Show simple item record

dc.contributor.authorErdos, M
dc.contributor.authorAinsworth, S
dc.contributor.authorJones, TM
dc.date.accessioned2022-01-28T00:30:33Z
dc.date.available2022-01-28T00:30:33Z
dc.date.issued2022
dc.identifier.isbn9781450392051
dc.identifier.urihttps://www.repository.cam.ac.uk/handle/1810/332968
dc.description.abstractLow-level languages, which require manual memory management from the programmer, remain in wide use for performance-critical applications. Memory-safety bugs are common, and now a major source of exploits. In particular, a use-after-free bug occurs when an object is erroneously deallocated, whilst pointers to it remain active in memory, and those (dangling) pointers are later used to access the object. An attacker can reallocate the memory area backing an erroneously freed object, then overwrite its contents, injecting carefully chosen data into the host program, thus altering its execution and achieving privilege escalation. We present MineSweeper, a system to mitigate use-after-free vulnerabilities by retaining freed allocations in a quarantine, until no pointers to them remain in program memory, thus preventing their reallocation until it is safe. MineSweeper performs efficient linear sweeps of memory to identify quarantined items that have no dangling pointers to them, and thus can be safely reallocated. This allows MineSweeper to be significantly more efficient than previous transitive marking procedure techniques. MineSweeper, attached to JeMalloc, improves security at an acceptable overhead in memory footprint (11.1% on average) and an execution-time cost of only 5.4% (geometric mean for SPEC CPU2006), with 9.6% additional threaded CPU usage. These figures considerably improve on the state-of-the-art for non-probabilistic drop-in temporal-safety systems, and make MineSweeper the only such scheme suitable for deployment in real-world production environments.
dc.publisherACM
dc.rightsAll Rights Reserved
dc.rights.urihttp://www.rioxx.net/licenses/all-rights-reserved
dc.titleMineSweeper: A Clean sweepž for drop-in use-After-free prevention
dc.typeConference Object
dc.publisher.departmentDepartment of Computer Science And Technology
dc.date.updated2022-01-26T14:08:03Z
prism.publicationNameInternational Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS
dc.identifier.doi10.17863/CAM.80392
dcterms.dateAccepted2022-01-09
rioxxterms.versionofrecord10.1145/3503222.3507712
rioxxterms.versionAM
dc.contributor.orcidJones, Timothy M. [0000-0002-4114-7661]
pubs.funder-project-idEngineering and Physical Sciences Research Council (EP/K026399/1)
pubs.funder-project-idEngineering and Physical Sciences Research Council (EP/P020011/1)
cam.issuedOnline2022-02-22
datacite.issupplementedby.urlhttps://doi.org/10.17863/CAM.78150
pubs.conference-nameASPLOS '22: 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems
pubs.conference-start-date2022-02-28
cam.orpheus.successWed Mar 23 10:26:26 GMT 2022 - Embargo updated
cam.orpheus.counter2
cam.depositDate2022-01-26
pubs.conference-finish-date2022-03-04
pubs.licence-identifierapollo-deposit-licence-2-1
pubs.licence-display-nameApollo Repository Deposit Licence Agreement
rioxxterms.freetoread.startdate2023-02-28


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record