Defending against Heap Overflow by Using Randomization in Nested Virtual Clusters

  • Chee Meng Tey
  • Debin Gao
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8233)


Heap based buffer overflows are a dangerous class of vulnerability. One countermeasure is randomizing the location of heap memory blocks. Existing techniques segregate the address space into clusters, each of which is used exclusively for one block size. This approach requires a large amount of address space reservation, and results in lower location randomization for larger blocks.


Block Size Address Space Reserved Area Virtual Cluster Parent Cluster 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    The PaX Team: Homepage of the PaX Team,
  2. 2.
    Android community: Android security overview,
  3. 3.
    Otto Moerbeek: A new malloc(3) for OpenBSD,
  4. 4.
    Ollie Whitehouse: An Analysis of Address Space Layout Randomization on Windows Vista,
  5. 5.
    Berger, E.D., Zorn, B.G.: Diehard: probabilistic memory safety for unsafe languages. In: Proceedings of the 2006 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2006, pp. 158–168. ACM, New York (2006)CrossRefGoogle Scholar
  6. 6.
    Novark, G., Berger, E.D.: Dieharder: securing the heap. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 573–584. ACM, New York (2010)CrossRefGoogle Scholar
  7. 7.
    Li, L., Just, J.E., Sekar, R.: Address-space randomization for windows systems. In: Proceedings of the 22nd Annual Computer Security Applications Conference, pp. 329–338 (2006)Google Scholar
  8. 8.
    OpenBSD: The OpenBSD project,
  9. 9.
    Bhatkar, S., DuVarney, D.C., Sekar, R.: Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In: Proceedings of the 12th USENIX Security Symposium, Washington, DC, vol. 120 (2003)Google Scholar
  10. 10.
    Barrantes, E.G., Ackley, D.H., Palmer, T.S., Stefanovic, D., Zovi, D.D.: Randomized instruction set emulation to disrupt binary code injection attacks. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 281–289. ACM (2003)Google Scholar
  11. 11.
    Barrantes, E.G., Ackley, D.H., Forrest, S., Stefanović, D.: Randomized instruction set emulation. ACM Transactions on Information and System Security (TISSEC) 8(1), 3–40 (2005)CrossRefGoogle Scholar
  12. 12.
    Boyd, S.W., Kc, G.S., Locasto, M.E., Keromytis, A.D., Prevelakis, V.: On the general applicability of instruction-set randomization. IEEE Transactions on Dependable and Secure Computing 7(3), 255–270 (2010)CrossRefGoogle Scholar
  13. 13.
    Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 272–280. ACM (2003)Google Scholar
  14. 14.
    Cadar, C., Akritidis, P., Costa, M., Martin, J.P., Castro, M.: Data randomization. Technical report, Microsoft Research (2008) Technical Report MSR-TR-2008-120Google Scholar
  15. 15.
    Daniel, M., Honoroff, J., Miller, C.: Engineering heap overflow exploits with javascript. In: Proceedings of the 2nd Conference on USENIX Workshop on Offensive Technologies, WOOT 2008, pp. 1:1–1:6. USENIX Association, Berkeley (2008)Google Scholar
  16. 16.
    Robson, J.M.: An estimate of the store size necessary for dynamic storage allocation. J. ACM 18(3), 416–423 (1971)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    OEIS: The On-Line Encyclopedia of Integer Sequences (August 2013),

Copyright information

© Springer International Publishing Switzerland 2013

Authors and Affiliations

  • Chee Meng Tey
    • 1
  • Debin Gao
    • 1
  1. 1.Singapore Management UniversitySingapore

Personalised recommendations