Cited 0 time in
Enhancing a Lock-and-key Scheme with MTE to Mitigate Use-After-Frees
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Bang, Inyoung | - |
| dc.contributor.author | Kayondo, Martin | - |
| dc.contributor.author | You, Junseung | - |
| dc.contributor.author | Kwon, Donghyun | - |
| dc.contributor.author | Cho, Yeongpil | - |
| dc.contributor.author | Paek, Yunheung | - |
| dc.date.accessioned | 2024-11-28T14:01:43Z | - |
| dc.date.available | 2024-11-28T14:01:43Z | - |
| dc.date.issued | 2024-01 | - |
| dc.identifier.issn | 2169-3536 | - |
| dc.identifier.issn | 2169-3536 | - |
| dc.identifier.uri | https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/196795 | - |
| dc.description.abstract | Preventing Use-After-Free (UAF) bugs is crucial to ensure temporal memory safety. Against UAF attacks, much research has adopted a well-known approach, lock-and-key, in which unique, disposable locks and keys are first assigned respectively to objects and pointers, and then on every memory access, checked for a match. Attention has been drawn again to this approach by recent work that capitalizes on a vast abundance of virtual address (VA) space in the lock assignment, thus being able to prevent UAFs in stripped binary. However, as this VA-based lock-and-key scheme tends to rapidly consume virtual space, it is likely to suffer from high performance overhead. In this paper, we propose a new scheme, called the VA tagging, whose goal is to tackle this performance problem with the support of the Memory Tagging Architecture (MTA) introduced in several commodity processors. In our scheme, the original VA-based locks are augmented with tags of MTA. As a VA-based lock can be assigned to multiple objects with different tags, the same VA is reused for many objects without compromising temporal safety. We have observed in our experiments that this tagging scheme lowers the VA consumption rate drastically by one order of magnitude. We implement a light-weight memory allocator, Vatalloc, by modifying existing allocators, dlmalloc and jemalloc, to employ the VA tagging scheme for efficient prevention of UAFs. Our evaluation shows that Vatalloc with allocator modifications only incurs 1.70 % (on dlmalloc) and 3.05 % (on jemalloc) of runtime overhead without considering performance degradation of MTE. As a result of simulating the tagging architecture assuming the worst-case, postulating MTE precise trapping mode incurs performance overhead of 30.9 % based on dlmalloc, and 25.5 % based on jemalloc. If imprecise mode is assumed, the slowdown is measured 16.9 % for dlmalloc and 12.0 % for jemalloc respectively. Vatalloc only incurs 19.0 % and 3.0 % memory overhead for dlmalloc and jemalloc respectively. | - |
| dc.format.extent | 15 | - |
| dc.language | 영어 | - |
| dc.language.iso | ENG | - |
| dc.publisher | Institute of Electrical and Electronics Engineers Inc. | - |
| dc.title | Enhancing a Lock-and-key Scheme with MTE to Mitigate Use-After-Frees | - |
| dc.type | Article | - |
| dc.publisher.location | 미국 | - |
| dc.identifier.doi | 10.1109/ACCESS.2023.3343777 | - |
| dc.identifier.scopusid | 2-s2.0-85181819425 | - |
| dc.identifier.wosid | 001142675100001 | - |
| dc.identifier.bibliographicCitation | IEEE Access, v.12, pp 5462 - 5476 | - |
| dc.citation.title | IEEE Access | - |
| dc.citation.volume | 12 | - |
| dc.citation.startPage | 5462 | - |
| dc.citation.endPage | 5476 | - |
| dc.type.docType | Article | - |
| dc.description.isOpenAccess | Y | - |
| dc.description.journalRegisteredClass | scie | - |
| dc.description.journalRegisteredClass | scopus | - |
| dc.relation.journalResearchArea | Computer Science | - |
| dc.relation.journalResearchArea | Engineering | - |
| dc.relation.journalResearchArea | Telecommunications | - |
| dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
| dc.relation.journalWebOfScienceCategory | Engineering, Electrical & Electronic | - |
| dc.relation.journalWebOfScienceCategory | Telecommunications | - |
| dc.subject.keywordPlus | Locks (fasteners) | - |
| dc.subject.keywordPlus | Memory architecture | - |
| dc.subject.keywordPlus | Program debugging | - |
| dc.subject.keywordAuthor | Memory safety | - |
| dc.subject.keywordAuthor | temporal safety | - |
| dc.subject.keywordAuthor | hardware | - |
| dc.subject.keywordAuthor | security | - |
| dc.subject.keywordAuthor | memory management | - |
| dc.subject.keywordAuthor | tagging architecture | - |
| dc.identifier.url | https://ieeexplore.ieee.org/document/10363125 | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
222, Wangsimni-ro, Seongdong-gu, Seoul, 04763, Korea+82-2-2220-1366
COPYRIGHT © 2024 HANYANG UNIVERSITY.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.
