A Novel Advanced Heap Corruption and Security Method
نویسندگان
چکیده
Heap security has been a major concern since the past two decades. Recently many methods have been proposed to secure heap i.e. to avoid heap overrun and attacks. The paper describes a method suggested to secure heap at the operating system level. Major emphasis is given to Solaris operating system’s dynamic memory manager. When memory is required dynamically during runtime, the SysVmalloc acts as a memory allocator.Vmalloc allocates the chunks of memory in the form of splay tree structure. A self adjusting binary tree structure is reviewed in the paper, moreover major security issue to secure heap area is also suggested in the paper.
منابع مشابه
Provably-Secure Remote Memory Attestation for Heap Overflow Protection
Memory corruption attacks may lead to complete takeover of systems. There are numerous works offering protection mechanisms for this important problem. But the security guarantees that are offered by most works are only heuristic and, furthermore, most solutions are designed for protecting the local memory. In this paper we initiate the study of provably secure remote memory attestation; we con...
متن کاملTowards Efficient Heap Overflow Discovery
Heap overflow is a prevalent memory corruption vulnerability, playing an important role in recent attacks. Finding such vulnerabilities in applications is thus critical for security. Many state-of-art solutions focus on runtime detection, requiring abundant inputs to explore program paths in order to reach a high code coverage and luckily trigger security violations. It is likely that the input...
متن کاملNOZZLE: A Defense Against Heap-spraying Code Injection Attacks
Heap spraying is a security attack that increases the exploitability of memory corruption errors in type-unsafe applications. In a heap-spraying attack, an attacker coerces an application to allocate many objects containing malicious code in the heap, increasing the success rate of an exploit that jumps to a location within the heap. Because heap layout randomization necessitates new forms of a...
متن کاملHeapSentry: Kernel-Assisted Protection against Heap Overflows
The last twenty years have witnessed the constant reaction of the security community to memory corruption attacks and the evolution of attacking techniques in order to circumvent the newly-deployed countermeasures. In this evolution, the heap of a process received little attention and thus today, the problem of heap overflows is largely unsolved. In this paper we present HeapSentry, a system de...
متن کاملSystem - Vulnerabilities #1 - Acos 3.x, 4.x
Item # Vulnerability ID Score Source Score Summary 1 CVE-2015-2059 CVSS 2.0 7.5 High libidn: out-of-bounds read with stringprep on invalid UTF-8. [1] 2 CVE-2011-1425 CVSS 2.0 7.5 High xmlsec1: arbitrary file creation when verifying signatures [2] 3 CVE-2015-7696 CVSS 3.0 6.8 Med unzip: Heap overflow and DoS in 6.0 [3] 4 CVE-2014-9471 CVSS 2.0 7.5 High coreutils: memory corruption flaw in parse_...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1206.1406 شماره
صفحات -
تاریخ انتشار 2012