research-article

DangDone: Eliminating Dangling Pointers via Intermediate Pointers

Authors:

Lingzhang Wang,

Xuandong LiAuthors Info & Claims

Internetware '18: Proceedings of the 10th Asia-Pacific Symposium on Internetware

Article No.: 6, Pages 1 - 10

https://doi.org/10.1145/3275219.3275231

Published: 16 September 2018 Publication History

Abstract

Dangling pointers have become an important class of software bugs that can lead to use-after-free and double-free vulnerabilities. So far, only a few approaches have been proposed to protect against dangling pointers, while most of them suffer from high overhead. In this paper, we propose a lightweight approach, named DangDone, to eliminate dangling pointers at compile time. Built upon the root cause of a dangling pointer, i.e., a pointer and its aliases are not nullified but the memory area they point to is deallocated, DangDone realizes the protection by inserting an intermediate pointer between the pointers (i.e., a pointer and its aliases) and the memory area they point to. Hence, nullifying the intermediate pointer will nullify the pointer and its aliases, which mitigates the vulnerabilities caused by dangling pointers. Experimental results have demonstrated that DangDone can protect target programs (i.e., the SPEC CPU benchmarks and the programs with known CVEs) with negligible runtime overhead (i.e., around 1% on average).

References

[1]

80vul. 2017. 80vul/phpcodz: Php Codz Hacking. https://github.com/80vul/phpcodz. (2017).

[2]

Jonathan Afek and Adi Sharabani. 2007. Dangling pointer: Smashing the pointer for fun and profit. Black Hat USA (2007).

[3]

Periklis Akritidis. 2010. Cling: A Memory Allocator to Mitigate Dangling Pointers., In USENIX Security Symposium. 177--192.

Digital Library

[4]

Josh Berdine, Byron Cook, and Samin Ishtiaq. 2011. SLAyer: Memory safety for systems-level code. In International Conference on Computer Aided Verification. Springer, 178--183.

Digital Library

[5]

Emery D Berger and Benjamin G Zorn. 2006. DieHard: probabilistic memory safety for unsafe languages. In ACM SIGPLAN Notices, Vol. 41. ACM, 158--168.

Digital Library

[6]

Juan Caballero, Gustavo Grieco, Mark Marron, and Antonio Nappa. 2012. Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities. In International Symposium on Software Testing and Analysis. ACM, 133--143.

Digital Library

[7]

Standard Performance Evaluation Corporation. 2017. SPEC CPU 2000. https://www.spec.org/cpu2000/. (2017).

[8]

Standard Performance Evaluation Corporation. 2017. SPEC CPU 2006. https://www.spec.org/cpu2006/. (2017).

[9]

Dinakar Dhurjati and Vikram Adve. 2006. Efficiently detecting all dangling pointer uses in production servers. In International Conference on Dependable Systems and Networks. IEEE, 269--280.

Digital Library

[10]

Frank Ch Eigler. 2003. Mudflap: Pointer Use Checking for C/C+. Proceedings of the First Annual GCC DevelopersâĂ&Zacute; Summit (2003), 57--70.

[11]

Dawson Engler and Madanlal Musuvathi. 2004. Static analysis versus software model checking for bug finding. In Verification, Model Checking, and Abstract Interpretation. Springer, 191--210.

[12]

Josselin Feist, Laurent Mounier, and Marie-Laure Potet. 2014. Statically detecting use after free on binary code. Journal of Computer Virology and Hacking Techniques 10, 3 (2014), 211--217.

[13]

Reed Hastings and Bob Joyce. 1991. Purify: Fast detection of memory leaks and access errors. In the winter 1992 usenix conference. Citeseer.

[14]

Todd Jackson, Babak Salamat, Gregor Wagner, Christian Wimmer, and Michael Franz. 2010. On the effectiveness of multi-variant program execution for vulnerability detection and prevention. In the 6th International Workshop on Security Measurements and Metrics. ACM, 7.

Digital Library

[15]

Byoungyoung Lee, Chengyu Song, Yeongjin Jang, Tielei Wang, Taesoo Kim, Long Lu, and Wenke Lee. 2015. Preventing Use-after-free with Dangling Pointers Nullification. In NDSS.

[16]

llvm admin team. 2017. Clang: a C language family frontend for LLVM. http://clang.llvm.org/. (2017).

[17]

llvm admin team. 2017. The LLVM Compiler Infrastructure. http://llvm.org. (2017).

[18]

llvm admin team. 2017. Using Clang Tools - LLVM. http://clang.llvm.org/docs/ClangTools.html. (2017).

[19]

llvm admin team. 2017. Writing an LLVM Pass. http://llvm.org/docs/WritingAnLLVMPass.html. (2017).

[20]

Bruno Cardoso Lopes and Rafael Auler. 2014. Getting Started with LLVM Core Libraries. Packt Publishing Ltd.

Digital Library

[21]

Aleksander Morgado. 2017. Understanding Valgrind memory leak reports. https://aleksander.es/data/valgrind-memcheck.pdf. (2017).

[22]

Madanlal Musuvathi, David YW Park, Andy Chou, Dawson R Engler, and David L Dill. 2002. CMC: A pragmatic approach to model checking real code. ACM SIGOPS Operating Systems Review 36, SI (2002), 75--88.

Digital Library

[23]

Santosh Nagarakatte, Jianzhou Zhao, Milo M. K. Martin, and Steve Zdancewic. 2009. SoftBound: highly compatible and complete spatial memory safety for c. In ACM Sigplan Conference on Programming Language Design & Implementation. 245--258.

Digital Library

[24]

Gene Novark and Emery D Berger. 2010. DieHarder: securing the heap. In the 17th ACM conference on Computer and communications security. ACM, 573--584.

Digital Library

[25]

Karthik Pattabiraman, Zbigniew T Kalbarczyk, and Ravishankar K Iyer. 2011. Automated derivation of application-aware error detectors using static analysis: The trusted illiac approach. IEEE Transactions on Dependable and Secure Computing 8, 1 (2011), 44--57.

Digital Library

[26]

Offensive Security. 2017. Exploit Database by Offensive Security. https://www.exploit-db.com/. (2017).

[27]

Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. AddressSanitizer: a fast address sanity checker. In the 2012 USENIX Annual Technical Conference. 309--318.

Digital Library

[28]

Laszlo Szekeres, Mathias Payer, Tao Wei, and Dong Song. 2013. Sok: Eternal war in memory. In IEEE Symposium on Security and Privacy (SP). IEEE, 48--62.

Digital Library

[29]

Wei Xu, Daniel C. Duvarney, and R. Sekar. 2004. An efficient and backwards-compatible transformation to ensure memory safety of C programs. In ACM Sigsoft International Symposium on Foundations of Software Engineering. 117--126.

Digital Library

[30]

Wen Xu, Juanru Li, Junliang Shu, Wenbo Yang, Tianyi Xie, Yuanyuan Zhang, and Dawu Gu. 2015. From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel. In the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 414--425.

Digital Library

[31]

Jiayi Ye, Chao Zhang, and Xinhui Han. 2014. UAFChecker: scalable static detection of use-after-free vulnerabilities. In the ACM SIGSAC Conference on Computer and Communications Security. ACM, 1529--1531.

Digital Library

[32]

Yves Younan. 2015. FreeSentry: protecting against use-after-free vulnerabilities due to dangling pointers. In NDSS.

Cited By

Gondow KArahori Y(2024)EarlyDLDetect: An Early Root-Cause Locator of Dangling Pointers and Memory LeaksIEEE Access10.1109/ACCESS.2024.351513312(187877-187891)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3515133
Chen LWu JLiu Y(2024)SafePtrX: Research on Mitigation of Heap-Based Memory Safety Violations for Intel x86-64Engineering of Complex Computer Systems10.1007/978-3-031-66456-4_21(390-408)Online publication date: 18-Jun-2024
https://dl.acm.org/doi/10.1007/978-3-031-66456-4_21
Gui BSong WXiong HHuang J(2022)Automated Use-After-Free Detection and Exploit Mitigation: How Far Have We Gone?IEEE Transactions on Software Engineering10.1109/TSE.2021.312199448:11(4569-4589)Online publication date: 1-Nov-2022
https://doi.org/10.1109/TSE.2021.3121994
Show More Cited By

Index Terms

DangDone: Eliminating Dangling Pointers via Intermediate Pointers
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis

Recommendations

HeapExpo: Pinpointing Promoted Pointers to Prevent Use-After-Free Vulnerabilities
ACSAC '20: Proceedings of the 36th Annual Computer Security Applications Conference

Use-after-free (UAF) vulnerabilities, in which dangling pointers remain after memory is released, remain a persistent problem for applications written in C and C++. In order to protect legacy code, prior work has attempted to track pointer propagation ...
DangSan: Scalable Use-after-free Detection
EuroSys '17: Proceedings of the Twelfth European Conference on Computer Systems

Use-after-free vulnerabilities due to dangling pointers are an important and growing threat to systems security. While various solutions exist to address this problem, none of them is sufficiently practical for real-world adoption. Some can be bypassed ...
Application of Computational Redundancy in Dangling Pointers Detection
ICSEA '06: Proceedings of the International Conference on Software Engineering Advances

Many programmers manipulate dynamic data improperly, which may produce dynamic memory problems, such as dangling pointer. Dangling pointers can occur when a function returns a pointer to an automatic variable, or when trying to access a deleted object. ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

Internetware '18: Proceedings of the 10th Asia-Pacific Symposium on Internetware

September 2018

167 pages

ISBN:9781450365901

DOI:10.1145/3275219

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

Institute of Software, Chinese Academy of Sciences
CCF: China Computer Federation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 September 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

National Key Research and Development Plan
National Natural Science Foundation of China

Conference

Internetware '18

Internetware '18: The Tenth Asia-Pacific Symposium on Internetware

September 16, 2018

Beijing, China

Acceptance Rates

Internetware '18 Paper Acceptance Rate 20 of 26 submissions, 77%;

Overall Acceptance Rate 55 of 111 submissions, 50%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
198
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)0

Reflects downloads up to 04 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Gondow KArahori Y(2024)EarlyDLDetect: An Early Root-Cause Locator of Dangling Pointers and Memory LeaksIEEE Access10.1109/ACCESS.2024.351513312(187877-187891)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3515133
Chen LWu JLiu Y(2024)SafePtrX: Research on Mitigation of Heap-Based Memory Safety Violations for Intel x86-64Engineering of Complex Computer Systems10.1007/978-3-031-66456-4_21(390-408)Online publication date: 18-Jun-2024
https://dl.acm.org/doi/10.1007/978-3-031-66456-4_21
Gui BSong WXiong HHuang J(2022)Automated Use-After-Free Detection and Exploit Mitigation: How Far Have We Gone?IEEE Transactions on Software Engineering10.1109/TSE.2021.312199448:11(4569-4589)Online publication date: 1-Nov-2022
https://doi.org/10.1109/TSE.2021.3121994
Zhou QDai HLiu LShi KChen JJiang H(2022)The final security problem in IOT: Don’t count on the canary!2022 7th IEEE International Conference on Data Science in Cyberspace (DSC)10.1109/DSC55868.2022.00090(599-604)Online publication date: Jul-2022
https://doi.org/10.1109/DSC55868.2022.00090
Gui BSong WHuang JCadar CZhang X(2021)UAFSan: an object-identifier-based dynamic approach for detecting use-after-free vulnerabilitiesProceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3460319.3464835(309-321)Online publication date: 11-Jul-2021
https://dl.acm.org/doi/10.1145/3460319.3464835
Yin XHuang ZKan SShen GChen ZLiu YWang F(2021)SafeOSL: Ensuring memory safety of C via ownership‐based intermediate languageSoftware: Practice and Experience10.1002/spe.305752:5(1114-1142)Online publication date: 6-Dec-2021
https://doi.org/10.1002/spe.3057
Qiang WLi WJin HSurbiryala J(2019)Mpchecker: Use-After-Free Vulnerabilities Protection Based on Multi-Level PointersIEEE Access10.1109/ACCESS.2019.29080227(45961-45977)Online publication date: 2019
https://doi.org/10.1109/ACCESS.2019.2908022

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten