| Bufferoverflow is an intrinsic vulnerability in computing system. Adversaries could exploit kinds of bufferoverflow vulnerability to fullfil their malicious behavior, which includes peeping at the memory, hijack normal control flow, etc. In modern popular script runtime environment such as Javascript and Actionscript, there are quite a lot of heap bufferoverflow exploitation, which are seriously threating the security of the host. Adversaries could use a technique called defragmentation to obtain adjacent heap object, and make use of heap buffer overflow. Thus memory disclosure and control flow hijacking is achieved. On the other hand, there are many dangling pointer vulnerability in script environment, which could be exploited to conduct Use-After-Free attack. This is due to the predictable heap allocation strategy, in which adversaries could get the same space in heap when he request a heap object immediately after he release one with same size.Currently, there exists fine-grained ASLR to defend code reuse attack, but these techniques do not randomize heap space in fine granularity so that heap buffer overflow and dangling pointer could still be exploited to achieve malicious goals mentioned above. In this paper, the author will present a technique of heap randomization, which could make the whole heap space unpredictable. On such condition, adversaries could no longer exploit heap bufferoverflow vulnerability since they don’t know where to override. Thus, the attacks which rely on heap bufferoverflow would fail with high probability, those include Just-In-Time Code Reuse, Heap Feng Shui and Use-After-Free, etc. Finally, our evaluation shows that our approach is practical-when the effectiveness reaches 100%, 92%, respectively for heap buffer overflow attack and Use-After-Free attack, the runtime overhead is no more than 12.7% of time and 15.9% of space. |
PDF Full Text Request