Detecting and Preventing Memory Vulnerabilities in Production Software

Date

2019

Authors

Silvestro, Sam

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

Due to the on-going threats posed by common memory errors, this thesis proposes a set of frameworks in order to defeat their associated vulnerabilities in a production environment. To meet the unique challenges necessary for use in the deployed environment, any solutions must satisfy the requirements of performance, transparency, and ease-of-use. This dissertation explores four such frameworks:(1) FreeGuard, a faster secure heap allocator, provides significantly better performance than other secure allocators, as well as a much stronger security guarantee than the default Linux library.(2) Guarder, a tunable secure allocator, provides stable and customizable randomization entropy, in addition to a full range of heap security features, including heap over-provisioning. Tunable parameters are easily configurable via the execution environment.(3) Sampler, a library designed to detect common memory errors. Due to the use of PMU-based sampling, performance overhead is greatly reduced, enabling its deployment in the production environment. Sampler is similarly customizable in terms of its performance and memory overhead.(4) Guarder+, a NUMA-aware secure allocator that structures the application heap such that node-local objects are served to each thread, avoiding inefficient remote memory accesses via the interconnect bus. At the same time, Guarder+ provides a full set of security features in order to guard against the exploitation of common memory vulnerabilities. Each of these works satisfy the requirements for maximum performance efficiency, transparency, and ease-of-use by serving as low overhead (all < 3% overhead on average, using default settings), drop-in/replacement dynamic libraries; further, they require no modification or recompilation of applications, nor custom hardware support.

Description

This item is available only to currently enrolled UTSA students, faculty or staff. To download, navigate to Log In in the top right-hand corner of this screen, then select Log in with my UTSA ID.

Keywords

Citation

Department

Computer Science