DieHarder

Novark, Gene; Berger, Emery D.

doi:10.1145/1866307.1866371

Cited by 158 publications

(30 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One method used to secure the program heap is to add defenses within the memory allocator [31], which can be combined with other security mechanisms, such as non-executable segments and address space layout randomization (ASLR). However, existing allocators are either insecure or ine cient.…”

Section: Vulnerabilitiesmentioning

confidence: 99%

“…One type belongs to bump-pointer or sequential allocators, which sequentially allocate di erent sizes of objects in a continuous range [31]. They maintain freelists for di erent size classes to assist fast allocations, and are also called freelist-based allocators.…”

Section: Vulnerabilitiesmentioning

confidence: 99%

“…Even worse, some implementations may directly con ict with the goal of security. For instance, they place metadata immediately prior to each object, and reutilize the rst words of a freed object to store pointers used by their freelists [31]. These designs will signi cantly increase the attack surface, since attackers can easily overwrite freelist pointers or other metadata to initiate attacks.…”

Section: Vulnerabilitiesmentioning

confidence: 99%

See 2 more Smart Citations

FreeGuard

Silvestro

Liu

Crosser

et al. 2017

Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

In spite of years of improvements to software security, heap-related attacks still remain a severe threat. One reason is that many existing memory allocators fall short in a variety of aspects. For instance, performance-oriented allocators are designed with very limited countermeasures against attacks, but secure allocators generally su er from signi cant performance overhead, e.g., running up to 10× slower. This paper, therefore, introduces FreeGuard, a secure memory allocator that prevents or reduces a wide range of heaprelated attacks, such as heap over ows, heap over-reads, use-afterfrees, as well as double and invalid frees. FreeGuard has similar performance to the default Linux allocator, with less than 2% overhead on average, but provides signi cant improvement to security guarantees. FreeGuard also addresses multiple implementation issues of existing secure allocators, such as the issue of scalability. Experimental results demonstrate that FreeGuard is very e ective in defending against a variety of heap-related attacks.

show abstract

Section: Vulnerabilitiesmentioning

confidence: 99%

Section: Vulnerabilitiesmentioning

confidence: 99%

Section: Vulnerabilitiesmentioning

confidence: 99%

See 1 more Smart Citation

FreeGuard

Silvestro

Liu

Crosser

et al. 2017

Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…Other approaches, e.g., (Berger and Zorn 2006;Lvin et al 2008;Novark and Berger 2010;Novark et al 2009; Perence, B, Electric Fence, http://perens.com/ FreeSoftware/ElectricFence; Akritidis 2010; Serebryany et al 2012), have used custom memory managers tailored to improve the memory safety of applications using them. They detect or help mitigate heap corruptions, dangling pointers or reads of uninitialized data.…”

Section: Custom Memory Allocationmentioning

confidence: 99%

“…Electric Fence relies on the CPU page protection -for each heap buffer, it allocates an extra page that is marked as inaccessible. DieHarder (Novark and Berger 2010) (a descendant of DieHard (Berger and Zorn 2006)) finds memory bugs probabilistically. Specifically, its modified malloc function also adds redzones around memory regions returned to the user, but instead of marking them as inaccessible, it populates the newly allocated memory with special magic values.…”

Section: Custom Memory Allocationmentioning

confidence: 99%

On the detection of custom memory allocators in C binaries

2015

View full text Add to dashboard Cite

Many reverse engineering techniques for data structures rely on the knowledge of memory allocation routines. Typically, they interpose on the system's malloc and free functions, and track each chunk of memory thus allocated as a data structure. However, many performance-critical applications implement their own custom memory allocators. Examples include webservers, database management systems, and compilers like gcc and clang. As a result, current binary analysis techniques for tracking data structures fail on such binaries. We present MemBrush, a new tool to detect memory allocation and deallocation functions in stripped binaries with high accuracy. We evaluated the technique on a large number of real world applications that use custom memory allocators. We demonstrate that MemBrush can detect allocators/deallocators with a high accuracy which is 52 out of 59 for allocators, and 29 out of 31 for deallocators in SPECINT 2006. As we show, we can furnish existing reverse engineering tools with detailed information about the memory management API, and as a result perform an analysis of the actual application specific data structures designed by the programmer. Our system uses dynamic analysis and detects memory allocation and deallocation routines by searching for functions that comply with a set of generic characteristics of allocators and deallocators.

show abstract

Software Cruising: A New Technology for Building Concurrent Software Monitor

Liu

Zeng

et al. 2013

Secure Cloud Computing

View full text Add to dashboard Cite

We introduce a novel concurrent software monitoring technology, called software cruising. It leverages multicore architectures and utilizes lock-free data structures and algorithms to achieve efficient and scalable security monitoring. Applications include, but are not limited to, heap buffer integrity checking, kernel memory cruising, data structure and object invariant checking, rootkit detection, and information provenance and flow checking. In the software cruising framework, one or more dedicated threads, called cruising threads, are running concurrently with the monitored user or kernel code, to constantly check, or cruise, for security violations. We believe the software cruising technology would result in a game-changing capability in security monitoring for the cloud-based and traditional computing and network systems.We have developed two prototypical cruising systems: Cruiser, a lock-free concurrent heap buffer overflow monitor in user space, and Kruiser, a semisynchronized non-blocking OS kernel cruiser. Our experimental results showed that software cruising can be deployed in practice with modest overhead. In user space, heap buffer overflow cruising incurs only 5 % performance overhead on average for the SPEC CPU2006 benchmark, and the Apache throughput slowdown is only 3 % maximum and negligible on average. In kernel space, it is negligible for SPEC, and 3.8 % for Apache. Both technologies can be deployed in large scale for cloud data centers and server farms in an automated manner.

show abstract

DieHarder

Cited by 158 publications

References 16 publications

FreeGuard

FreeGuard

On the detection of custom memory allocators in C binaries

Software Cruising: A New Technology for Building Concurrent Software Monitor

Contact Info

Product

Resources

About