22C3 - 2.2

22nd Chaos Communication Congress
Private Investigations

Yves Younan
Day 3
Room Saal 4
Start time 21:00
Duration 01:00
ID 574
Event type Lecture
Track Hacking
Language English

Memory allocator security

This talk will discuss a variety of memory allocators that are available for C and C++ and how they can be exploited. Afterwards I will describe our modification to one of these memory allocators that makes it more resilient to attacks.

While stack-based buffer overflows have dominated the vulnerabilities which can cause code injection attacks, heap-based buffer overflows and dangling pointer references to heap memory are also important avenues of attack. In this talk we will describe how attackers can exploit many common memory allocators. We will discuss the memory allocator used in Linux (dlmalloc), the one from FreeBSD (phkmalloc), 2 academic allocators (CSRI, Quickfit) and Boehm's garbage collector. We will then discuss our more secure memory allocator (called dnmalloc) and will also describe several countermeasures that exist that protect against these attacks: Robertson's heap protector, GlibC 2.3.5's integrity checks and Contrapolice, ....

This talk will also mark the first public release of dnmalloc which is the more secure memory allocator that I will be talking about.

Yves Younan, Wouter Joosen, and Frank Piessens, A Methodology for Designing Countermeasures against Current and Future Code Injection Attacks, Proceedings of the Third IEEE International Information Assurance Workshop 2005 (IWIA2005), College Park, Maryland, U.S.A., March 2005, IEEE, IEEE Press. http://www.fort-knox.org/younany_countermeasures.pdf