Type-after-type: Practical and complete type-safe memory reuse

Erik Van Der Kouwe; Taddeus Kroes; Chris Ouwehand; Herbert Bos; Cristiano Giuffrida

doi:10.1145/3274694.3274705

Type-after-type: Practical and complete type-safe memory reuse

Erik Van Der Kouwe, Taddeus Kroes, Chris Ouwehand, Herbert Bos, Cristiano Giuffrida

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

409 Downloads (Pure)

Abstract

Temporal memory errors, such as use-after-free bugs, are increasingly popular among attackers and their exploitation is hard to stop efficiently using current techniques. We present a new design, called Type-After-Type, which builds on abstractions in production allocators to provide complete temporal type safety for C/C++ programs-ensuring that memory reuse is always type safe-and efficiently hinder temporal memory attacks. Type-After-Type uses static analysis to determine the types of all heap and stack allocations, and replaces regular allocations with typed allocations that never reuse memory previously used by other types. On the heap, Type-After-Type splits available memory into separate pools for each type. For the stack, Type-After-Type efficiently implements type-safe memory reuse for the first time, pushing variables on separate stacks according to their types, unless they are provably safe (e.g., their address is not taken), in which case they are zero-initialized and kept on a special stack. In our evaluation, we show that Type-After-Type stops a variety of real-world temporal memory attacks and on SPEC CPU2006 incurs a performance overhead of 4.3% and a memory overhead of 17.4% (geomean).

Original language	English
Title of host publication	ACSAC '18
Subtitle of host publication	Proceedings of the 34th Annual Computer Security Applications Conference
Publisher	Association for Computing Machinery
Pages	17-27
Number of pages	11
ISBN (Electronic)	9781450365697
DOIs	https://doi.org/10.1145/3274694.3274705
Publication status	Published - 2018
Event	34th Annual Computer Security Applications Conference, ACSAC 2018 - San Juan, United States Duration: 3 Dec 2018 → 7 Dec 2018

Conference

Conference	34th Annual Computer Security Applications Conference, ACSAC 2018
Country/Territory	United States
City	San Juan
Period	3/12/18 → 7/12/18

Funding

We would like to thank the anonymous reviewers for their comments. This project was supported by the European Union's Horizon 2020 research and innovation programme under grant agreement No. 786669 (ReAct), by the United States Office of Naval Research (ONR) under contract N00014-17-1-2782, by Cisco Systems, Inc. through grant #1138109, and by the Netherlands Organisation for Scientific Research through grants NWO 639.023.309 VICI “Dowsing” and NWO 639.021.753 VENI “PantaRhei”. This paper reflects only the authors' view. The funding agencies are not responsible for any use that may be made of the information it contains.

Funders	Funder number
Cisco Systems	1138109
Horizon 2020 Framework Programme	786669
European Geosciences Union	N00014-17-1-2782
Nederlandse Organisatie voor Wetenschappelijk Onderzoek	NWO 639.023.309, NWO 639.021.753

Keywords

Computer systems
Defense
LLVM
Uninitialized read
Use-after-free

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1145/3274694.3274705

Type-after-type Practical and complete type-safe memory reuseFinal published version, 1.54 MBLicence: Article 25fa Dutch Copyright Act

Persistent URL (handle)

Persistent link

Cite this

@inproceedings{1b6ac8d3d1554a24854d8fd6355aaf18,

title = "Type-after-type: Practical and complete type-safe memory reuse",

abstract = "Temporal memory errors, such as use-after-free bugs, are increasingly popular among attackers and their exploitation is hard to stop efficiently using current techniques. We present a new design, called Type-After-Type, which builds on abstractions in production allocators to provide complete temporal type safety for C/C++ programs-ensuring that memory reuse is always type safe-and efficiently hinder temporal memory attacks. Type-After-Type uses static analysis to determine the types of all heap and stack allocations, and replaces regular allocations with typed allocations that never reuse memory previously used by other types. On the heap, Type-After-Type splits available memory into separate pools for each type. For the stack, Type-After-Type efficiently implements type-safe memory reuse for the first time, pushing variables on separate stacks according to their types, unless they are provably safe (e.g., their address is not taken), in which case they are zero-initialized and kept on a special stack. In our evaluation, we show that Type-After-Type stops a variety of real-world temporal memory attacks and on SPEC CPU2006 incurs a performance overhead of 4.3\% and a memory overhead of 17.4\% (geomean).",

keywords = "Computer systems, Defense, LLVM, Uninitialized read, Use-after-free",

author = "\{Van Der Kouwe\}, Erik and Taddeus Kroes and Chris Ouwehand and Herbert Bos and Cristiano Giuffrida",

year = "2018",

doi = "10.1145/3274694.3274705",

language = "English",

pages = "17--27",

booktitle = "ACSAC '18",

publisher = "Association for Computing Machinery",

note = "34th Annual Computer Security Applications Conference, ACSAC 2018 ; Conference date: 03-12-2018 Through 07-12-2018",

}

Van Der Kouwe, E, Kroes, T, Ouwehand, C, Bos, H & Giuffrida, C 2018, Type-after-type: Practical and complete type-safe memory reuse. in ACSAC '18: Proceedings of the 34th Annual Computer Security Applications Conference . Association for Computing Machinery, pp. 17-27, 34th Annual Computer Security Applications Conference, ACSAC 2018, San Juan, United States, 3/12/18. https://doi.org/10.1145/3274694.3274705

Type-after-type: Practical and complete type-safe memory reuse. / Van Der Kouwe, Erik; Kroes, Taddeus; Ouwehand, Chris et al.
ACSAC '18: Proceedings of the 34th Annual Computer Security Applications Conference . Association for Computing Machinery, 2018. p. 17-27.

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Type-after-type: Practical and complete type-safe memory reuse

AU - Van Der Kouwe, Erik

AU - Kroes, Taddeus

AU - Ouwehand, Chris

AU - Bos, Herbert

AU - Giuffrida, Cristiano

PY - 2018

Y1 - 2018

N2 - Temporal memory errors, such as use-after-free bugs, are increasingly popular among attackers and their exploitation is hard to stop efficiently using current techniques. We present a new design, called Type-After-Type, which builds on abstractions in production allocators to provide complete temporal type safety for C/C++ programs-ensuring that memory reuse is always type safe-and efficiently hinder temporal memory attacks. Type-After-Type uses static analysis to determine the types of all heap and stack allocations, and replaces regular allocations with typed allocations that never reuse memory previously used by other types. On the heap, Type-After-Type splits available memory into separate pools for each type. For the stack, Type-After-Type efficiently implements type-safe memory reuse for the first time, pushing variables on separate stacks according to their types, unless they are provably safe (e.g., their address is not taken), in which case they are zero-initialized and kept on a special stack. In our evaluation, we show that Type-After-Type stops a variety of real-world temporal memory attacks and on SPEC CPU2006 incurs a performance overhead of 4.3% and a memory overhead of 17.4% (geomean).

AB - Temporal memory errors, such as use-after-free bugs, are increasingly popular among attackers and their exploitation is hard to stop efficiently using current techniques. We present a new design, called Type-After-Type, which builds on abstractions in production allocators to provide complete temporal type safety for C/C++ programs-ensuring that memory reuse is always type safe-and efficiently hinder temporal memory attacks. Type-After-Type uses static analysis to determine the types of all heap and stack allocations, and replaces regular allocations with typed allocations that never reuse memory previously used by other types. On the heap, Type-After-Type splits available memory into separate pools for each type. For the stack, Type-After-Type efficiently implements type-safe memory reuse for the first time, pushing variables on separate stacks according to their types, unless they are provably safe (e.g., their address is not taken), in which case they are zero-initialized and kept on a special stack. In our evaluation, we show that Type-After-Type stops a variety of real-world temporal memory attacks and on SPEC CPU2006 incurs a performance overhead of 4.3% and a memory overhead of 17.4% (geomean).

KW - Computer systems

KW - Defense

KW - LLVM

KW - Uninitialized read

KW - Use-after-free

UR - https://www.scopus.com/pages/publications/85060007583

UR - https://www.scopus.com/inward/citedby.url?scp=85060007583&partnerID=8YFLogxK

U2 - 10.1145/3274694.3274705

DO - 10.1145/3274694.3274705

M3 - Conference contribution

AN - SCOPUS:85060007583

SP - 17

EP - 27

BT - ACSAC '18

PB - Association for Computing Machinery

T2 - 34th Annual Computer Security Applications Conference, ACSAC 2018

Y2 - 3 December 2018 through 7 December 2018

ER -

Type-after-type: Practical and complete type-safe memory reuse

Abstract

Conference

Funding

Keywords

UN SDGs

Access to Document

Persistent URL (handle)

Other files and links

Fingerprint

Cite this