Sciweavers

ISSTA
2012
ACM

Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities

12 years 2 months ago
Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities
Use-after-free vulnerabilities are rapidly growing in popularity, especially for exploiting web browsers. Use-afterfree (and double-free) vulnerabilities are caused by a program operating on a dangling pointer. In this work we propose early detection, a novel runtime approach for finding and diagnosing use-after-free and double-free vulnerabilities. While previous work focuses on the creation of the vulnerability (i.e., the use of a dangling pointer), early detection shifts the focus to the creation of the dangling pointer(s) at the root of the vulnerability. Early detection increases the effectiveness of testing by identifying unsafe dangling pointers in executions where they are created but not used. It also accelerates vulnerability analysis and minimizes the risk of incomplete fixes, by automatically collecting information about all dangling pointers involved in the vulnerability. We implement our early detection technique in a tool called Undangle. We evaluate Undangle for vuln...
Juan Caballero, Gustavo Grieco, Mark Marron, Anton
Added 28 Sep 2012
Updated 28 Sep 2012
Type Journal
Year 2012
Where ISSTA
Authors Juan Caballero, Gustavo Grieco, Mark Marron, Antonio Nappa
Comments (0)