CRCount: Pointer Invalidation with Reference Counting to Mitigate Use-after-free in Legacy C/C++, Network and Distributed System Security Symposium (NDSS), Feb. 2019 > International Papers

[SW Security] CRCount: Pointer Invalidation with Reference Counting to Mitigate Use-after-free in Legacy C/C++, Network and Distributed System Security Symposium (NDSS), Feb. 2019

0
0
Print
11-07

CRCount: Pointer Invalidation with Reference Counting to Mitigate Use-after-free in Legacy C/C++, Network and Distributed System Security Symposium (NDSS) 2019

Jangseop Shin, Donghyun Kwon, Jiwon Seo, Yeongpil Cho, Yunheung Paek

본 논문은 C/C++ 프로그램에 대한 공격으로 많이 사용되는 Use-after-free 취약점에 대한 방어 기법을 제안한다. 이를 위해 컴파일 단계에서 코드를 수정하여 Heap object에 대한 Reference Counting을 수행하여 이를 통해 Heap object의 해제를 dangling pointer가 없어질 때까지 지연시킨다. 또한 실험을 통해 이 approach의 효율성을 보여주었다.

0
0

International Papers

SW Security Instant OS Updates via Userspace Checkpoint-and-Restart, USENIX Annual Technical Conference (ATC), June 2016

SW Security Hardware-Assisted On-Demand Hypervisor Activation for Efficient Security Critical Code Execution on Mobile Devices, USENIX Annual Technical Conference(ATC), Jun 2016 (Acceptance rate: 19%)

SW Security TrackMeOrNot: Enabling Flexible Control on Web Tracking, International Conference on World Wide Web (WWW), April 2016

SW Security Enforcing Kernel Security Invariants with Data Flow Integrity, Network and Distributed System Security Symposium (NDSS), Feb 2016

SW Security ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks, ACM Conference on Computer and Communications Security (CCS), Oct 2015

SW Security Cross-checking Semantic Correctness: The Case of Finding File System Bugs, ACM Symposium on Operating Systems Principles (SOSP), Oct 2015

SW Security Type Casting Verification: Stopping an Emerging Attack Vector, Usenix Security Symposium (Security), August 2015

SW Security Understanding Malvertising Through Ad-Injecting Browser Extensions, International Conference on World Wide Web (WWW), May 2015

SW Security Preventing Use-after-free with Dangling Pointers Nullification, Network and Distributed System Security Symposium (NDSS), Feb 2015

SW Security From Zygote to Morula: Fortifying weakened ASLR on Android, IEEE Symposium on Security and Privacy (Oakland), May 2014

SW Security Protecting Location Privacy Using Location Semantics, ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD), August 2011

SW Security binOb+: A Framework for Potent and Stealthy Binary Obfuscation, ACM Symposium on Information, Computer and Communications Security (ASIACCS), April 2010