Comprehensively and efficiently protecting the heap

International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS

Volumn , Issue , 2006, Pages 207-218

  Kharbutli, Mazen ^a   Jiang, Xiaowei ^b   Solihin, Yan ^b   Venkataramani, Guru ^c   Prvulovic, Milos ^c  

^a JORDAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Jordan)

^b NORTH CAROLINA STATE UNIVERSITY   (United States)

^c GEORGIA INSTITUTE OF TECHNOLOGY   (United States)

Author keywords

Computer security; Heap attacks; Heap security; Heap server

Indexed keywords

HEAP MANAGEMENT LIBRARIES; HEAP SERVERS; HEAP STRUCTURE INFORMATION; VIRTUAL MEMORY;

COMPUTER PROGRAM LISTINGS; DIGITAL LIBRARIES; INFORMATION MANAGEMENT; METADATA; SERVERS; VIRTUAL REALITY;

SECURITY OF DATA;

EID: 34547520411     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1168857.1168884     Document Type: Conference Paper

References (31)

1. Alexander Anisimov, Positive Technologies. Defeating Microsoft Windows XP SP2 Heap protection and DEP bypass. http://www.maxpatrol.com/defeating- xpsp2-heap-protection.htm, 2005.
2. Anonymous. Once upon afree(). Phrack Magazine, 57(9), 2001.
3. E. Berger and B. Zorn. Diehard: Probabilistic memory safety for unsafe languages. In ACM SIGPLAN Conf. on Programming Language Design and Implementation, 2006.
4. E. D. Berger, K. S. McKinley, R. D. Blumofe, and P. R. Wilson. Hoard: A Scalable Memory Allocator for Multithreaded Applications, in Proc. of the 9th Intl. Conf. on Architectural Support for Programming Languages and Operating Systems (ASPLOS-IX), pages 117-128, 2000.
5. S. Bhatkar, D. C.DuVarney, and R.Sekar. Address Obfuscation: an Efficient Approach to Combat a Broad Range of Memory Error Exploits, in Proc. of the 12th USENIX Security Symp., pages 105-120, 2003.
6. S. Chen, J. Xu, E. C. Sezer, P. Gauriar, and R. K. Iyer. Non-Control-Data Attacks Are Realistic Threats, in Proc. of the 14th USENIX Security Symp., pages .177-192, 2005.
7. C. Cowan, S. Beattie, J. Johansen, and P. Wagle. PointGuard: Protecting Pointers from Buffer Overflow Vulnerabilities, in Proc. of the 12th USENIX Security Symp., pages 91-104, 2003.
8. C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks, in Proc. of the 7th USENIXSecurity Symp., pages 63-78, 1998.
9. Darkeagle. Mozzila GIF Image Processing Library Remote Heap Overflow Vulnerability. http://www.securityfocus.com/bid/12881/exploit, 2005.
10. D. L. Detlefs, A. Dosser, and B. Zorn. Memory Allocation Costs in Large C and C++ Programs. Software Practice and Experience, pages 527-542, 1994.
11. Doug Lea. A Memory Allocator, http://gee.cs.oswego.edu/dl/html/malloc. html, 2000.
12. G. Suh, J. Lee, and S. Devadas. Secure program, execution via dynamic information flow tracking. In Proc. of the 11th Intl. Conf. on Architectural Support for Programming Languages and Operating Systems. Boston, MA, 2004.
13. H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh. On the effectiveness of address space randomization. In Proc. of the ACM Conf. on Computer and Communications Security, 2004.
14. J. R. Crandall and F. T. Chong. Minos: Control data attack prevention orthogonal to memory model. To appear in Proc. of the 37th Intl. Symp. on Microarchitecture. Portland, OR, 2004.
15. Jones, Richard, and Rafael Lins. Garbage Collection: Algorithms for Automatic Dynamic Memory Management. John Wiley & Sons, New York, 1996.
16. V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure Execution via Program Shepherding. In 11th USENIX Security Symp., 2002.
17. Linux Programmer's Manual. Man Pages MSGOP(2). 2002.
18. Matt Conover and wOOwOO Security Team.. w00w00 on Heap Overflows. http://www.w00w00.org/files/articles/heaptut.txt, 1999.
19. Nathan Tuck, Brad Calder and George Varghese. Hardware and Binary Modification Support for Code Pointer Protection From Buffer Overflow. Proc. of the 37th annual IEEE/ACM Intl. Symp. on Microarchitecture, pages 209-220, 2004.
20. PaX Team. PaX Address Space Layout Randomization (ASLR). http://pax.grsecurity.net/docs/aslr.txt, 2003.
21. F. Perriot and P. Szor. An Analysis of the Slapper Worm Exploit. http://securityresponse.symantec.com/avcenter/reference/analysis.slapper. worm.pdf, 2003.
22. R. Wojtczuk. Defeating Solar Designer Non-executable Stack Patch, http://seclists.org/lists/bugtraq, experimental study of security vulnerabilities caused by ermrs. In Pmc. of the IEEE Intl. Conf, 1998.
23. S. Andersen and V. Abella. Data Execution Prevention. Changes to Functionality in Microsoft Windows XP Service Pack 2, Part 3: Memory Protection Technologies, http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/ sp2mempr.mspx, 2004.
24. Security Focus. Wu-Ftpd File Globbing Heap Corruption Vulnerability. http://www.securityfocus.com/bid/3581, 2002.
25. Security Focus. Sudo Password Prompt Heap Overflow Vulnerability. http://www.securityfocus.com/bid/4593, 2003.
26. Security Focus. Microsoft Windows winhlp32.exe Heap Overflow Vulnerability. http://www.securityfocus.com/archive/1/385332/2004-12-20/2004- 12-26/2, 2004.
27. Standard Performance Evaluation Corporation. SPEC CPU2000 Benchmarks, http://www.spec.org/osg/cpu2000/, 2000.
28. US-CERT. CVS Heap Overflow Vulnerability, www.uscert.gov/cas/ techalerts/index.html, pages TA04-147A, 2004.
29. US-CERT. HTTP Parsing Vulnerabilities in Checkpoint Firewall-1. www.uscert.gov/cas/techalerts/index.html, pages TA04-036A, 2004.
30. US-CERT. Microsoft Internet Explorer vulnerable to buffer overflow via FRAME and IFRAME elements, http://www.kb.cert.org/vuls/id/842160, page VU 842160, 2004.
31. J. Xu, Z. Kalbarczyk, and R. K. Iyer. Transparent Runtime Randomization for Security, in Proc. of the 22nd Intl. Symp. on Reliable Distributed Systems, pages 260-269, 2003.