CRCount: Pointer Invalidation with Reference Counting to Mitigate Use-after-free in Legacy C/C++, Network and Distributed System Security Symposium (NDSS), Feb. 2019 > International Papers

[SW Security] CRCount: Pointer Invalidation with Reference Counting to Mitigate Use-after-free in Legacy C/C++, Network and Distributed System Security Symposium (NDSS), Feb. 2019

0
0
Print
11-07

CRCount: Pointer Invalidation with Reference Counting to Mitigate Use-after-free in Legacy C/C++, Network and Distributed System Security Symposium (NDSS) 2019

Jangseop Shin, Donghyun Kwon, Jiwon Seo, Yeongpil Cho, Yunheung Paek

본 논문은 C/C++ 프로그램에 대한 공격으로 많이 사용되는 Use-after-free 취약점에 대한 방어 기법을 제안한다. 이를 위해 컴파일 단계에서 코드를 수정하여 Heap object에 대한 Reference Counting을 수행하여 이를 통해 Heap object의 해제를 dangling pointer가 없어질 때까지 지연시킨다. 또한 실험을 통해 이 approach의 효율성을 보여주었다.

0
0

International Papers

SW Security All Your Clicks Belong to Me: Investigating Click Interception on the Web (to appear), USENIX Security Symposium (Security), August 2019

SW Security µXOM: Efficient eXecute-Only Memory on ARM Cortex-M (to appear), USENIX Security Symposium (Security), August 2019

SW Security Finding Kernel Race Bugs through Fuzzing, IEEE Symposium on Security and Privacy (Oakland), May 2019

SW Security PrOS: Light-weight Privatized Secure Oses in ARM TrustZone (accepted), IEEE Transactions on Mobile Computing, Mar 2019

SW Security Safe and Efficient Implementation of Security System on ARM using Intra-Level Privilege Separation, ACM Transactions on Privacy and Security, Feb 2019

SW Security CRCount: Pointer Invalidation with Reference Counting to Mitigate Use-after-free in Legacy C/C++, Network and Distributed System Security Symposium (NDSS), Feb. 2019

SW Security OBFSCURO: A Commodity Obfuscation Engine on Intel SGX, Network and Distributed System Security Symposium (NDSS), Feb. 2019

SW Security VM-CFI : Control-Flow Integrity for Virtual Machine Kernel using Intel PT, DTS, Jul 2018

SW Security Obliviate: A Data Oblivious Filesystem for Intel SGX, Network and Distributed System Security Symposium (NDSS), Feb 2018

SW Security Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing, Network and Distributed System Security Symposium (NDSS), Feb 2018

SW Security Securing Real-Time Microcontroller Systems through Customized Memory View Switching, Network and Distributed System Security Symposium (NDSS), Feb 2018

SW Security HexType: Efficient Detection of Type Confusion Errors for C++, ACM Conference on Computer and Communications Security (CCS), Oct 2017

SW Security CAB-Fuzz: Practical Concolic Testing Techniques for COTS Operating Systems, USENIX Annual Technical Conference (ATC), Jul 2017

SW Security Instruction-Level Data Isolation for the Kernel on ARM, Annual Design Automation Conference (DAC), Jun 2017

SW Security SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs, Network and Distributed System Security Symposium (NDSS), Feb 2017

SW Security Dynamic Virtual Address Range Adjustment for Intra-Level Privilege Separation on ARM, Network and Distributed System Security Symposium (NDSS), Feb 2017 (Acceptance rate: 16%)

SW Security Toward Engineering a Secure Android Ecosystem: A Survey of Existing Techniques, ACM Computing Surveys (CSUR), Nov 2016

SW Security A Survey and Design of a Scalable Mobile Edge Cloud Platform for the Smart IoT Devices and It’s Applications, International Conference on Computer Science and its Applications, 694-698, Nov 2016

SW Security Instant OS Updates via Userspace Checkpoint-and-Restart, USENIX Annual Technical Conference (ATC), June 2016

SW Security Hardware-Assisted On-Demand Hypervisor Activation for Efficient Security Critical Code Execution on Mobile Devices, USENIX Annual Technical Conference(ATC), Jun 2016 (Acceptance rate: 19%)