Operating System Support-Based Prevention Mechanism for Use-After-Free Attacks on the Glibc Memory Allocator

Chanyoung Park, Jaehyu Lee, Daeyeon Kim, Hyungon Moon

http://doi.org/10.5626/JOK.2023.50.7.541

Use-after-free is a longstanding memory safety problem that causes many security-critical software vulnerabilities. The importance of this problem has motivated the development of numerous mitigation and prevention mechanisms. A class of these mechanisms mimics garbage collectors to prevent use-after-free. The mechanisms delay freeing a heap chunk until they verify the absence of dangling pointers to the chunk. An earlier work, MarkUs, has demonstrated that this delayed-free approach could be implemented with relatively low overhead on many benchmarks. We go further in this direction and present MarKern, a delayed-free mechanism for use-after-free prevention backed by the operating system’s kernel-level support. MarkKern discovers limitations caused by existing Mark-and-Sweep approach implemented only at the user level and solves them through kernel-level supports. Moreover, unlike existing approaches, MarkKern supports the glibc(GNU C Library) Allocator. MarKern addresses these problems with the help of kernel-level support, thereby preventing use-after-free for a program running with the glibc malloc with 18.50% overhead in execution time on average(geometric mean).