dieharder (ccs 2010, woot 2011)
DESCRIPTION
Heap-based attacks depend on a combination of memory management errors and an exploitable memory allocator. Many allocators include ad hoc countermeasures against particular exploits, but their effectiveness against future exploits has been uncertain.This paper presents the first formal treatment of the impact of allocator design on security. It analyzes a range of widely-deployed memory allocators, including those used by Windows, Linux, FreeBSD, and OpenBSD, and shows that they remain vulnerable to attack. It then presents DieHarder, a new allocator whose design was guided by this analysis. DieHarder provides the highest degree of security from heap-based attacks of any practical allocator of which we are aware, while imposing modest performance overhead. In particular, the Firefox web browser runs as fast with DieHarder as with the Linux allocator.TRANSCRIPT
UNIVERSITY OF MASSACHUSETTS, AMHERST • Department of Computer Science
Gene Novark & Emery Berger University of Massachusetts, Amherst
DIEHARDER: SECURING THE HEAP
[originally presented at CCS 2011]
UNIVERSITY OF MASSACHUSETTS, AMHERST • Department of Computer Science
DieHard: ProbabilisFc Memory Safety for C/C++ Programs [PLDI 2005]
Direct inspira4on for Windows 7’s Fault-‐Tolerant Heap (2009)
UNIVERSITY OF MASSACHUSETTS, AMHERST • Department of Computer Science
DieHard: ProbabilisFc Memory Safety for C/C++ Programs [PLDI 2005]
Direct inspira4on for Windows 7’s Fault-‐Tolerant Heap (2009)
14
15
16
17
20
23
24
25
26
27
28
29
30
31
32
sensitive data / metadata
33
All data / metadata sensitive
sensitive data / metadata
34
guard / unmapped page
35
guard / unmapped page
36
37
38
39
Address-‐space layout randomization
object free space
heap metadata
object free space prev. object
object size
heap metadata (GNU libc, others)
object free space
heap metadata
x
object free space
heap metadata
x
44
45
46
47
48
49
50
51
≈ 4-5 bits of entropy
52
53
Maximal entropy: log N bits (e.g., ≈ 25-30)
54
44.2 sec
44.2 sec 41.6 sec
UNIVERSITY OF MASSACHUSETTS, AMHERST • Department of Computer Science
Gene Novark & Emery Berger University of Massachusetts, Amherst
DIEHARDER: SECURING THE HEAP