TY - GEN
T1 - ViK
T2 - 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2022
AU - Cho, Haehyun
AU - Park, Jinbum
AU - Oest, Adam
AU - Bao, Tiffany
AU - Wang, Ruoyu
AU - Shoshitaishvili, Yan
AU - Doupé, Adam
AU - Ahn, Gail Joon
N1 - Funding Information:
This material is based upon work supported in part by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (No. NRF-2021R1A4A1029650), the Defense Advanced Research Projects Agency (DARPA) HR001118C0060 and FA875019C0003, the Office of Naval Research (ONR) KK1847, and Samsung Research, Samsung Electronics.
Publisher Copyright:
© 2022 ACM.
PY - 2022/2/28
Y1 - 2022/2/28
N2 - Temporal memory safety violations, such as use-After-free (UAF) vulnerabilities, are a critical security issue for software written in memory-unsafe languages such as C and C++. In this paper, we introduce ViK, a novel, lightweight, and widely applicable runtime defense that can protect both operating system (OS) kernels and user-space applications against temporal memory safety violations. ViK performs object ID inspection, where it assigns a random identifier to every allocated object and stores the identifier in the unused bits of the corresponding pointer. When the pointer is used, ViK inspects the value of a pointer before dereferencing, ensuring that the pointer still references the original object. To the best of our knowledge, this is the first mitigation against temporal memory safety violations that scales to OS kernels. We evaluated the software prototype of ViK on Android and Linux kernels and observed runtime overhead of around 20%. Also, we evaluated a hardware-Assisted prototype of ViK on Android kernel, where the runtime overhead was as low as 2%.
AB - Temporal memory safety violations, such as use-After-free (UAF) vulnerabilities, are a critical security issue for software written in memory-unsafe languages such as C and C++. In this paper, we introduce ViK, a novel, lightweight, and widely applicable runtime defense that can protect both operating system (OS) kernels and user-space applications against temporal memory safety violations. ViK performs object ID inspection, where it assigns a random identifier to every allocated object and stores the identifier in the unused bits of the corresponding pointer. When the pointer is used, ViK inspects the value of a pointer before dereferencing, ensuring that the pointer still references the original object. To the best of our knowledge, this is the first mitigation against temporal memory safety violations that scales to OS kernels. We evaluated the software prototype of ViK on Android and Linux kernels and observed runtime overhead of around 20%. Also, we evaluated a hardware-Assisted prototype of ViK on Android kernel, where the runtime overhead was as low as 2%.
KW - Operating System Kernels
KW - Temporal Memory Safety Violations
UR - http://www.scopus.com/inward/record.url?scp=85126392909&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85126392909&partnerID=8YFLogxK
U2 - 10.1145/3503222.3507780
DO - 10.1145/3503222.3507780
M3 - Conference contribution
AN - SCOPUS:85126392909
T3 - International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS
SP - 271
EP - 284
BT - ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems
A2 - Falsafi, Babak
A2 - Ferdman, Michael
A2 - Lu, Shan
A2 - Wenisch, Thomas F.
PB - Association for Computing Machinery
Y2 - 28 February 2022 through 4 March 2022
ER -