Skip to Main content Skip to Navigation
Conference papers

On-Demand Proactive Defense against Memory Vulnerabilities

Abstract : Memory vulnerabilities have severely affect system security and availability. Although there are a number of solutions proposed to defense against memory vulnerabilities, most of existing solutions protect the entire life cycle of the application or survive attacks after detecting attacks. This paper presents OPSafe, a system that make applications safely survive memory vulnerabilities for a period of time from the starting or in runtime with users’ demand. OPSafe can provide a hot-portable Green Zone of any size with users’ demand, where all the subsequent allocated memory objects including stack objects and heap objects are reallocated and safely managed in a protected memory area. When users open the green zone, OPSafe uses a comprehensive memory management in the protected memory area to adaptively allocate buffers with multiple times of their defined sizes and randomly place them. Combined with objects free masking techniques, OPSafe can avoid overrunning each other and dangling pointer errors as well as double free or invalid free errors. Once closing the green zone, OPSafe clears away all objects in the protected area and then frees the protected area. We have developed a Linux prototype and evaluated it using four applications which contains a wide range of vulnerabilities. The experimental results show that OPSafe can conveniently create and destruct a hot-portable green zone where the vulnerable application can survive crashes and eliminate erroneous execution.
Document type :
Conference papers
Complete list of metadatas

Cited literature [11 references]  Display  Hide  Download

https://hal.inria.fr/hal-01513762
Contributor : Hal Ifip <>
Submitted on : Tuesday, April 25, 2017 - 2:33:29 PM
Last modification on : Friday, July 17, 2020 - 7:12:04 PM
Long-term archiving on: : Wednesday, July 26, 2017 - 2:04:15 PM

File

978-3-642-40820-5_31_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Gang Chen, Hai Jin, Deqing Zou, Weiqi Dai. On-Demand Proactive Defense against Memory Vulnerabilities. 10th International Conference on Network and Parallel Computing (NPC), Sep 2013, Guiyang, China. pp.368-379, ⟨10.1007/978-3-642-40820-5_31⟩. ⟨hal-01513762⟩

Share

Metrics

Record views

151

Files downloads

314