On-Demand Proactive Defense against Memory Vulnerabilities - Network and Parallel Computing
Conference Papers Year : 2013

On-Demand Proactive Defense against Memory Vulnerabilities

Abstract

Memory vulnerabilities have severely affect system security and availability. Although there are a number of solutions proposed to defense against memory vulnerabilities, most of existing solutions protect the entire life cycle of the application or survive attacks after detecting attacks. This paper presents OPSafe, a system that make applications safely survive memory vulnerabilities for a period of time from the starting or in runtime with users’ demand. OPSafe can provide a hot-portable Green Zone of any size with users’ demand, where all the subsequent allocated memory objects including stack objects and heap objects are reallocated and safely managed in a protected memory area. When users open the green zone, OPSafe uses a comprehensive memory management in the protected memory area to adaptively allocate buffers with multiple times of their defined sizes and randomly place them. Combined with objects free masking techniques, OPSafe can avoid overrunning each other and dangling pointer errors as well as double free or invalid free errors. Once closing the green zone, OPSafe clears away all objects in the protected area and then frees the protected area. We have developed a Linux prototype and evaluated it using four applications which contains a wide range of vulnerabilities. The experimental results show that OPSafe can conveniently create and destruct a hot-portable green zone where the vulnerable application can survive crashes and eliminate erroneous execution.
Fichier principal
Vignette du fichier
978-3-642-40820-5_31_Chapter.pdf (403.83 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01513762 , version 1 (25-04-2017)

Licence

Identifiers

Cite

Gang Chen, Hai Jin, Deqing Zou, Weiqi Dai. On-Demand Proactive Defense against Memory Vulnerabilities. 10th International Conference on Network and Parallel Computing (NPC), Sep 2013, Guiyang, China. pp.368-379, ⟨10.1007/978-3-642-40820-5_31⟩. ⟨hal-01513762⟩
109 View
122 Download

Altmetric

Share

More