Preventing Use-after-free with Dangling Pointers Nullification

Abstract

Many system components and network applications are written in languages that are prone to memory corruption vulnerabilities. There have been countless cases where simple mistakes by developers resulted in memory corruption vulnerabilities and consequently security exploits. While there have been tremendous research efforts to mitigate these vulnerabilities, use-after-free still remains one of the most critical and popular attack vectors because existing proposals have not adequately addressed the challenging program analysis and runtime performance issues.

In this paper we present DangNull, a system that detects temporal memory safety violations — in particular, use-after-free and double-free — during runtime. DangNull relies on the key observation that the root cause of these violations is that pointers are not nullified after the target object is freed. Based on this observation, DangNull automatically traces the object’s relationships via pointers and automatically nullifies all pointers when the target object is freed. DangNull offers several benefits. First, DangNull addresses the root cause of temporal memory safety violations. It does not rely on the side effects of violations, which can vary and may be masked by attacks. Thus, DangNull is effective against even the most sophisticated exploitation techniques. Second, DangNull checks object relationship information using runtime object range analysis on pointers, and thus is able to keep track of pointer semantics more robustly even in complex and large scale software. Lastly, DangNull does not require numerous explicit sanity checks on memory accesses because it can detect a violation with implicit exception handling, and thus its detection capabilities only incur moderate performance overhead.

Publication
Proceedings of the 2015 Annual Network and Distributed System Security Symposium (NDSS)