Memory allocator security

While stack-based buffer overflows have dominated the vulnerabilities which can cause code injection attacks, heap-based buffer overflows and dangling pointer references to heap memory are also important avenues of attack. In this talk we will describe how attackers can exploit many common memory allocators. We will discuss the memory allocator used in Linux (dlmalloc), the one from FreeBSD (phkmalloc), 2 academic allocators (CSRI, Quickfit) and Boehm's garbage collector. We will then discuss our more secure memory allocator (called dnmalloc) and will also describe several countermeasures that exist that protect against these attacks: Robertson's heap protector, GlibC 2.3.5's integrity checks and Contrapolice, ....

This talk will also mark the first public release of dnmalloc which is the more secure memory allocator that I will be talking about.

Yves Younan, Wouter Joosen, and Frank Piessens, A Methodology for Designing Countermeasures against Current and Future Code Injection Attacks, Proceedings of the Third IEEE International Information Assurance Workshop 2005 (IWIA2005), College Park, Maryland, U.S.A., March 2005, IEEE, IEEE Press. http://www.fort-knox.org/younany_countermeasures.pdf