22C3 - 2.2
22nd Chaos Communication Congress
Private Investigations
Speakers | |
---|---|
Yves Younan |
Schedule | |
---|---|
Day | 3 |
Room | Saal 4 |
Start time | 21:00 |
Duration | 01:00 |
Info | |
ID | 574 |
Event type | Lecture |
Track | Hacking |
Language | English |
Feedback | |
---|---|
Did you attend this event? Give Feedback |
Memory allocator security
This talk will discuss a variety of memory allocators that are available for C and C++ and how they can be exploited. Afterwards I will describe our modification to one of these memory allocators that makes it more resilient to attacks.
While stack-based buffer overflows have dominated the vulnerabilities which can cause code injection attacks, heap-based buffer overflows and dangling pointer references to heap memory are also important avenues of attack. In this talk we will describe how attackers can exploit many common memory allocators. We will discuss the memory allocator used in Linux (dlmalloc), the one from FreeBSD (phkmalloc), 2 academic allocators (CSRI, Quickfit) and Boehm's garbage collector. We will then discuss our more secure memory allocator (called dnmalloc) and will also describe several countermeasures that exist that protect against these attacks: Robertson's heap protector, GlibC 2.3.5's integrity checks and Contrapolice, ....
This talk will also mark the first public release of dnmalloc which is the more secure memory allocator that I will be talking about.
Yves Younan, Wouter Joosen, and Frank Piessens, A Methodology for Designing Countermeasures against Current and Future Code Injection Attacks, Proceedings of the Third IEEE International Information Assurance Workshop 2005 (IWIA2005), College Park, Maryland, U.S.A., March 2005, IEEE, IEEE Press. http://www.fort-knox.org/younany_countermeasures.pdf
Links
- Yves Younan, Wouter Joosen and Frank Piessens and Hans Van den Eynden. Security of Memory Allocators for C and C++. Technical Report CW419, Departement Computerwetenschappen, Katholieke Universiteit Leuven, July 2005.
- Yves Younan, Wouter Joosen, and Frank Piessens, A Methodology for Designing Countermeasures against Current and Future Code Injection Attack, Proceedings of the Third IEEE International Information Assurance Workshop 2005 (IWIA2005), College Park, Maryland