DieHarder (CCS 2010, WOOT 2011)

•

0 gefällt mir•540 views

Heap-based attacks depend on a combination of memory management errors and an exploitable memory allocator. Many allocators include ad hoc countermeasures against particular exploits, but their effectiveness against future exploits has been uncertain. This paper presents the first formal treatment of the impact of allocator design on security. It analyzes a range of widely-deployed memory allocators, including those used by Windows, Linux, FreeBSD, and OpenBSD, and shows that they remain vulnerable to attack. It then presents DieHarder, a new allocator whose design was guided by this analysis. DieHarder provides the highest degree of security from heap-based attacks of any practical allocator of which we are aware, while imposing modest performance overhead. In particular, the Firefox web browser runs as fast with DieHarder as with the Linux allocator.

Bildung Technologie

DIEHARDER:

SECURING
THE
HEAP

Gene
Novark
&
Emery
Berger

University
of
Massachusetts,

Amherst

[originally
presented
at
CCS
ASSACHUSETTS,
AMHERST

•

Department
of
Computer
Science

UNIVERSITY
OF
M 2011]

DieHard:
ProbabilisFc
Memory
Safety

for
C/C++
Programs
[PLDI
2005]

Direct
inspira4on

for
Windows
7’s

Fault-‐Tolerant

Heap
(2009)

UNIVERSITY
OF
MASSACHUSETTS,
AMHERST

•

Department
of
Computer
Science

DieHard:
ProbabilisFc
Memory
Safety

for
C/C++
Programs
[PLDI
2005]

Direct
inspira4on

for
Windows
7’s

Fault-‐Tolerant

Heap
(2009)

UNIVERSITY
OF
MASSACHUSETTS,
AMHERST

•

Department
of
Computer
Science

sensitive

data
/
metadata

32

sensitive

data
/
metadata

All data / metadata sensitive

33

guard
/
unmapped
page

34

guard
/
unmapped
page

35

Address-‐space
layout

randomization

39

object free space

heap metadata

prev. object
object free space
object size

heap metadata
(GNU libc, others)

object x free space

heap metadata

object x free space

heap metadata

≈ 4-5 bits of entropy

51

Maximal entropy:
log N bits (e.g., ≈ 25-30)

53

44.2 sec

44.2 sec 41.6 sec

DIEHARDER:

SECURING
THE
HEAP

Gene
Novark
&
Emery
Berger

University
of
Massachusetts,

Amherst

UNIVERSITY
OF
MASSACHUSETTS,
AMHERST

•

Department
of
Computer
Science

Weitere ähnliche Inhalte

Andere mochten auch

Salud y seguridad de los trabajadores del sector salud.pdf

Salud y seguridad de los trabajadores del sector salud.pdf

Salud y seguridad de los trabajadores del sector salud.pdf

Ana González Sánchez

15_11-18_PR_Traverse Announces Patent Issuance

15_11-18_PR_Traverse Announces Patent Issuance

15_11-18_PR_Traverse Announces Patent Issuance

Lab safety 12_10_13

Lab safety 12_10_13

Lab safety 12_10_13

Lectura taller virtual los dos gallos

Lectura taller virtual los dos gallos

Lectura taller virtual los dos gallos

Anzoategui Docente

How to Create Creative Commons Licensing Buttons for Your Website

How to Create Creative Commons Licensing Buttons for Your Website

How to Create Creative Commons Licensing Buttons for Your Website

Finding a job using social media

Finding a job using social media

Finding a job using social media

Intranet Future

Hands-On LinkedIn for Beginners

Hands-On LinkedIn for Beginners

Hands-On LinkedIn for Beginners

Paula Battalia Brand

The Impact of a Medical Device Recall

The Impact of a Medical Device Recall

The Impact of a Medical Device Recall

hidayath cv 2016

hidayath cv 2016

hidayath cv 2016

raja mohamed Hidayath

LINK UP - How your business can benefit from LinkedIn

LINK UP - How your business can benefit from LinkedIn

LINK UP - How your business can benefit from LinkedIn

Intranet Future

Securing the Infrastructure and the Workloads of Linux Containers

Securing the Infrastructure and the Workloads of Linux Containers

Securing the Infrastructure and the Workloads of Linux Containers

Massimiliano Mattetti

shahid shabbir cv

shahid shabbir cv

shahid shabbir cv

Walmart

Diana Marlen Ocote Hernandez

Banja Luka

Dr David Hancock

Presentacion de educación en México

Presentacion de educación en México

Presentacion de educación en México

mbrionessauceda

BNI Lake Business Builders- LOZ Vice President report

BNI Lake Business Builders- LOZ Vice President report

BNI Lake Business Builders- LOZ Vice President report

Andere mochten auch (16)

Salud y seguridad de los trabajadores del sector salud.pdf

Salud y seguridad de los trabajadores del sector salud.pdf

Salud y seguridad de los trabajadores del sector salud.pdf

15_11-18_PR_Traverse Announces Patent Issuance

15_11-18_PR_Traverse Announces Patent Issuance

15_11-18_PR_Traverse Announces Patent Issuance

Lab safety 12_10_13

Lab safety 12_10_13

Lab safety 12_10_13

Lectura taller virtual los dos gallos

Lectura taller virtual los dos gallos

Lectura taller virtual los dos gallos

How to Create Creative Commons Licensing Buttons for Your Website

How to Create Creative Commons Licensing Buttons for Your Website

How to Create Creative Commons Licensing Buttons for Your Website

Finding a job using social media

Finding a job using social media

Finding a job using social media

Hands-On LinkedIn for Beginners

Hands-On LinkedIn for Beginners

Hands-On LinkedIn for Beginners

The Impact of a Medical Device Recall

The Impact of a Medical Device Recall

The Impact of a Medical Device Recall

hidayath cv 2016

hidayath cv 2016

hidayath cv 2016

LINK UP - How your business can benefit from LinkedIn

LINK UP - How your business can benefit from LinkedIn

LINK UP - How your business can benefit from LinkedIn

Securing the Infrastructure and the Workloads of Linux Containers

Securing the Infrastructure and the Workloads of Linux Containers

Securing the Infrastructure and the Workloads of Linux Containers

shahid shabbir cv

shahid shabbir cv

shahid shabbir cv

Walmart

Banja Luka

Presentacion de educación en México

Presentacion de educación en México

Presentacion de educación en México

BNI Lake Business Builders- LOZ Vice President report

BNI Lake Business Builders- LOZ Vice President report

BNI Lake Business Builders- LOZ Vice President report

Mehr von Emery Berger

Web browsers have become a de facto universal operating system, and JavaScript its instruction set. Unfortunately, running other languages in the browser is not generally possible. Translation to JavaScript is not enough because browsers are a hostile environment for other languages. Previous approaches are either non-portable or require extensive modifications for programs to work in a browser. This talk presents Doppio, a JavaScript-based runtime system that makes it possible to run unaltered applications written in general- purpose languages directly inside the browser. Doppio provides a wide range of runtime services, including a file system that enables local and external (cloud-based) storage, an unmanaged heap, sockets, blocking I/O, and multiple threads. We demonstrate Doppio's usefulness with two case studies: we extend Emscripten with Doppio, letting it run an unmodified C++ application in the browser with full functionality, and present DoppioJVM, an interpreter that runs unmodified JVM programs directly in the browser. While substantially slower than a native JVM, DoppioJVM makes it feasible to directly reuse existing, non compute-intensive code.

Doppio: Breaking the Browser Language Barrier

Doppio: Breaking the Browser Language Barrier

Doppio: Breaking the Browser Language Barrier

Dthreads is an efﬁcient deterministic multithreading system for unmodiﬁed C/C++ applications that replaces the pthreads library. Dthreads enforces determinism in the face of data races and deadlocks. It is easy to use: just link your program with -ldthread instead of -lpthread. Dthreads can be downloaded from its source code repo on GitHub (https://github.com/plasma-umass/dthreads). A technical paper describing Dthreads appeared at SOSP 2012 (https://github.com/plasma-umass/dthreads/blob/master/doc/dthreads-sosp11.pdf?raw=true). Multithreaded programming is notoriously difficult to get right. A key problem is non-determinism, which complicates debugging, testing, and reproducing errors. One way to simplify multithreaded programming is to enforce deterministic execution, but current deterministic systems for C/C++ are incomplete or impractical. These systems require program modification, do not ensure determinism in the presence of data races, do not work with general-purpose multithreaded programs, or run up to 8.4× slower than pthreads. This talk presents Dthreads, an efficient deterministic multithreading system for unmodified C/C++ applications that replaces the pthreads library. Dthreads enforces determinism in the face of data races and deadlocks. Dthreads works by exploding multithreaded applications into multiple processes, with private, copy-on-write mappings to shared memory. It uses standard virtual memory protection to track writes, and deterministically orders updates by each thread. By separating updates from different threads, Dthreads has the additional benefit of eliminating false sharing. Experimental results show that Dthreads substantially outperforms a state-of-the-art deterministic runtime system, and for a majority of the benchmarks we evaluated, matches and occasionally exceeds the performance of pthreads.

Dthreads: Efficient Deterministic Multithreading

Dthreads: Efficient Deterministic Multithreading

Dthreads: Efficient Deterministic Multithreading

Humans can perform many tasks with ease that remain difficult or impossible for computers. Crowdsourcing platforms like Amazon's Mechanical Turk make it possible to harness human-based computational power on an unprecedented scale. However, their utility as a general-purpose computational platform remains limited. The lack of complete automation makes it difficult to orchestrate complex or interrelated tasks. Scheduling human workers to reduce latency costs real money, and jobs must be monitored and rescheduled when workers fail to complete their tasks. Furthermore, it is often difficult to predict the length of time and payment that should be budgeted for a given task. Finally, the results of human-based computations are not necessarily reliable, both because human skills and accuracy vary widely, and because workers have a financial incentive to minimize their effort. This talk presents AutoMan, the first fully automatic crowdprogramming system. AutoMan integrates human-based computations into a standard programming language as ordinary function calls, which can be intermixed freely with traditional functions. This abstraction allows AutoMan programmers to focus on their programming logic. An AutoMan program specifies a confidence level for the overall computation and a budget. The AutoMan runtime system then transparently manages all details necessary for scheduling, pricing, and quality control. AutoMan automatically schedules human tasks for each computation until it achieves the desired confidence level; monitors, reprices, and restarts human tasks as necessary; and maximizes parallelism across human workers while staying under budget. AutoMan is available for download at www.automan-lang.org.

Programming with People

Programming with People

Programming with People

Stabilizer: Statistically Sound Performance Evaluation

Stabilizer: Statistically Sound Performance Evaluation

Stabilizer: Statistically Sound Performance Evaluation

Operating Systems - Advanced File Systems

Operating Systems - Advanced File Systems

Operating Systems - Advanced File Systems

Operating Systems - File Systems

Operating Systems - File Systems

Operating Systems - File Systems

Operating Systems - Networks

Operating Systems - Networks

Operating Systems - Networks

Operating Systems - Queuing Systems

Operating Systems - Queuing Systems

Operating Systems - Queuing Systems

Operating Systems - Distributed Parallel Computing

Operating Systems - Distributed Parallel Computing

Operating Systems - Distributed Parallel Computing

Operating Systems - Concurrency

Operating Systems - Concurrency

Operating Systems - Concurrency

Operating Systems - Advanced Synchronization

Operating Systems - Advanced Synchronization

Operating Systems - Advanced Synchronization

Operating Systems - Synchronization

Operating Systems - Synchronization

Operating Systems - Synchronization

Processes and Threads

Processes and Threads

Processes and Threads

Virtual Memory and Paging

Virtual Memory and Paging

Virtual Memory and Paging

Operating Systems - Virtual Memory

Operating Systems - Virtual Memory

Operating Systems - Virtual Memory

MC2: High-Performance Garbage Collection for Memory-Constrained Environments

MC2: High-Performance Garbage Collection for Memory-Constrained Environments

MC2: High-Performance Garbage Collection for Memory-Constrained Environments

Vam: A Locality-Improving Dynamic Memory Allocator

Vam: A Locality-Improving Dynamic Memory Allocator

Vam: A Locality-Improving Dynamic Memory Allocator

This talk answers an age-old question: is garbage collection faster/slower/the same speed as malloc/free? We introduce oracular memory management, an approach that lets us measure unaltered Java programs as if they used malloc and free. The result: a good GC can match the performance of a good allocator, but it takes 5X more space. If physical memory is tight, however, conventional garbage collectors suffer an order-of-magnitude performance penalty.

Quantifying the Performance of Garbage Collection vs. Explicit Memory Management

Quantifying the Performance of Garbage Collection vs. Explicit Memory Management

Quantifying the Performance of Garbage Collection vs. Explicit Memory Management

Introduces bookmarking collection, a GC algorithm that works with the virtual memory manager to eliminate paging. Just before memory is paged out, the collector "bookmarks" the targets of pointers from the pages. Using these bookmarks, BC can perform full garbage collections without loading the pages back from disk. By performing in-memory garbage collections, BC can speed up Java programs by orders of magnitude (up to 41X).

Garbage Collection without Paging

Garbage Collection without Paging

Garbage Collection without Paging

DieHard uses randomization and replication to transparently make C and C++ programs tolerate a wide range of errors, including buffer overflows and dangling pointers. Instead of crashing or running amok, DieHard lets programs continue to run correctly in the face of memory errors with high probability. Using DieHard also makes programs highly resistant to heap-based hacker attacks. Downloadable at www.diehard-software.org.

DieHard: Probabilistic Memory Safety for Unsafe Languages

DieHard: Probabilistic Memory Safety for Unsafe Languages

DieHard: Probabilistic Memory Safety for Unsafe Languages

Mehr von Emery Berger (20)

Doppio: Breaking the Browser Language Barrier

Doppio: Breaking the Browser Language Barrier

Doppio: Breaking the Browser Language Barrier

Dthreads: Efficient Deterministic Multithreading

Dthreads: Efficient Deterministic Multithreading

Dthreads: Efficient Deterministic Multithreading

Programming with People

Programming with People

Programming with People

Stabilizer: Statistically Sound Performance Evaluation

Stabilizer: Statistically Sound Performance Evaluation

Stabilizer: Statistically Sound Performance Evaluation

Operating Systems - Advanced File Systems

Operating Systems - Advanced File Systems

Operating Systems - Advanced File Systems

Operating Systems - File Systems

Operating Systems - File Systems

Operating Systems - File Systems

Operating Systems - Networks

Operating Systems - Networks

Operating Systems - Networks

Operating Systems - Queuing Systems

Operating Systems - Queuing Systems

Operating Systems - Queuing Systems

Operating Systems - Distributed Parallel Computing

Operating Systems - Distributed Parallel Computing

Operating Systems - Distributed Parallel Computing

Operating Systems - Concurrency

Operating Systems - Concurrency

Operating Systems - Concurrency

Operating Systems - Advanced Synchronization

Operating Systems - Advanced Synchronization

Operating Systems - Advanced Synchronization

Operating Systems - Synchronization

Operating Systems - Synchronization

Operating Systems - Synchronization

Processes and Threads

Processes and Threads

Processes and Threads

Virtual Memory and Paging

Virtual Memory and Paging

Virtual Memory and Paging

Operating Systems - Virtual Memory

Operating Systems - Virtual Memory

Operating Systems - Virtual Memory

MC2: High-Performance Garbage Collection for Memory-Constrained Environments

MC2: High-Performance Garbage Collection for Memory-Constrained Environments

MC2: High-Performance Garbage Collection for Memory-Constrained Environments

Vam: A Locality-Improving Dynamic Memory Allocator

Vam: A Locality-Improving Dynamic Memory Allocator

Vam: A Locality-Improving Dynamic Memory Allocator

Quantifying the Performance of Garbage Collection vs. Explicit Memory Management

Quantifying the Performance of Garbage Collection vs. Explicit Memory Management

Quantifying the Performance of Garbage Collection vs. Explicit Memory Management

Garbage Collection without Paging

Garbage Collection without Paging

Garbage Collection without Paging

DieHard: Probabilistic Memory Safety for Unsafe Languages

DieHard: Probabilistic Memory Safety for Unsafe Languages

DieHard: Probabilistic Memory Safety for Unsafe Languages

Kürzlich hochgeladen

Spatium Project Simulation student brief

Spatium Project Simulation student brief

Spatium Project Simulation student brief

Association for Project Management

FSB Advising Checklist - Orientation 2024

FSB Advising Checklist - Orientation 2024

FSB Advising Checklist - Orientation 2024

Elizabeth Walsh

Activity 01 - Artificial Culture (1).pdf

Activity 01 - Artificial Culture (1).pdf

Activity 01 - Artificial Culture (1).pdf

Salient Features of India constitution especially power and functions

Salient Features of India constitution especially power and functions

Salient Features of India constitution especially power and functions

Unit-IV- Pharma. Marketing Channels.pptx

Unit-IV- Pharma. Marketing Channels.pptx

Unit-IV- Pharma. Marketing Channels.pptx

VishalSingh1417

Application orientated numerical on hev.ppt

Application orientated numerical on hev.ppt

Application orientated numerical on hev.ppt

RamjanShidvankar

Basic Civil Engineering notes first year Notes Building notes Selection of site for Building Layout of a Building What is Burjis, Mutam Building Bye laws Basic Concept of sunlight ventilation in building National Building Code of India Set back or building line Types of Buildings Floor Space Index (F.S.I) Institutional Vs Educational Building Components & function Sills, Lintels, Cantilever Doors, Windows and Ventilators Types of Foundation AND THEIR USES Plinth Area Shallow and Deep Foundation Super Built-up & carpet area Floor Area Ratio (F.A.R) RCC Reinforced Cement Concrete RCC VS PCC

Basic Civil Engineering first year Notes- Chapter 4 Building.pptx

Basic Civil Engineering first year Notes- Chapter 4 Building.pptx

Basic Civil Engineering first year Notes- Chapter 4 Building.pptx

2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx

2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx

2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx

MaritesTamaniVerdade

UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf

UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf

UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf

Graduate Outcomes Presentation Slides - English

Graduate Outcomes Presentation Slides - English

Graduate Outcomes Presentation Slides - English

Python Notes for mca i year students osmania university.docx

Python Notes for mca i year students osmania university.docx

Python Notes for mca i year students osmania university.docx

Ramakrishna Reddy Bijjam

Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...

Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...

Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...

pradhanghanshyam7136

Explore the world of IT certification with CompTIA. Discover how the CompTIA Security+ Book SY0-701 can elevate your cybersecurity expertise and open doors to new career opportunities. This PDF provides essential insights into the CompTIA Security+ certification, guiding you through exam preparation and showcasing the benefits of becoming CompTIA-certified. Download now to embark on your journey to IT excellence with CompTIA.

ComPTIA Overview | Comptia Security+ Book SY0-701

ComPTIA Overview | Comptia Security+ Book SY0-701

ComPTIA Overview | Comptia Security+ Book SY0-701

General Principles of Intellectual Property: Concepts of Intellectual Proper...

General Principles of Intellectual Property: Concepts of Intellectual Proper...

General Principles of Intellectual Property: Concepts of Intellectual Proper...

Poonam Aher Patil

How to Give a Domain for a Field in Odoo 17

How to Give a Domain for a Field in Odoo 17

How to Give a Domain for a Field in Odoo 17

Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes

Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes

Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes

Holdier Curriculum Vitae (April 2024).pdf

Holdier Curriculum Vitae (April 2024).pdf

Holdier Curriculum Vitae (April 2024).pdf

This PowerPoint helps students to consider the concept of infinity.

This PowerPoint helps students to consider the concept of infinity.

This PowerPoint helps students to consider the concept of infinity.

christianmathematics

Towards a code of practice for AI in AT.pptx

Towards a code of practice for AI in AT.pptx

Towards a code of practice for AI in AT.pptx

How to Manage Global Discount in Odoo 17 POS

How to Manage Global Discount in Odoo 17 POS

How to Manage Global Discount in Odoo 17 POS

Kürzlich hochgeladen (20)

Spatium Project Simulation student brief

Spatium Project Simulation student brief

Spatium Project Simulation student brief

FSB Advising Checklist - Orientation 2024

FSB Advising Checklist - Orientation 2024

FSB Advising Checklist - Orientation 2024

Activity 01 - Artificial Culture (1).pdf

Activity 01 - Artificial Culture (1).pdf

Activity 01 - Artificial Culture (1).pdf

Salient Features of India constitution especially power and functions

Salient Features of India constitution especially power and functions

Salient Features of India constitution especially power and functions

Unit-IV- Pharma. Marketing Channels.pptx

Unit-IV- Pharma. Marketing Channels.pptx

Unit-IV- Pharma. Marketing Channels.pptx

Application orientated numerical on hev.ppt

Application orientated numerical on hev.ppt

Application orientated numerical on hev.ppt

Basic Civil Engineering first year Notes- Chapter 4 Building.pptx

Basic Civil Engineering first year Notes- Chapter 4 Building.pptx

Basic Civil Engineering first year Notes- Chapter 4 Building.pptx

2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx

2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx

2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx

UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf

UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf

UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf

Graduate Outcomes Presentation Slides - English

Graduate Outcomes Presentation Slides - English

Graduate Outcomes Presentation Slides - English

Python Notes for mca i year students osmania university.docx

Python Notes for mca i year students osmania university.docx

Python Notes for mca i year students osmania university.docx

Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...

Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...

Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...

ComPTIA Overview | Comptia Security+ Book SY0-701

ComPTIA Overview | Comptia Security+ Book SY0-701

ComPTIA Overview | Comptia Security+ Book SY0-701

General Principles of Intellectual Property: Concepts of Intellectual Proper...

General Principles of Intellectual Property: Concepts of Intellectual Proper...

General Principles of Intellectual Property: Concepts of Intellectual Proper...

How to Give a Domain for a Field in Odoo 17

How to Give a Domain for a Field in Odoo 17

How to Give a Domain for a Field in Odoo 17

Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes

Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes

Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes

Holdier Curriculum Vitae (April 2024).pdf

Holdier Curriculum Vitae (April 2024).pdf

Holdier Curriculum Vitae (April 2024).pdf

This PowerPoint helps students to consider the concept of infinity.

This PowerPoint helps students to consider the concept of infinity.

This PowerPoint helps students to consider the concept of infinity.

Towards a code of practice for AI in AT.pptx

Towards a code of practice for AI in AT.pptx

Towards a code of practice for AI in AT.pptx

How to Manage Global Discount in Odoo 17 POS

How to Manage Global Discount in Odoo 17 POS

How to Manage Global Discount in Odoo 17 POS

DieHarder (CCS 2010, WOOT 2011)

1. DIEHARDER: SECURING THE HEAP Gene Novark & Emery Berger University of Massachusetts, Amherst [originally presented at CCS ASSACHUSETTS, AMHERST • Department of Computer Science UNIVERSITY OF M 2011]

2. DieHard: ProbabilisFc Memory Safety for C/C++ Programs [PLDI 2005] Direct inspira4on for Windows 7’s Fault-‐Tolerant Heap (2009) UNIVERSITY OF MASSACHUSETTS, AMHERST • Department of Computer Science

3. DieHard: ProbabilisFc Memory Safety for C/C++ Programs [PLDI 2005] Direct inspira4on for Windows 7’s Fault-‐Tolerant Heap (2009) UNIVERSITY OF MASSACHUSETTS, AMHERST • Department of Computer Science

4.

5.

6.

7.

8.

9.

10.

11.

12.

13.

18.

19.

21.

22.

32. sensitive data / metadata 32

33. sensitive data / metadata All data / metadata sensitive 33

34. guard / unmapped page 34

35. guard / unmapped page 35

39. Address-‐space layout randomization 39

40. object free space heap metadata

41. prev. object object free space object size heap metadata (GNU libc, others)

42. object x free space heap metadata

43. object x free space heap metadata

51. ≈ 4-5 bits of entropy 51

53. Maximal entropy: log N bits (e.g., ≈ 25-30) 53

55.

56.

58. 44.2 sec 41.6 sec

59. DIEHARDER: SECURING THE HEAP Gene Novark & Emery Berger University of Massachusetts, Amherst UNIVERSITY OF MASSACHUSETTS, AMHERST • Department of Computer Science