Sciweavers

ASPLOS
2006
ACM

Comprehensively and efficiently protecting the heap

14 years 3 months ago
Comprehensively and efficiently protecting the heap
The goal of this paper is to propose a scheme that provides comprehensive security protection for the heap. Heap vulnerabilities are increasingly being exploited for attacks on computer programs. In most implementations, the heap management library keeps the heap meta-data (heap structure information) and the application's heap data in an interleaved fashion and does not protect them against each other. Such implementations are inherently unsafe: vulnerabilities in the application can cause the heap library to perform unintended actions to achieve control-flow and non-control attacks. Unfortunately, current heap protection techniques are limited in that they use too many assumptions on how the attacks will be performed, require new hardware support, or require too many changes to the software developers' toolchain. We propose Heap Server, a new solution that does not have such drawbacks. Through existing virtual memory and inter-process protection mechanisms, Heap Server pre...
Mazen Kharbutli, Xiaowei Jiang, Yan Solihin, Guru
Added 20 Aug 2010
Updated 20 Aug 2010
Type Conference
Year 2006
Where ASPLOS
Authors Mazen Kharbutli, Xiaowei Jiang, Yan Solihin, Guru Venkataramani, Milos Prvulovic
Comments (0)