Title

FreeGuard: A Faster Secure Heap Allocator

Author USMA Department

Electrical Engineering and Computer Science

Document Type

Conference Proceeding

Publication Date

Fall 10-30-2017

Keywords

Memory Safety, Heap Allocator, Memory Vulnerabilities, Computer security and privacy, Software security engineering, Operating systems security, Allocation / deallocation strategies

Abstract

In spite of years of improvements to software security, heap-related attacks still remain a severe threat. One reason is that many existing memory allocators fall short in a variety of aspects. For instance, performance-oriented allocators are designed with very limited countermeasures against attacks, but secure allocators generally suffer from significant performance overhead, e.g., running up to 10× slower. This paper, therefore, introduces FreeGuard, a secure memory allocator that prevents or reduces a wide range of heap-related attacks, such as heap overflows, heap over-reads, use-after-frees, as well as double and invalid frees. FreeGuard has similar performance to the default Linux allocator, with less than 2% overhead on average, but provides significant improvement to security guarantees. FreeGuard also addresses multiple implementation issues of existing secure allocators, such as the issue of scalability. Experimental results demonstrate that FreeGuard is very effective in defending against a variety of heap-related attacks.

First Page

2389

Last Page

2403

Conference Name

ACM SIGSAC Conference on Computer and Communications Security

Conference Location

Dallas, Texas

Conference Dates

10-30-2017

Share

COinS