that the relationships between pointers and memory cannot be precisely identified. In this work, we propose a new method called UAF-GUARD without the above barriers, in the aim to defending against UAF exploits using fine-grained memory permission management. In particular, we design a key data structure to support the fine-grained memory permission management, which can maintain more information to capture the relationship between pointers and memory. Moreover, we design code instrumentation to enable UAF-GUARD to precisely locate the position of UAF vulnerabilities to further terminate malicious programs when anomalies are detected. We implement UAF-GUARD on a 64-bit Linux system. We carry out experiments to compare UAF-GUARD with the main existing approaches. The experimental results demonstrate that UAF-GUARD is able to effectively and efficiently defend against three types of UAF exploits with acceptable space overhead and time overhead.

Original languageEnglish
Title of host publicationCollaborative Computing
Subtitle of host publicationNetworking, Applications and Worksharing - 16th EAI International Conference, CollaborateCom 2020, Proceedings
EditorsHonghao Gao, Xinheng Wang, Muddesar Iqbal, Yuyu Yin, Jianwei Yin, Ning Gu
PublisherSpringer
Pages583-597
Number of pages15
ISBN (Print)9783030675363
DOIs
Publication statusPublished - 2021
Externally publishedYes
Event16th EAI International Conference on Collaborative Computing: Networking, Applications, and Worksharing, CollaborateCom 2020 - Shanghai, China
Duration: 16 Oct 202018 Oct 2020

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume349
ISSN (Print)1867-8211
ISSN (Electronic)1867-822X

Conference

Conference16th EAI International Conference on Collaborative Computing: Networking, Applications, and Worksharing, CollaborateCom 2020
CountryChina
CityShanghai
Period16/10/2018/10/20

Keywords

  • Fine-grained memory permission management
  • Static instrumentation
  • Use-after-free vulnerability

Fingerprint

Dive into the research topics of 'Defending Use-After-Free via Relationship Between Memory and Pointer'. Together they form a unique fingerprint.

Cite this