TY - GEN
T1 - HeapTherapy+
T2 - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019
AU - Zeng, Qiang
AU - Kayas, Golam
AU - Mohammed, Emil
AU - Luo, Lannan
AU - Du, Xiaojiang
AU - Rhee, Junghwan
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/6
Y1 - 2019/6
N2 - Exploitation of heap vulnerabilities has been on the rise, leading to many devastating attacks. Conventional heap patch generation is a lengthy procedure requiring intensive manual efforts. Worse, fresh patches tend to harm system dependability, hence deterring users from deploying them. We propose a heap patching system HEAPTHERAPY+ that simultaneously has the following prominent advantages: (1) generating patches without manual efforts; (2) installing patches without altering the code (so called code-less patching); (3) handling various heap vulnerability types; (4) imposing a very low overhead; and (5) no dependency on specific heap allocators. As a separate contribution, we propose targeted calling context encoding, which is a suite of algorithms for optimizing calling context encoding, an important technique with applications in many areas. The system properly combines heavyweight offline attack analysis with lightweight online defense generation, and provides a new countermeasure against heap attacks. The evaluation shows that the system is effective and efficient.
AB - Exploitation of heap vulnerabilities has been on the rise, leading to many devastating attacks. Conventional heap patch generation is a lengthy procedure requiring intensive manual efforts. Worse, fresh patches tend to harm system dependability, hence deterring users from deploying them. We propose a heap patching system HEAPTHERAPY+ that simultaneously has the following prominent advantages: (1) generating patches without manual efforts; (2) installing patches without altering the code (so called code-less patching); (3) handling various heap vulnerability types; (4) imposing a very low overhead; and (5) no dependency on specific heap allocators. As a separate contribution, we propose targeted calling context encoding, which is a suite of algorithms for optimizing calling context encoding, an important technique with applications in many areas. The system properly combines heavyweight offline attack analysis with lightweight online defense generation, and provides a new countermeasure against heap attacks. The evaluation shows that the system is effective and efficient.
KW - Heap memory safety
KW - automatic patch generation
KW - calling context encoding
KW - dynamic analysis
UR - http://www.scopus.com/inward/record.url?scp=85072100377&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85072100377&partnerID=8YFLogxK
U2 - 10.1109/DSN.2019.00060
DO - 10.1109/DSN.2019.00060
M3 - Conference contribution
AN - SCOPUS:85072100377
T3 - Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019
SP - 530
EP - 542
BT - Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019
Y2 - 24 June 2019 through 27 June 2019
ER -