Skip to main content
SpringerLink
Log in

HeapRevolver: Delaying and Randomizing Timing of Release of Freed Memory Area to Prevent Use-After-Free Attacks

  • Conference paper
  • First Online:
Network and System Security (NSS 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9955))

Included in the following conference series:

Abstract

Recently, there has been an increase in use-after-free (UAF) vulnerabilities, which are exploited using a dangling pointer that refers to a freed memory. Various methods to prevent UAF attacks have been proposed. However, only a few methods can effectively prevent UAF attacks during runtime with low overhead. In this paper, we propose HeapRevolver, which is a novel UAF attack-prevention method that delays and randomizes the timing of release of freed memory area by using a memory-reuse-prohibited library, which prohibits a freed memory area from being reused for a certain period. In this paper, we describe the design and implementation of HeapRevolver in Linux and Windows, and report its evaluation results. The results show that HeapRevolver can prevent attacks that exploit existing UAF vulnerabilities. In addition, the overhead is small.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Common Vulnerabilities and Exposures. https://cve.mitre.org/index.html

  2. Microsoft Security Intelligence Report, vol. 16. http://www.microsoft.com/en-us/download/details.aspx?id=42646

  3. Serebryany, K., Bruening, D., Potapenko, A., Vyukov, D.: Addresssanitizer: a fast address sanity checker. In: 2012 USENIX Conference on Annual Technical Conference (USENIX ATC 2012), pp. 309–318 (2012)

    Google Scholar 

  4. Caballero, J., et al.: Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities. In: 2012 International Symposium on Software Testing and Analysis (ISSTA 2012), pp. 133–143 (2012)

    Google Scholar 

  5. Nethercote, N., Seward, J.: Valgrind: a framework for heavyweight dynamic binary instrumentation. In: 28th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2007), pp. 89–100 (2007)

    Google Scholar 

  6. Bruening, D., Zhao, Q.: Practical memory checking with Dr. memory. In: 9th Annual IEEE/ACM International Symposium on Code Generation and Optimization, pp. 213–223 (2011)

    Google Scholar 

  7. Lee, B., et al.: Preventing use-after-free with dangling pointers nullification. In: 2015 Network and Distributed System Security Symposium (NDSS) (2015)

    Google Scholar 

  8. GFlags and PageHeap. https://msdn.microsoft.com/en-us/library/windows/hardware/ff549561%28v=vs.85%29.aspx

  9. Electric Fence. http://elinux.org/Electric_Fence

  10. D.U.M.A. - Detect Unintended Memory Access. http://duma.sourceforge.net/

  11. Younan, Y.: FreeSentry: protecting against use-after-free vulnerabilities due to dangling pointers. In: 2015 Network and Distributed System Security Symposium (NDSS) (2015)

    Google Scholar 

  12. Zhang, C., et al.: VTint: protecting virtual function tables’ integrity. In: 22nd Annual Network and Distributed System Security Symposium (NDSS) (2015)

    Google Scholar 

  13. Gawlik, R., Holz, T.: Towards automated integrity protection of C++ virtual function tables in binary programs. In: 30th Annual Computer Security Applications Conference (ACSAC 2014), pp. 396–405 (2014)

    Google Scholar 

  14. Novark, G., Berger, E.D.: DieHarder: securing the heap. In: 17th ACM Conference on Computer and Communications Security (CCS 2010), pp. 573–584 (2010)

    Google Scholar 

  15. Tang, J.: Isolated heap for internet explorer helps mitigate uaf exploits. http://blog.trendmicro.com/trendlabs-security-intelligence/isolated-heap-for-internet-explorer-helps-mitigate-uaf-exploits/

  16. Tang, J.: Mitigating uaf exploits with delay free for internet explorer. http://blog.trendmicro.com/trendlabs-security-intelligence/mitigating-uaf-exploits-with-delay-free-for-internet-explorer/

  17. Security Intelligence, Understanding IE’s New Exploit Mitigations: The Memory Protector and the Isolated Heap. https://securityintelligence.com/understanding-ies-new-exploit-mitigations-the-memory-protector-and-the-isolated-heap/

  18. Security Week: Microsoft’s Use-After-Free Mitigations Can Be Bypassed: Researcher. http://www.securityweek.com/microsofts-use-after-free-mitigations-can-be-bypassed-researcher

  19. Hariri, A.-A., et al.: Abusing Silent Mitigations - Understanding Weaknesses Within Internet Explorers Isolated Heap and MemoryProtection. https://www.blackhat.com/us-15/briefings.html

Download references

Acknowledgement

This research was partially supported by Grant-in-Aid for Scientific Research 16H02829.

Author information

Authors and Affiliations

  1. Graduate School of Natural Science and Technology, Okayama University, 3-1-1 Tsushima-naka, Kita-ku, Okayama, 700-8530, Japan

    Toshihiro Yamauchi & Yuta Ikegami

Authors
  1. Toshihiro Yamauchi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yuta Ikegami
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Toshihiro Yamauchi .

Editor information

Editors and Affiliations

  1. Central China Normal University , Wuhan, China

    Jiageng Chen

  2. Università degli Studi di Milano , Crema (CR), Italy

    Vincenzo Piuri

  3. Osaka University , Osaka, Japan

    Chunhua Su

  4. Columbia University , New York, New York, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Yamauchi, T., Ikegami, Y. (2016). HeapRevolver: Delaying and Randomizing Timing of Release of Freed Memory Area to Prevent Use-After-Free Attacks. In: Chen, J., Piuri, V., Su, C., Yung, M. (eds) Network and System Security. NSS 2016. Lecture Notes in Computer Science(), vol 9955. Springer, Cham. https://doi.org/10.1007/978-3-319-46298-1_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-46298-1_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-46297-4

  • Online ISBN: 978-3-319-46298-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation