DangSan: Scalable use-after-free detection

Erik Van Der Kouwe; Vinod Nigade; Cristiano Giuffrida

doi:10.1145/3064176.3064211

DangSan: Scalable use-after-free detection

Erik Van Der Kouwe, Vinod Nigade, Cristiano Giuffrida

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

96 Downloads (Pure)

Abstract

Use-after-free vulnerabilities due to dangling pointers are an important and growing threat to systems security. While various solutions exist to address this problem, none of them is sufficiently practical for real-world adoption. Some can be bypassed by attackers, others cannot support complex multithreaded applications prone to dangling pointers, and the remainder have prohibitively high overhead. One major source of overhead is the need to synchronize threads on every pointer write due to pointer tracking. In this paper, we present DangSan, a use-after-free detection system that scales efficiently to large numbers of pointer writes as well as to many concurrent threads. To significantly reduce the overhead of existing solutions, we observe that pointer tracking is write-intensive but requires very few reads. Moreover, there is no need for strong consistency guarantees as inconsistencies can be reconciled at read (i.e., object deallocation) time. Building on these intuitions, DangSan's design mimics that of log-structured file systems, which are ideally suited for similar workloads. Our results show that DangSan can run heavily multithreaded applications, while introducing only half the overhead of previous multithreaded use-after-free detectors.

Original language	English
Title of host publication	EuroSys '17
Subtitle of host publication	Proceedings of the Twelfth European Conference on Computer Systems
Publisher	Association for Computing Machinery, Inc
Pages	405-419
Number of pages	15
ISBN (Electronic)	9781450349383
DOIs	https://doi.org/10.1145/3064176.3064211
Publication status	Published - Apr 2017
Event	12th European Conference on Computer Systems, EuroSys 2017 - Belgrade, Serbia Duration: 23 Apr 2017 → 26 Apr 2017

Conference

Conference	12th European Conference on Computer Systems, EuroSys 2017
Country/Territory	Serbia
City	Belgrade
Period	23/04/17 → 26/04/17

Funding

This work was supported by the European Commission through project H2020 ICT-32-2014 "SHARCS" under Grant Agreement No. 64457 and the Netherlands Organisation for Scientific Research through grant NWO 639.023.309 VICI "Dowsing".

Funders	Funder number
Horizon 2020 Framework Programme	644571
European Commission	64457, H2020 ICT-32-2014
Nederlandse Organisatie voor Wetenschappelijk Onderzoek	639.023.309

Keywords

Dangling pointers
LLVM
Use-after-free

Access to Document

10.1145/3064176.3064211

DangSanFinal published version, 0.99 MBLicence: Article 25fa Dutch Copyright Act

Persistent URL (handle)

Persistent link

Cite this

@inproceedings{734889c4f3e64a5b8466d08b33af3ad9,

title = "DangSan: Scalable use-after-free detection",

abstract = "Use-after-free vulnerabilities due to dangling pointers are an important and growing threat to systems security. While various solutions exist to address this problem, none of them is sufficiently practical for real-world adoption. Some can be bypassed by attackers, others cannot support complex multithreaded applications prone to dangling pointers, and the remainder have prohibitively high overhead. One major source of overhead is the need to synchronize threads on every pointer write due to pointer tracking. In this paper, we present DangSan, a use-after-free detection system that scales efficiently to large numbers of pointer writes as well as to many concurrent threads. To significantly reduce the overhead of existing solutions, we observe that pointer tracking is write-intensive but requires very few reads. Moreover, there is no need for strong consistency guarantees as inconsistencies can be reconciled at read (i.e., object deallocation) time. Building on these intuitions, DangSan's design mimics that of log-structured file systems, which are ideally suited for similar workloads. Our results show that DangSan can run heavily multithreaded applications, while introducing only half the overhead of previous multithreaded use-after-free detectors.",

keywords = "Dangling pointers, LLVM, Use-after-free",

author = "{Van Der Kouwe}, Erik and Vinod Nigade and Cristiano Giuffrida",

year = "2017",

month = apr,

doi = "10.1145/3064176.3064211",

language = "English",

pages = "405--419",

booktitle = "EuroSys '17",

publisher = "Association for Computing Machinery, Inc",

note = "12th European Conference on Computer Systems, EuroSys 2017 ; Conference date: 23-04-2017 Through 26-04-2017",

}

TY - GEN

T1 - DangSan

T2 - 12th European Conference on Computer Systems, EuroSys 2017

AU - Van Der Kouwe, Erik

AU - Nigade, Vinod

AU - Giuffrida, Cristiano

PY - 2017/4

Y1 - 2017/4

N2 - Use-after-free vulnerabilities due to dangling pointers are an important and growing threat to systems security. While various solutions exist to address this problem, none of them is sufficiently practical for real-world adoption. Some can be bypassed by attackers, others cannot support complex multithreaded applications prone to dangling pointers, and the remainder have prohibitively high overhead. One major source of overhead is the need to synchronize threads on every pointer write due to pointer tracking. In this paper, we present DangSan, a use-after-free detection system that scales efficiently to large numbers of pointer writes as well as to many concurrent threads. To significantly reduce the overhead of existing solutions, we observe that pointer tracking is write-intensive but requires very few reads. Moreover, there is no need for strong consistency guarantees as inconsistencies can be reconciled at read (i.e., object deallocation) time. Building on these intuitions, DangSan's design mimics that of log-structured file systems, which are ideally suited for similar workloads. Our results show that DangSan can run heavily multithreaded applications, while introducing only half the overhead of previous multithreaded use-after-free detectors.

AB - Use-after-free vulnerabilities due to dangling pointers are an important and growing threat to systems security. While various solutions exist to address this problem, none of them is sufficiently practical for real-world adoption. Some can be bypassed by attackers, others cannot support complex multithreaded applications prone to dangling pointers, and the remainder have prohibitively high overhead. One major source of overhead is the need to synchronize threads on every pointer write due to pointer tracking. In this paper, we present DangSan, a use-after-free detection system that scales efficiently to large numbers of pointer writes as well as to many concurrent threads. To significantly reduce the overhead of existing solutions, we observe that pointer tracking is write-intensive but requires very few reads. Moreover, there is no need for strong consistency guarantees as inconsistencies can be reconciled at read (i.e., object deallocation) time. Building on these intuitions, DangSan's design mimics that of log-structured file systems, which are ideally suited for similar workloads. Our results show that DangSan can run heavily multithreaded applications, while introducing only half the overhead of previous multithreaded use-after-free detectors.

KW - Dangling pointers

KW - LLVM

KW - Use-after-free

UR - http://www.scopus.com/inward/record.url?scp=85019182947&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85019182947&partnerID=8YFLogxK

U2 - 10.1145/3064176.3064211

DO - 10.1145/3064176.3064211

M3 - Conference contribution

AN - SCOPUS:85019182947

SP - 405

EP - 419

BT - EuroSys '17

PB - Association for Computing Machinery, Inc

Y2 - 23 April 2017 through 26 April 2017

ER -

DangSan: Scalable use-after-free detection

Abstract

Conference

Funding

Keywords

Access to Document

Persistent URL (handle)

Other files and links

Fingerprint

Cite this