当前位置:
X-MOL 学术
›
arXiv.cs.PL
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
DangKiller: Eliminating Dangling Pointers Efficiently via Implicit Identifier
arXiv - CS - Programming Languages Pub Date : 2020-02-29 , DOI: arxiv-2003.00175 Daliang Xu and Dongwei Chen and Chun Yang and KangSun and Xu Cheng and Dong Tong
arXiv - CS - Programming Languages Pub Date : 2020-02-29 , DOI: arxiv-2003.00175 Daliang Xu and Dongwei Chen and Chun Yang and KangSun and Xu Cheng and Dong Tong
Use-After-Free vulnerabilities, allowing the attacker to access unintended
memory via dangling pointers, are more threatening. However, most detection
schemes can only detect dangling pointers and invalid them, but not provide a
tolerance mechanism to repair the errors at runtime. Also, these techniques
obtain and manage the metadata inefficiently with complex structures and too
much scan (sweep). The goal of this paper is to use compiler instrumentation to
eliminate dangling pointers automatically and efficiently. In this paper, we
observe that most techniques lack accurate efficient pointer graph metadata
maintaining methods, so they need to scan the log to reduce the redundancy and
sweep the whole address space to find dangling pointers. Also, they lack a
direct, efficiently obtaining metadata approach. The key insight of this paper
is that a unique identifier can be used as a key to a hash or direct-map
algorithm. Thus, this paper maintains the same implicit identifier with each
memory object and its corresponding referent. Associating the unique ID with
metadata for memory objects, obtaining and managing the pointer graph metadata
can be efficiently. Therefore, with the delayed free technique adopted into
C/C++, we present the DangKiller as a novel and lightweight dangling pointer
elimination solution. We first demonstrate the MinFat Pointer, which can
calculate unique implicit ID for each object and pointer quickly, and use hash
algorithm to obtain metadata. Secondly, we propose the Log Cache and Log
Compression mechanism based on the ID to decrease the redundancy of dangling
pointer candidates. Coupled with the Address Tagging architecture on an ARM64
system, our experiments show that the DangKiller can eliminate use-after-free
vulnerabilities at only 11% and 3% runtime overheads for the SPEC CPU2006 and
2017 benchmarks respectively, except for unique cases.
中文翻译:
DangKiller:通过隐式标识符有效地消除悬空指针
Use-After-Free 漏洞,允许攻击者通过悬空指针访问非预期内存,更具威胁性。然而,大多数检测方案只能检测悬空指针并使其无效,而没有提供容错机制来修复运行时的错误。此外,这些技术以复杂的结构和过多的扫描(扫描)低效地获取和管理元数据。本文的目标是使用编译器检测来自动有效地消除悬空指针。在本文中,我们观察到大多数技术缺乏准确高效的指针图元数据维护方法,因此它们需要扫描日志以减少冗余并扫描整个地址空间以找到悬空指针。此外,它们缺乏直接、有效地获取元数据的方法。本文的关键见解是唯一标识符可以用作哈希或直接映射算法的密钥。因此,本文为每个内存对象及其对应的所指对象维护相同的隐式标识符。将唯一 ID 与内存对象的元数据相关联,可以高效地获取和管理指针图元数据。因此,通过 C/C++ 中采用的延迟释放技术,我们将 DangKiller 呈现为一种新颖且轻量级的悬空指针消除解决方案。我们首先演示 MinFat Pointer,它可以快速计算每个对象和指针的唯一隐式 ID,并使用哈希算法获取元数据。其次,我们提出了基于ID的日志缓存和日志压缩机制,以减少悬空指针候选的冗余。
更新日期:2020-03-03
中文翻译:
DangKiller:通过隐式标识符有效地消除悬空指针
Use-After-Free 漏洞,允许攻击者通过悬空指针访问非预期内存,更具威胁性。然而,大多数检测方案只能检测悬空指针并使其无效,而没有提供容错机制来修复运行时的错误。此外,这些技术以复杂的结构和过多的扫描(扫描)低效地获取和管理元数据。本文的目标是使用编译器检测来自动有效地消除悬空指针。在本文中,我们观察到大多数技术缺乏准确高效的指针图元数据维护方法,因此它们需要扫描日志以减少冗余并扫描整个地址空间以找到悬空指针。此外,它们缺乏直接、有效地获取元数据的方法。本文的关键见解是唯一标识符可以用作哈希或直接映射算法的密钥。因此,本文为每个内存对象及其对应的所指对象维护相同的隐式标识符。将唯一 ID 与内存对象的元数据相关联,可以高效地获取和管理指针图元数据。因此,通过 C/C++ 中采用的延迟释放技术,我们将 DangKiller 呈现为一种新颖且轻量级的悬空指针消除解决方案。我们首先演示 MinFat Pointer,它可以快速计算每个对象和指针的唯一隐式 ID,并使用哈希算法获取元数据。其次,我们提出了基于ID的日志缓存和日志压缩机制,以减少悬空指针候选的冗余。
京公网安备 11010802027423号