TY - GEN
T1 - HeapSentry
T2 - 10th Conference on Detection of Intrusions and Malware and Vulnerability Assessment, DIMVA 2013
AU - Nikiforakis, Nick
AU - Piessens, Frank
AU - Joosen, Wouter
PY - 2013
Y1 - 2013
N2 - The last twenty years have witnessed the constant reaction of the security community to memory corruption attacks and the evolution of attacking techniques in order to circumvent the newly-deployed countermeasures. In this evolution, the heap of a process received little attention and thus today, the problem of heap overflows is largely unsolved. In this paper we present HeapSentry, a system designed to detect and stop heap overflow attacks through the cooperation of the memory allocation library of a program and the operating system's kernel. HeapSentry places unique random canaries at the end of each heap object which are later checked by the kernel, before system calls are allowed to proceed. HeapSentry operates on binaries (no source code needed) and has, by design, no false-positives. At the same time, the active involvement of the kernel provides stronger security guarantees than the current state of the art in heap protection mechanisms for a modest performance overhead.
AB - The last twenty years have witnessed the constant reaction of the security community to memory corruption attacks and the evolution of attacking techniques in order to circumvent the newly-deployed countermeasures. In this evolution, the heap of a process received little attention and thus today, the problem of heap overflows is largely unsolved. In this paper we present HeapSentry, a system designed to detect and stop heap overflow attacks through the cooperation of the memory allocation library of a program and the operating system's kernel. HeapSentry places unique random canaries at the end of each heap object which are later checked by the kernel, before system calls are allowed to proceed. HeapSentry operates on binaries (no source code needed) and has, by design, no false-positives. At the same time, the active involvement of the kernel provides stronger security guarantees than the current state of the art in heap protection mechanisms for a modest performance overhead.
UR - https://www.scopus.com/pages/publications/84881182032
U2 - 10.1007/978-3-642-39235-1_11
DO - 10.1007/978-3-642-39235-1_11
M3 - Conference contribution
AN - SCOPUS:84881182032
SN - 9783642392344
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 177
EP - 196
BT - Detection of Intrusions and Malware, and Vulnerability Assessment - 10th International Conference, DIMVA 2013, Proceedings
Y2 - 18 July 2013 through 19 July 2013
ER -