Preventing Use-after-free with Dangling Pointers Nullification
Download: Paper (PDF)
Date: 8 Feb 2015
Document Type: Briefing Papers
Additional Documents: Slides
Associated Event: NDSS Symposium 2015
Many system components and network applications are written in the unsafe C/C++ languages, and there have been countless cases where simple mistakes by developers resulted in memory corruption vulnerabilities and consequently security exploits. While there have been tremendous research efforts to mitigate these vulnerabilities, use-after-free still remains one of the most critical and popular attack vectors because existing proposals have not adequately addressed the challenging program analysis and runtime performance issues. In this paper, we present DangNull, a system that detects temporal memory safety violations, in particular, use-after-free or double-free, during runtime. DangNull relies on the key observation that the root cause of these violations is that the pointers are not nullified after the target object is freed. Based on this observation, DangNull automatically traces the object’s relationships via pointers, and automatically nullifies all pointers when the target object is freed. DangNull offers several benefits. First, DangNull addresses the origin (or, the root cause) of temporal memory safety violations. That is, it does not rely on the side effects of violations, which vary and may be masked by attacks. Thus, DangNull is effective against even the most sophisticated exploitation techniques. Second, DangNull checks the object relationship information using runtime object range analysis on pointers, and thus is able to keep track of pointer semantics more robustly even in complex and large scale software. Lastly, DangNull does not require numerous explicit sanity checks on memory access because it can detect a violation with implicit exception handling, and thus its detection capabilities only incur moderate performance overheads.