On-Demand Proactive Defense against Memory Vulnerabilities

Abstract : Memory vulnerabilities have severely affect system security and availability. Although there are a number of solutions proposed to defense against memory vulnerabilities, most of existing solutions protect the entire life cycle of the application or survive attacks after detecting attacks. This paper presents OPSafe, a system that make applications safely survive memory vulnerabilities for a period of time from the starting or in runtime with users’ demand. OPSafe can provide a hot-portable Green Zone of any size with users’ demand, where all the subsequent allocated memory objects including stack objects and heap objects are reallocated and safely managed in a protected memory area. When users open the green zone, OPSafe uses a comprehensive memory management in the protected memory area to adaptively allocate buffers with multiple times of their defined sizes and randomly place them. Combined with objects free masking techniques, OPSafe can avoid overrunning each other and dangling pointer errors as well as double free or invalid free errors. Once closing the green zone, OPSafe clears away all objects in the protected area and then frees the protected area. We have developed a Linux prototype and evaluated it using four applications which contains a wide range of vulnerabilities. The experimental results show that OPSafe can conveniently create and destruct a hot-portable green zone where the vulnerable application can survive crashes and eliminate erroneous execution.
Type de document :
Communication dans un congrès
Ching-Hsien Hsu; Xiaoming Li; Xuanhua Shi; Ran Zheng. 10th International Conference on Network and Parallel Computing (NPC), Sep 2013, Guiyang, China. Springer, Lecture Notes in Computer Science, LNCS-8147, pp.368-379, 2013, Network and Parallel Computing. 〈10.1007/978-3-642-40820-5_31〉
Liste complète des métadonnées

Littérature citée [13 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01513762
Contributeur : Hal Ifip <>
Soumis le : mardi 25 avril 2017 - 14:33:29
Dernière modification le : mardi 25 avril 2017 - 14:35:50
Document(s) archivé(s) le : mercredi 26 juillet 2017 - 14:04:15

Fichier

978-3-642-40820-5_31_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Gang Chen, Hai Jin, Deqing Zou, Weiqi Dai. On-Demand Proactive Defense against Memory Vulnerabilities. Ching-Hsien Hsu; Xiaoming Li; Xuanhua Shi; Ran Zheng. 10th International Conference on Network and Parallel Computing (NPC), Sep 2013, Guiyang, China. Springer, Lecture Notes in Computer Science, LNCS-8147, pp.368-379, 2013, Network and Parallel Computing. 〈10.1007/978-3-642-40820-5_31〉. 〈hal-01513762〉

Partager

Métriques

Consultations de la notice

68

Téléchargements de fichiers

35