DangZero
| Autor: | Floris Gorter, Koen Koning, Herbert Bos, Cristiano Giuffrida |
|---|---|
| Přispěvatelé: | Systems and Network Security, Network Institute, Computer Systems |
| Rok vydání: | 2022 |
| Předmět: | |
| Zdroj: | Gorter, F, Koning, K, Bos, H & Giuffrida, C 2022, DangZero: Efficient Use-After-Free Detection via Direct Page Table Access . in CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security . Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery, pp. 1307-1321, 28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022, Los Angeles, United States, 7/11/22 . https://doi.org/10.1145/3548606.3560625 CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 1307-1321 STARTPAGE=1307;ENDPAGE=1321;TITLE=CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security |
| Popis: | Use-after-free vulnerabilities remain difficult to detect and mitigate, making them a popular source of exploitation. Existing solutions incur impractical performance/memory overhead, require specialized hardware, and/or guarantee only protection, but not detection. In this paper, we propose DangZero, a new solution to detect use-after-free vulnerabilities as they occur. DangZero builds on a traditional page protection and aliasing scheme, where objects are made inaccessible after a free, and subsequent accesses are immediately detected. In contrast to prior solutions using alias-based detection, DangZero relies on direct page table access in ring 0 to provide a much more efficient implementation. The key idea is that, by giving the program's allocator direct access to the page tables, we can efficiently manage and invalidate vulnerable objects. To safely implement this, we build upon a unikernel-like design, where virtualization provides ring-0 (guest-mode) access, isolation, as well as compatibility with existing Linux programs. Moreover, we show direct page table access serves as an efficient building block for garbage collection-style alias reclaiming. Doing so provides the ability to safely reuse freed areas and address the scalability issues plaguing state-of-the-art alias-based solutions. Our experimental results confirm that DangZero provides accurate detection guarantees with significantly lower overhead than competing state-of-the-art solutions (e.g., 18% saturated throughput degradation on long-running programs such as the Nginx web server). |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|