Top of the Heap: Efficient Memory Error Protection for Many Heap Objects
- URL: http://arxiv.org/abs/2310.06397v1
- Date: Tue, 10 Oct 2023 08:04:08 GMT
- Title: Top of the Heap: Efficient Memory Error Protection for Many Heap Objects
- Authors: Kaiming Huang, Mathias Payer, Zhiyun Qian, Jack Sampson, Gang Tan, Trent Jaeger,
- Abstract summary: We propose a solution for heap memory safety enforcement that aims to provide comprehensive protection from memory errors efficiently.
We present the Uriah system that statically validates spatial and type memory safety for heap objects.
We show that Uriah only incurs 2.9% overhead and only uses 9.3% more memory on SPEC CPU2006 (C/C++) benchmarks.
- Score: 37.992322891101374
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Exploits against heap memory errors continue to be a major concern. Although many defenses have been proposed, heap data are not protected from attacks that exploit memory errors systematically. Research defenses focus on complete coverage of heap objects, often giving up on comprehensive memory safety protection and/or incurring high costs in performance overhead and memory usage. In this paper, we propose a solution for heap memory safety enforcement that aims to provide comprehensive protection from memory errors efficiently by protecting those heap objects whose accesses are provably safe from memory errors. Specifically, we present the Uriah system that statically validates spatial and type memory safety for heap objects, isolating compliant objects on a safe heap that enforces temporal type safety to prevent attacks on memory reuse. Using Uriah, 71.9% of heap allocation sites can be shown to produce objects (73% of allocations are found safe) that satisfy spatial and type safety, which are then isolated using Uriah's heap allocator from memory accesses via unsafe heap objects. Uriah only incurs 2.9% overhead and only uses 9.3% more memory on SPEC CPU2006 (C/C++) benchmarks, showing that many heap objects can be protected from all classes of memory errors efficiently.
Related papers
- CAMP: Compiler and Allocator-based Heap Memory Protection [23.84729234219481]
We present CAMP, a new sanitizer for detecting and capturing heap memory corruption.
CAMP enables various compiler optimization strategies and thus eliminates redundant and unnecessary check instrumentation.
Our evaluation and comparison of CAMP with existing tools, using both real-world applications and SPEC CPU benchmarks, show that it provides even better heap corruption detection capability with lower runtime overhead.
arXiv Detail & Related papers (2024-06-04T19:37:41Z) - ShadowBound: Efficient Heap Memory Protection Through Advanced Metadata Management and Customized Compiler Optimization [24.4696797147503]
heap corruption poses severe threats to system security.
We present ShadowBound, a unique heap memory protection design.
We implement ShadowBound atop the LLVM framework and integrated three state-of-the-art use-after-free defenses.
arXiv Detail & Related papers (2024-06-04T07:02:53Z) - SeMalloc: Semantics-Informed Memory Allocator [18.04397502953383]
Use-after-free (UAF) is a critical and prevalent problem in memory unsafe languages.
We show one way to balance the trinity by passing more semantics about the heap object to the allocator.
In SeMalloc, only heap objects allocated from the same call site and via the same function call stack can possibly share a virtual memory address.
arXiv Detail & Related papers (2024-02-02T21:02:15Z) - XMem: Long-Term Video Object Segmentation with an Atkinson-Shiffrin
Memory Model [137.50614198301733]
We present XMem, a video object segmentation architecture for long videos with unified feature memory stores.
We develop an architecture that incorporates multiple independent yet deeply-connected feature memory stores.
XMem greatly exceeds state-of-the-art performance on long-video datasets.
arXiv Detail & Related papers (2022-07-14T17:59:37Z) - Recurrent Dynamic Embedding for Video Object Segmentation [54.52527157232795]
We propose a Recurrent Dynamic Embedding (RDE) to build a memory bank of constant size.
We propose an unbiased guidance loss during the training stage, which makes SAM more robust in long videos.
We also design a novel self-correction strategy so that the network can repair the embeddings of masks with different qualities in the memory bank.
arXiv Detail & Related papers (2022-05-08T02:24:43Z) - CryptSan: Leveraging ARM Pointer Authentication for Memory Safety in
C/C++ [0.9208007322096532]
CryptSan is a memory safety approach based on ARM Pointer Authentication.
We present a full LLVM-based prototype implementation, running on an M1 MacBook Pro.
This, together with its interoperability with uninstrumented libraries and cryptographic protection against attacks on metadata, makes CryptSan a viable solution for retrofitting memory safety to C/C++ programs.
arXiv Detail & Related papers (2022-02-17T14:04:01Z) - ObjectSeeker: Certifiably Robust Object Detection against Patch Hiding
Attacks via Patch-agnostic Masking [95.6347501381882]
Object detectors are found to be vulnerable to physical-world patch hiding attacks.
We propose ObjectSeeker as a framework for building certifiably robust object detectors.
arXiv Detail & Related papers (2022-02-03T19:34:25Z) - CGuard: Efficient Spatial Safety for C [0.5249805590164903]
We present CGuard, a tool that provides object-bounds protection for C applications with comparable overheads to SGXBounds without restricting the application address space.
CGuard stores the bounds information just before the base address of an object and encodes the relative offset of the base address in the spare bits of the virtual address available in x86_64 architecture.
arXiv Detail & Related papers (2021-07-22T09:09:37Z) - Memory-guided Unsupervised Image-to-image Translation [54.1903150849536]
We present an unsupervised framework for instance-level image-to-image translation.
We show that our model outperforms recent instance-level methods.
arXiv Detail & Related papers (2021-04-12T03:02:51Z) - DMV: Visual Object Tracking via Part-level Dense Memory and Voting-based
Retrieval [61.366644088881735]
We propose a novel memory-based tracker via part-level dense memory and voting-based retrieval, called DMV.
We also propose a novel voting mechanism for the memory reading to filter out unreliable information in the memory.
arXiv Detail & Related papers (2020-03-20T10:05:30Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.