SlimGuard: Design and Implementation of a Memory Efficient and Secure Heap Allocator

dc.contributor.authorLiu, Beichenen
dc.contributor.committeechairRavindran, Binoyen
dc.contributor.committeememberPatterson, Cameron D.en
dc.contributor.committeememberOlivier, Pierreen
dc.contributor.departmentElectrical and Computer Engineeringen
dc.date.accessioned2020-01-04T09:00:30Zen
dc.date.available2020-01-04T09:00:30Zen
dc.date.issued2020-01-03en
dc.description.abstractAttacks on the heap are an increasingly severe threat. State-of-the-art secure dynamic memory allocators can offer protection, however their memory consumption is high, making them suboptimal in many situations. We introduce sys, a secure allocator whose design is driven by memory efficiency. Among other features, sys uses an efficient fine-grain size classes indexing mechanism and implements a novel dynamic canary scheme. It offers a low memory overhead due its size classes optimized for canary usage, its on-demand metadata allocation, and the combination of randomized allocations and over-provisioning into a single memory efficient security feature. sys protects against widespread heap-related attacks such as overflows, over-reads, double/invalid free, and use-after-free. Evaluation over a wide range of applications shows that it offers a significant reduction in memory consumption compared to the state-of-the-art secure allocator (up to 2x in macro-benchmarks), while offering similar or better security guarantees and good performance.en
dc.description.abstractgeneralAttacks targeting on the runtime memory (heap allocator) are severe threats to software safety. Statistical results shown that the numbers of heap-related attacks has doubled since 2016. A large number of research works are designed to solve the security problems by offering different techniques to prevent some specific attacks. Not only are they very secure but also fast. However, these secure heap allocators sacrifice the memory usage, all of them at least double the memory consumption. Our work is trying to design and implement a heap allocator, in which it can defend against different attacks, as well as fast and memory-efficient. We carefully re-design some security features in our heap allocator while keep memory-efficient in mind. In the end, we evaluated sys and found that it offers significant reduction on different benchmarks suites. Evaluation also showed that sys can detect a lot of vulnerabilities in the software, while offer the same good performance as the state-of-the-art heap allocator.en
dc.description.degreeMaster of Scienceen
dc.format.mediumETDen
dc.identifier.othervt_gsexam:23215en
dc.identifier.urihttp://hdl.handle.net/10919/96291en
dc.language.isoenen
dc.publisherVirginia Techen
dc.rightsIn Copyrighten
dc.rights.urihttp://rightsstatements.org/vocab/InC/1.0/en
dc.subjectDynamic Memory Allocationen
dc.subjectMemory Safetyen
dc.titleSlimGuard: Design and Implementation of a Memory Efficient and Secure Heap Allocatoren
dc.typeThesisen
thesis.degree.disciplineComputer Engineeringen
thesis.degree.grantorVirginia Polytechnic Institute and State Universityen
thesis.degree.levelmastersen
thesis.degree.nameMaster of Scienceen

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Liu_B_T_2020.pdf
Size:
347.71 KB
Format:
Adobe Portable Document Format

Collections