Recently, there has been an increase in use-after-free (UAF) vulnerabilities, which are exploited using a dangling pointer that refers to a freed memory. Various methods to prevent UAF attacks have been proposed. However, only a few methods can effectively prevent UAF attacks during runtime with low overhead. In this paper, we propose HeapRevolver, which is a novel UAF attack-prevention method that delays and randomizes the timing of release of freed memory area by using a memory-reuse-prohibited library, which prohibits a freed memory area from being reused for a certain period. In this paper, we describe the design and implementation of HeapRevolver in Linux and Windows, and report its evaluation results. The results show that HeapRevolve...
Run-time attacks have plagued computer systems for more than three decades, with control-flow hijack...
Abstract—Fine-grained address space layout randomization (ASLR) has recently been proposed as a meth...
C, C++ and most other popular low-level languages delegate memory management to the programmer, freq...
Recently, there has been an increase in use-after-free (UAF) vulnerabilities, which are exploited us...
Recently, there has been an increase in use-after-free (UAF) vulnerabilities, which are exploited us...
Use-after-free (UAF) vulnerabilities, which are abused by exploiting a dangling pointer that refers ...
Memory-unsafe languages are widely used to implement critical systems like kernels and browsers, lea...
In spite of years of improvements to software security, heap-related attacks still remain a severe t...
Heap-based attacks depend on a combination of memory manage-ment errors and an exploitable memory al...
Part 5: Session 5: MiscellaneousInternational audienceMemory vulnerabilities have severely affect sy...
Abstract—Many system components and network applications are written in languages that are prone to ...
The last twenty years have witnessed the constant reaction of the security com-munity to memory corr...
While numerous approaches have been proposed to prevent stack overflows, heap overflows remain both ...
Wang, HainingFor many years, use-after-free vulnerabilities have been a persistent security threat t...
Detecting and preventing exploitation of memory corruption vulnerabilities is highly challenging. Un...
Run-time attacks have plagued computer systems for more than three decades, with control-flow hijack...
Abstract—Fine-grained address space layout randomization (ASLR) has recently been proposed as a meth...
C, C++ and most other popular low-level languages delegate memory management to the programmer, freq...
Recently, there has been an increase in use-after-free (UAF) vulnerabilities, which are exploited us...
Recently, there has been an increase in use-after-free (UAF) vulnerabilities, which are exploited us...
Use-after-free (UAF) vulnerabilities, which are abused by exploiting a dangling pointer that refers ...
Memory-unsafe languages are widely used to implement critical systems like kernels and browsers, lea...
In spite of years of improvements to software security, heap-related attacks still remain a severe t...
Heap-based attacks depend on a combination of memory manage-ment errors and an exploitable memory al...
Part 5: Session 5: MiscellaneousInternational audienceMemory vulnerabilities have severely affect sy...
Abstract—Many system components and network applications are written in languages that are prone to ...
The last twenty years have witnessed the constant reaction of the security com-munity to memory corr...
While numerous approaches have been proposed to prevent stack overflows, heap overflows remain both ...
Wang, HainingFor many years, use-after-free vulnerabilities have been a persistent security threat t...
Detecting and preventing exploitation of memory corruption vulnerabilities is highly challenging. Un...
Run-time attacks have plagued computer systems for more than three decades, with control-flow hijack...
Abstract—Fine-grained address space layout randomization (ASLR) has recently been proposed as a meth...
C, C++ and most other popular low-level languages delegate memory management to the programmer, freq...