Abstract
Temporal memory errors, such as use-after-free bugs, are increasingly popular among attackers and their exploitation is hard to stop efficiently using current techniques. We present a new design, called Type-After-Type, which builds on abstractions in production allocators to provide complete temporal type safety for C/C++ programs-ensuring that memory reuse is always type safe-and efficiently hinder temporal memory attacks. Type-After-Type uses static analysis to determine the types of all heap and stack allocations, and replaces regular allocations with typed allocations that never reuse memory previously used by other types. On the heap, Type-After-Type splits available memory into separate pools for each type. For the stack, Type-After-Type efficiently implements type-safe memory reuse for the first time, pushing variables on separate stacks according to their types, unless they are provably safe (e.g., their address is not taken), in which case they are zero-initialized and kept on a special stack. In our evaluation, we show that Type-After-Type stops a variety of real-world temporal memory attacks and on SPEC CPU2006 incurs a performance overhead of 4.3% and a memory overhead of 17.4% (geomean).
| Original language | English |
|---|---|
| Title of host publication | ACSAC '18 Proceedings of the 34th Annual Computer Security Applications Conference |
| Place of Publication | San Juan, PR |
| Publisher | Association for Computing Machinery |
| Pages | 17-27 |
| Number of pages | 11 |
| ISBN (Electronic) | 9781450365697 |
| DOIs | |
| Publication status | Published - 3 Dec 2018 |
| Event | 34th Annual Computer Security Applications Conference, ACSAC 2018 - San Juan, United States Duration: 3 Dec 2018 → 7 Dec 2018 |
Conference
| Conference | 34th Annual Computer Security Applications Conference, ACSAC 2018 |
|---|---|
| Country/Territory | United States |
| City | San Juan |
| Period | 3/12/18 → 7/12/18 |
Keywords
- Computer systems
- Defense
- LLVM
- Uninitialized read
- Use-after-free
