Type-after-type: Practical and complete type-safe memory reuse

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Temporal memory errors, such as use-after-free bugs, are increasingly popular among attackers and their exploitation is hard to stop efficiently using current techniques. We present a new design, called Type-After-Type, which builds on abstractions in production allocators to provide complete temporal type safety for C/C++ programs-ensuring that memory reuse is always type safe-and efficiently hinder temporal memory attacks. Type-After-Type uses static analysis to determine the types of all heap and stack allocations, and replaces regular allocations with typed allocations that never reuse memory previously used by other types. On the heap, Type-After-Type splits available memory into separate pools for each type. For the stack, Type-After-Type efficiently implements type-safe memory reuse for the first time, pushing variables on separate stacks according to their types, unless they are provably safe (e.g., their address is not taken), in which case they are zero-initialized and kept on a special stack. In our evaluation, we show that Type-After-Type stops a variety of real-world temporal memory attacks and on SPEC CPU2006 incurs a performance overhead of 4.3% and a memory overhead of 17.4% (geomean).

Original languageEnglish
Title of host publicationACSAC '18 Proceedings of the 34th Annual Computer Security Applications Conference
Place of PublicationSan Juan, PR
PublisherAssociation for Computing Machinery
Pages17-27
Number of pages11
ISBN (Electronic)9781450365697
DOIs
Publication statusPublished - 3 Dec 2018
Event34th Annual Computer Security Applications Conference, ACSAC 2018 - San Juan, United States
Duration: 3 Dec 20187 Dec 2018

Conference

Conference34th Annual Computer Security Applications Conference, ACSAC 2018
CountryUnited States
CitySan Juan
Period3/12/187/12/18

Fingerprint

Data storage equipment
Static analysis

Keywords

  • Computer systems
  • Defense
  • LLVM
  • Uninitialized read
  • Use-after-free

Cite this

Van Der Kouwe, E., Kroes, T., Ouwehand, C., Bos, H., & Giuffrida, C. (2018). Type-after-type: Practical and complete type-safe memory reuse. In ACSAC '18 Proceedings of the 34th Annual Computer Security Applications Conference (pp. 17-27). San Juan, PR: Association for Computing Machinery. https://doi.org/10.1145/3274694.3274705
Van Der Kouwe, Erik ; Kroes, Taddeus ; Ouwehand, Chris ; Bos, Herbert ; Giuffrida, Cristiano. / Type-after-type : Practical and complete type-safe memory reuse. ACSAC '18 Proceedings of the 34th Annual Computer Security Applications Conference . San Juan, PR : Association for Computing Machinery, 2018. pp. 17-27
@inproceedings{1b6ac8d3d1554a24854d8fd6355aaf18,
title = "Type-after-type: Practical and complete type-safe memory reuse",
abstract = "Temporal memory errors, such as use-after-free bugs, are increasingly popular among attackers and their exploitation is hard to stop efficiently using current techniques. We present a new design, called Type-After-Type, which builds on abstractions in production allocators to provide complete temporal type safety for C/C++ programs-ensuring that memory reuse is always type safe-and efficiently hinder temporal memory attacks. Type-After-Type uses static analysis to determine the types of all heap and stack allocations, and replaces regular allocations with typed allocations that never reuse memory previously used by other types. On the heap, Type-After-Type splits available memory into separate pools for each type. For the stack, Type-After-Type efficiently implements type-safe memory reuse for the first time, pushing variables on separate stacks according to their types, unless they are provably safe (e.g., their address is not taken), in which case they are zero-initialized and kept on a special stack. In our evaluation, we show that Type-After-Type stops a variety of real-world temporal memory attacks and on SPEC CPU2006 incurs a performance overhead of 4.3{\%} and a memory overhead of 17.4{\%} (geomean).",
keywords = "Computer systems, Defense, LLVM, Uninitialized read, Use-after-free",
author = "{Van Der Kouwe}, Erik and Taddeus Kroes and Chris Ouwehand and Herbert Bos and Cristiano Giuffrida",
year = "2018",
month = "12",
day = "3",
doi = "10.1145/3274694.3274705",
language = "English",
pages = "17--27",
booktitle = "ACSAC '18 Proceedings of the 34th Annual Computer Security Applications Conference",
publisher = "Association for Computing Machinery",

}

Van Der Kouwe, E, Kroes, T, Ouwehand, C, Bos, H & Giuffrida, C 2018, Type-after-type: Practical and complete type-safe memory reuse. in ACSAC '18 Proceedings of the 34th Annual Computer Security Applications Conference . Association for Computing Machinery, San Juan, PR, pp. 17-27, 34th Annual Computer Security Applications Conference, ACSAC 2018, San Juan, United States, 3/12/18. https://doi.org/10.1145/3274694.3274705

Type-after-type : Practical and complete type-safe memory reuse. / Van Der Kouwe, Erik; Kroes, Taddeus; Ouwehand, Chris; Bos, Herbert; Giuffrida, Cristiano.

ACSAC '18 Proceedings of the 34th Annual Computer Security Applications Conference . San Juan, PR : Association for Computing Machinery, 2018. p. 17-27.

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - Type-after-type

T2 - Practical and complete type-safe memory reuse

AU - Van Der Kouwe, Erik

AU - Kroes, Taddeus

AU - Ouwehand, Chris

AU - Bos, Herbert

AU - Giuffrida, Cristiano

PY - 2018/12/3

Y1 - 2018/12/3

N2 - Temporal memory errors, such as use-after-free bugs, are increasingly popular among attackers and their exploitation is hard to stop efficiently using current techniques. We present a new design, called Type-After-Type, which builds on abstractions in production allocators to provide complete temporal type safety for C/C++ programs-ensuring that memory reuse is always type safe-and efficiently hinder temporal memory attacks. Type-After-Type uses static analysis to determine the types of all heap and stack allocations, and replaces regular allocations with typed allocations that never reuse memory previously used by other types. On the heap, Type-After-Type splits available memory into separate pools for each type. For the stack, Type-After-Type efficiently implements type-safe memory reuse for the first time, pushing variables on separate stacks according to their types, unless they are provably safe (e.g., their address is not taken), in which case they are zero-initialized and kept on a special stack. In our evaluation, we show that Type-After-Type stops a variety of real-world temporal memory attacks and on SPEC CPU2006 incurs a performance overhead of 4.3% and a memory overhead of 17.4% (geomean).

AB - Temporal memory errors, such as use-after-free bugs, are increasingly popular among attackers and their exploitation is hard to stop efficiently using current techniques. We present a new design, called Type-After-Type, which builds on abstractions in production allocators to provide complete temporal type safety for C/C++ programs-ensuring that memory reuse is always type safe-and efficiently hinder temporal memory attacks. Type-After-Type uses static analysis to determine the types of all heap and stack allocations, and replaces regular allocations with typed allocations that never reuse memory previously used by other types. On the heap, Type-After-Type splits available memory into separate pools for each type. For the stack, Type-After-Type efficiently implements type-safe memory reuse for the first time, pushing variables on separate stacks according to their types, unless they are provably safe (e.g., their address is not taken), in which case they are zero-initialized and kept on a special stack. In our evaluation, we show that Type-After-Type stops a variety of real-world temporal memory attacks and on SPEC CPU2006 incurs a performance overhead of 4.3% and a memory overhead of 17.4% (geomean).

KW - Computer systems

KW - Defense

KW - LLVM

KW - Uninitialized read

KW - Use-after-free

UR - http://www.scopus.com/inward/record.url?scp=85060007583&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85060007583&partnerID=8YFLogxK

U2 - 10.1145/3274694.3274705

DO - 10.1145/3274694.3274705

M3 - Conference contribution

SP - 17

EP - 27

BT - ACSAC '18 Proceedings of the 34th Annual Computer Security Applications Conference

PB - Association for Computing Machinery

CY - San Juan, PR

ER -

Van Der Kouwe E, Kroes T, Ouwehand C, Bos H, Giuffrida C. Type-after-type: Practical and complete type-safe memory reuse. In ACSAC '18 Proceedings of the 34th Annual Computer Security Applications Conference . San Juan, PR: Association for Computing Machinery. 2018. p. 17-27 https://doi.org/10.1145/3274694.3274705