Memory vulnerabilities can be exploited for security attacks, such as data corruption, control-flow hijacks, and information leakage. The intermittent reports of security attacks indicate the wide existence of memory vulnerabilities, and the lack of effective systems to defend such vulnerabilities in reality. This talk will present two of our research efforts aiming to defend memory vulnerabilities latent in the production software.
First, I will present a novel heap allocator--Guarder--that could make heap-based security attacks harder to succeed. Randomization is the conventional wisdom to achieve this. However, existing secure allocators face with two serious issues that prevent their wide adoptions, the significant performance overhead, and the unstable randomization entropy that can vary on different execution phases. Due to the second fact, attackers may breach the system at the weakest point. Guarder ensures the reliable randomization entropy, and provides an unprecedented level of security guarantee by providing all security features of existing allocators, but without compromising the performance, which has an overhead less than 3% on average comparing to performance-oriented allocators. This project was supported by Mozilla Company.
Second, I will present an efficient tool--iReplayer--that could report memory vulnerabilities precisely. The key insight is that it is possible to ensure that the evidence of memory vulnerabilities remains for the later detection. Therefore, instead of detecting memory vulnerabilities in the original execution, which may impose prohibitive performance overhead, the proposed approach only invokes the detection when the evidence of vulnerabilities is found. More specifically, it only performs the detection based on the found evidence, which avoids the significant performance overhead for common cases that do not have vulnerabilities and makes it applicable for the production environment. iReplayer further unlocks numerous possibilities in security forensics, failure diagnosis, and online error remediation.