Use-After-Free Vulnerabilities Protection Based On Multi-level Pointers

Highly efficient languages enable low-level control over memory,such as C/C++,which can improve the efficiency of the program.However,C/C++ lacks the detection of pointer legality.When a program developer calls an explicit release function,it cannot guarantee that all related pointers are in an invalid state.Therefore,these illegal pointers may cause some memory security-related vulnerabilities.Dangling pointers,which are pointers that do not point to a valid object of the appropriate type.A dangling pointer itself does not cause any memory safety problem,but accessing memory via a dangling pointer is the main reason for use-after-free vulnerabilities.Use-after-free can result in serious problems such as information leakage and arbitrary code execution.The threat of use-after-free vulnerabilities has become more and more serious due to their high level of the severity and quick emergence of the number.According to the characteristics of the use-after-free,MPChecker(Multi-level Pointer Checker)dynamically prevent use-after-free exploits and attacks based on multi-level pointers.First,the relationship between a heap object,and the related pointers pointing to it,is established by combing with intermediate pointers.Then,all of the accesses to this object via its related pointers can only be achieved through these intermediate pointers.Finally,to prevent the dangling pointers from being dereferenced to this object,all the intermediate pointers related to this object are invalidated when it is freed,so that any access to a freed object can be prevented due to the invalidated intermediate pointers.The evaluation results show that MPChecker can prevent use-after-free exploits and attacks for C/C++ multi-threaded programs.Compared with the related methods,MPChecker can protect pointers that are copied in a type-unsafe way.In addition,it can also defend against dangling pointers located on the whole memory including the stack,the heap,and global memory,rather than the heap only.The performance and memory evaluation of MPChecker with some benchmarks show that the average performance and memory overhead are 62% and 106%,respectively.At the same time,multithreaded program evaluation shows that the performance and memory cost does not increase significantly with the increase of the number of threads,MPChecker has advantages in multithreaded program.