FreeGuard

Silvestro, Sam; Liu, Hongyu; Crosser, Corey; Lin, Zhiqiang; Liu, Tongping

doi:10.1145/3133956.3133957

Cited by 41 publications

(3 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, they incur excessive performance (e.g., 55 % in DangNull, 25 % in FreeSentry, and 41 % in DangSan) to the system in constantly maintaining their dedicated data structures that keep track of the referring relationships between objects and pointers. To reduce performance overhead, a deferred free scheme [6], [7] has been devised that intentionally delays the reuse of freed objects' memory, inspired by the fact that UAF attacks will be launched shortly after objects are freed. This scheme can be implemented easily by placing the freed objects in quarantine memory for a while.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Enhancing a Lock-and-Key Scheme With MTE to Mitigate Use-After-Frees

Bang,

Kayondo,

You

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Preventing Use-After-Free (UAF) bugs is crucial to ensure temporal memory safety. Against UAF attacks, much research has adopted a well-known approach, lock-and-key, in which unique, disposable locks and keys are first assigned respectively to objects and pointers, and then on every memory access, checked for a match. Attention has been drawn again to this approach by recent work that capitalizes on a vast abundance of virtual address (VA) space in the lock assignment, thus being able to prevent UAFs in stripped binary. However, as this VA-based lock-and-key scheme tends to rapidly consume virtual space, it is likely to suffer from high performance overhead. In this paper, we propose a new scheme, called the VA tagging, whose goal is to tackle this performance problem with the support of the Memory Tagging Architecture (MTA) introduced in several commodity processors. In our scheme, the original VA-based locks are augmented with tags of MTA. As a VA-based lock can be assigned to multiple objects with different tags, the same VA is reused for many objects without compromising temporal safety. We have observed in our experiments that this tagging scheme lowers the VA consumption rate drastically by one order of magnitude. We implement a light-weight memory allocator, Vatalloc, by modifying existing allocators, dlmalloc and jemalloc, to employ the VA tagging scheme for efficient prevention of UAFs. Our evaluation shows that Vatalloc with allocator modifications only incurs 1.70 % (on dlmalloc) and 3.05 % (on jemalloc) of runtime overhead without considering performance degradation of MTE. As a result of simulating the tagging architecture assuming the worst-case, postulating MTE precise trapping mode incurs performance overhead of 30.9 % based on dlmalloc, and 25.5 % based on jemalloc. If imprecise mode is assumed, the slowdown is measured 16.9 % for dlmalloc and 12.0 % for jemalloc respectively. Vatalloc only incurs 19.0 % and 3.0 % memory overhead for dlmalloc and jemalloc respectively.

show abstract

Section: Related Workmentioning

confidence: 99%

“…UAFs are prevalent across applications, as demonstrated in the statistical report of the MITRE where it ranks among the top 25 most dangerous software errors [1]. To date, a lot of techniques [2], [3], [4], [5], [6], [7], [8], [9], [10], [11], [12], [13], [14], [15], [16], [17] have been invented to stymie UAF attacks in question.…”

Section: Introductionmentioning

confidence: 99%

Enhancing a Lock-and-Key Scheme With MTE to Mitigate Use-After-Frees

Bang,

Kayondo,

You

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…If a chunk is freed while the program still has a pointer, such a dangling pointer can be misused to corrupt an object that reuses the chunk. Many software products are reported to have this class of vulnerability [5,6,7] despite the large mitigation effort [11,12,15,16,17,19,23,25,26,27,28,29,30,31,32,34,36]. The prevalence and severity of the threat even motivates the industry to migrate the existing software products into other * Corresponding Author languages such as Rust [22,33,35], which prevents the useafter-free vulnerabilities as one of its design goals.…”

Section: Introductionmentioning

confidence: 99%

Efficient Use-After-Free Prevention with Opportunistic Page-Level Sweeping

Park,

Moon

2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Defeating use-after-free exploits presents a challenging problem, one for which a universal solution remains elusive. Recent efforts towards efficient prevention of use-after-free exploits have found that delaying the reuse of freed memory can both be effective and efficient in many cases. Previous studies have proposed two primary approaches: one where reuse is postponed until the allocator can confidently ascertain the absence of any dangling pointers to the freed memory, and another that refrains from reusing a freed heap chunk until the program's termination. We make an intriguing observation from our in-depth analysis of these two approaches and their reported performance impacts. When compared to the design that delays the reuse until the program terminates the strategy that delays the reuse just until no dangling pointer references the freed chunk suffers from a significant performance overhead for some workloads. The change in the reuse of each heap chunk affects the distribution of allocated chunks in the heap, and the performance of some benchmarks. This study proposes HUSHVAC, an allocator that performs delayed reuse in such a way that the distribution of heap chunks becomes more friendly to such workloads. An evaluation of HUSHVAC showed that the average performance overhead of HUSHVAC (4.7%) was lower than that of the state-of-the-art (11.4%) when running the SPEC CPU 2006 benchmark suite. Specifically, the overhead of HUSHVAC on the distribution-sensitive benchmark was about 35.2% while the prior work has an overhead of 110%.

show abstract

Software Security—Exploits and Privilege Escalation

Oorschot

2020

Information Security and Cryptography

View full text Add to dashboard Cite

FreeGuard

Cited by 41 publications

References 21 publications

Enhancing a Lock-and-Key Scheme With MTE to Mitigate Use-After-Frees

Enhancing a Lock-and-Key Scheme With MTE to Mitigate Use-After-Frees

Efficient Use-After-Free Prevention with Opportunistic Page-Level Sweeping

Software Security—Exploits and Privilege Escalation

Contact Info

Product

Resources

About