In spite of years of improvements to software security, heap-related attacks still remain a severe threat. One reason is that many existing memory allocators fall short in a variety of aspects. For instance, performance-oriented allocators are designed with very limited countermeasures against attacks, but secure allocators generally suffer from significant performance overhead, e.g., running up to 10× slower. This paper, therefore, introduces FreeGuard, a secure memory allocator that prevents or reduces a wide range of heap-related attacks, such as heap overflows, heap over-reads, use-after-frees, as well as double and invalid frees. FreeGuard has similar performance to the default Linux allocator, with less than 2% overhead on average, bu...
Security enforcement inlined into user threads often delays the pro-tected programs; inlined resourc...
Programs written in C and C++ are susceptible to a number of memory errors, including buffer overflo...
Heap spraying is probably the most simple and effective memory corruption attack, which fills the me...
Heap-based attacks depend on a combination of memory manage-ment errors and an exploitable memory al...
Recently, there has been an increase in use-after-free (UAF) vulnerabilities, which are exploited us...
While numerous approaches have been proposed to prevent stack overflows, heap overflows remain both ...
The last twenty years have witnessed the constant reaction of the security com-munity to memory corr...
With ever-increasing complexity of software systems, the number of reported security issues increase...
Recently, there has been an increase in use-after-free (UAF) vulnerabilities, which are exploited us...
Use-after-free (UAF) vulnerabilities, which are abused by exploiting a dangling pointer that refers ...
The potential of multiprocessor systems is often not fully realized by their system services. Certa...
This paper presents a systematic solution to the per-sistent problem of buffer overflow attacks. Buf...
Heap spraying is an attack technique commonly used in hijacking browsers to download and execute mal...
Programs written in C and C++ are susceptible to a number of memory errors, including buffer overflo...
This electronic version was submitted by the student author. The certified thesis is available in th...
Security enforcement inlined into user threads often delays the pro-tected programs; inlined resourc...
Programs written in C and C++ are susceptible to a number of memory errors, including buffer overflo...
Heap spraying is probably the most simple and effective memory corruption attack, which fills the me...
Heap-based attacks depend on a combination of memory manage-ment errors and an exploitable memory al...
Recently, there has been an increase in use-after-free (UAF) vulnerabilities, which are exploited us...
While numerous approaches have been proposed to prevent stack overflows, heap overflows remain both ...
The last twenty years have witnessed the constant reaction of the security com-munity to memory corr...
With ever-increasing complexity of software systems, the number of reported security issues increase...
Recently, there has been an increase in use-after-free (UAF) vulnerabilities, which are exploited us...
Use-after-free (UAF) vulnerabilities, which are abused by exploiting a dangling pointer that refers ...
The potential of multiprocessor systems is often not fully realized by their system services. Certa...
This paper presents a systematic solution to the per-sistent problem of buffer overflow attacks. Buf...
Heap spraying is an attack technique commonly used in hijacking browsers to download and execute mal...
Programs written in C and C++ are susceptible to a number of memory errors, including buffer overflo...
This electronic version was submitted by the student author. The certified thesis is available in th...
Security enforcement inlined into user threads often delays the pro-tected programs; inlined resourc...
Programs written in C and C++ are susceptible to a number of memory errors, including buffer overflo...
Heap spraying is probably the most simple and effective memory corruption attack, which fills the me...