TY  - JOUR
T1  - Operating System Support-Based Prevention Mechanism for Use-After-Free Attacks on the Glibc Memory Allocator
AU  - Park, Chanyoung 
AU  - Lee, Jaehyu 
AU  - Kim, Daeyeon 
AU  - Moon, Hyungon 
JO  - Journal of KIISE, JOK
PY  - 2023
DA  - 2023/1/14
DO  - 10.5626/JOK.2023.50.7.541
KW  - dangling pointer
KW  - mark-and-sweep
KW  - operating system support
AB  - Use-after-free is a longstanding memory safety problem that causes many security-critical software vulnerabilities. The importance of this problem has motivated the development of numerous mitigation and prevention mechanisms. A class of these mechanisms mimics garbage collectors to prevent use-after-free. The mechanisms delay freeing a heap chunk until they verify the absence of dangling pointers to the chunk. An earlier work, MarkUs, has demonstrated that this delayed-free approach could be implemented with relatively low overhead on many benchmarks. We go further in this direction and present MarKern, a delayed-free mechanism for use-after-free prevention backed by the operating system’s kernel-level support. MarkKern discovers limitations caused by existing Mark-and-Sweep approach implemented only at the user level and solves them through kernel-level supports. Moreover, unlike existing approaches, MarkKern supports the glibc(GNU C Library) Allocator. MarKern addresses these problems with the help of kernel-level support, thereby preventing use-after-free for a program running with the glibc malloc with 18.50% overhead in execution time on average(geometric mean).