Applying machinemodel-aided countermeasure design to improve memory allocator security
نویسندگان
چکیده
This paper is a companion paper for the talk that will be presented at the 22nd Chaos Communication Congress. We will describe the background on how the results that we detail in the talk were achieved but will not substantially overlap with the talk. We will focus on a more structured approach to build countermeasures using a model of the execution environment. This machinemodel allows reasoning about countermeasures at a higher level and allows for a more effective design where possible shortcomings can be spotted more easily. The paper then describes how we applied this technique to design a countermeasure to protect memory allocators from heap-based attacks.
منابع مشابه
A Hardware Assisted High Performance PHK Memory Manager
Complex mechanisms for dynamic memory management and garbage collection are needed in modern imperative programming languages. Implementation of memory management functions efficiently both in terms of memory usage and execution performance becomes important for programs written in such languages. In this paper, we introduce a memory allocator that uses hardware assistance to improve the perfor...
متن کاملThe Slab Allocator: An Object-Caching Kernel Memory Allocator
This paper presents a comprehensive design overview of the SunOS 5.4 kernel memory allocator. This allocator is based on a set of object-caching primitives that reduce the cost of allocating complex objects by retaining their state between uses. These same primitives prove equally effective for managing stateless memory (e.g. data pages and temporary buffers) because they are space-efficient an...
متن کاملEfficient Protection Against Heap-Based Buffer Overflows Without Resorting to Magic
Bugs in dynamic memory management, including for instance heap-based buffer overflows and dangling pointers, are an important source of vulnerabilities in C and C++. Overwriting the management information of the memory allocation library is often a source of attack on these vulnerabilities. All existing countermeasures with low performance overhead rely on magic values or canaries. A secret val...
متن کاملDynamic Memory Allocator for Sensor Operating System Design and Analysis
Dynamic memory allocation is an important mechanism used in operating systems. An efficient dynamic memory allocator can improve the performance of operating systems. In wireless sensor networks, sensor nodes have miniature computing device, small memory space and very limited battery power. Therefore, it is important that sensor operating systems operate efficiently in terms of energy consumpt...
متن کاملA particle swarm optimization algorithm for minimization analysis of cost-sensitive attack graphs
To prevent an exploit, the security analyst must implement a suitable countermeasure. In this paper, we consider cost-sensitive attack graphs (CAGs) for network vulnerability analysis. In these attack graphs, a weight is assigned to each countermeasure to represent the cost of its implementation. There may be multiple countermeasures with different weights for preventing a single exploit. Also,...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2005