Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Security and Trust Management

STM 2015: Security and Trust Management pp 136–151Cite as

SUDUTA: Script UAF Detection Using Taint Analysis

  • Conference paper
  • First Online:

  • 868 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9331))

Abstract

Use-after-free (UAF) vulnerabilities are caused by the use of dangling pointers. Their exploitation inside script engine-hosting applications, e.g. web browsers, can even bypass state-of-the-art countermeasures. This work proposes SUDUTA (Script UAF Detection Using Taint Analysis), which aims at facilitating the diagnosis of UAF bugs during vulnerability analysis and improves an existent promising technique based on dynamic taint tracking. Firstly, precise taint analysis rules are presented in this work to clearly specify how SUDUTA manages the taint state. Moreover, it shifts its analysis to on-line, enabling instrumentation code to gain access to the program state of the application. Lastly, it handles the presence of custom memory allocators that are typically utilised in script-hosting applications. Results obtained using a benchmark dataset and vulnerable applications validate these three improvements.

The work disclosed is partially funded by the Master it! Scholarship Scheme (Malta).

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    https://cve.mitre.org.

  2. 2.

    https://msdn.microsoft.com/en-us/library/windows/hardware/ff549561(v=vs.85).aspx.

  3. 3.

    http://www.dynamorio.org/.

  4. 4.

    http://www.aldeid.com/wiki/Bf3.

  5. 5.

    Retrieved from Exploit-DB: https://www.exploit-db.com/.

  6. 6.

    http://www.drmemory.org/.

  7. 7.

    https://support.microsoft.com/en-us/kb/2458544.

References

  1. Akritidis, P.: Cling: a memory allocator to mitigate dangling pointers. In: Proceedings of the 19th USENIX Conference on Security, USENIX Security 2010, p. 12. USENIX Association, Berkeley (2010)

    Google Scholar 

  2. Argyroudis, P., Karamitas, C.: Exploiting the Jemalloc Memory Allocator: Owning Firefox’s Heap. Blackhat USA (2012)

    Google Scholar 

  3. Bruening, D., Zhao, Q., Amarasinghe, S.: Transparent dynamic instrumentation. In: Proceedings of the 8th ACM SIGPLAN/SIGOPS Conference on Virtual Execution Environments, VEE 2012, pp. 133–144. ACM, New York (2012)

    Google Scholar 

  4. Caballero, J., Grieco, G., Marron, M., Nappa, A.: Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities. In: Heimdahl, M.P.E., Su, Z. (eds.) ISSTA, pp. 133–143. ACM (2012)

    Google Scholar 

  5. Chen, X., Slowinska, A., Bos, H.: Who allocated my memory? detecting custom memory allocators in C binaries. In: 2013 20th Working Conference on Reverse Engineering (WCRE), pp. 22–31 (2013)

    Google Scholar 

  6. Josselin, F., Laurent, M., Marie-Laure, P.: Statically detecting use after free on binary code. In: GreHack, pp. 61–71 (2013)

    Google Scholar 

  7. Kratzer, J.: Root cause analysis Memory Corruption Vulnerabilities. https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruption-vulnerabilities/. Accessed 15 June 2015

  8. Lee, B., Song, C., Jang, Y., Wang, T., Kim, T., Lu, L., Lee, W.: Preventing use-after-free with dangling pointers nullification. In: Proceedings of the 2015 Annual Network and Distributed System Security Symposium (2015)

    Google Scholar 

  9. Nagarakatte, S., Zhao, J., Martin, M.M.K., Zdancewic, S.: CETS: compiler enforced temporal safety for C. In: Vitek, J., Lea, D. (eds.) ISMM, pp. 31–40. ACM (2010)

    Google Scholar 

  10. Schwartz, E.J., Avgerinos, T., Brumley, D.: All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In: Proceedings of the 2010 IEEE Symposium on Security and Privacy, SP 2010, pp. 317–331. IEEE Computer Society, Washington, DC (2010)

    Google Scholar 

  11. Snow, K.Z., Monrose, F., Davi, L., Dmitrienko, A., Liebchen, C., Sadeghi, A.R.: Just-in-time code reuse: on the effectiveness of fine-grained address space layout randomization. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP 2013, pp. 574–588. IEEE Computer Society, Washington, DC (2013)

    Google Scholar 

  12. Xu, W., DuVarney, D.C., Sekar, R.: An efficient and backwards-compatible transformation to ensure memory safety of C programs. ACM SIGSOFT Softw. Eng. Notes 29(6), 117–126 (2004)

    Article  Google Scholar 

  13. Ye, J., Zhang, C., Han, X.: POSTER: UAFChecker: scalable static detection of use-after-free vulnerabilities. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, pp. 1529–1531. ACM, New York (2014)

    Google Scholar 

  14. Younan, Y.: Freesentry: Protecting against use-after-free vulnerabilities due to dangling pointers (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. PEST Research Lab, University of Malta, Msida, Malta

    John Galea & Mark Vella

Authors
  1. John Galea
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mark Vella
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to John Galea .

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica, Università degli Studi di Milano, Crema, Italy

    Sara Foresti

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Galea, J., Vella, M. (2015). SUDUTA: Script UAF Detection Using Taint Analysis. In: Foresti, S. (eds) Security and Trust Management. STM 2015. Lecture Notes in Computer Science(), vol 9331. Springer, Cham. https://doi.org/10.1007/978-3-319-24858-5_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-24858-5_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-24857-8

  • Online ISBN: 978-3-319-24858-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation