Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ISSTA
2012
ACM
2012
ACM
Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities
Use-after-free vulnerabilities are rapidly growing in popularity, especially for exploiting web browsers. Use-afterfree (and double-free) vulnerabilities are caused by a program operating on a dangling pointer. In this work we propose early detection, a novel runtime approach for finding and diagnosing use-after-free and double-free vulnerabilities. While previous work focuses on the creation of the vulnerability (i.e., the use of a dangling pointer), early detection shifts the focus to the creation of the dangling pointer(s) at the root of the vulnerability. Early detection increases the effectiveness of testing by identifying unsafe dangling pointers in executions where they are created but not used. It also accelerates vulnerability analysis and minimizes the risk of incomplete fixes, by automatically collecting information about all dangling pointers involved in the vulnerability. We implement our early detection technique in a tool called Undangle. We evaluate Undangle for vuln...
Real-time Traffic| Added | 28 Sep 2012 |
| Updated | 28 Sep 2012 |
| Type | Journal |
| Year | 2012 |
| Where | ISSTA |
| Authors | Juan Caballero, Gustavo Grieco, Mark Marron, Antonio Nappa |
Comments (0)
Researcher Info
|
