The widespread presence of Use-After-Free (UAF) vulnerabilities poses a serious threat to software security, with dangling pointers being considered the primary cause of these vulnerabilities. However, existing methods for defending against UAF vulnerabilities by eliminating dangling pointers need to interrupt the program's execution when encountering pointer assignment operations in order to store the memory addresses of the pointers in a specific data structure. This makes these methods not lightweight. To overcome this drawback, we propose a novel approach called LightDE. This method does not require storing the memory addresses of pointers during program execution. LightDE uses our proposed structure-sensitive pointer analysis method to determine which objects pointers point to and stores the pointing relationships in the program's data segment during program compilation. Since LightDE only needs to verify if pointers identified by the pointer analysis point to released objects when eliminating dangling pointers, it is very lightweight. Our experimental results show that LightDE can effectively defend against UAF vulnerabilities and the performance overhead it introduces is very low.
翻译:Use-After-Free(UAF)漏洞的广泛存在对软件安全构成了严重威胁,而悬垂指针被认为是导致此类漏洞的主要原因。然而,现有的通过消除悬垂指针来防御UAF漏洞的方法,在遇到指针赋值操作时需要中断程序执行,以便将指针的内存地址存储到特定的数据结构中。这使得这些方法不具备轻量级特性。为克服这一缺陷,我们提出了一种名为LightDE的新方法。该方法无需在程序执行期间存储指针的内存地址。LightDE利用我们提出的结构敏感指针分析方法来确定指针所指向的对象,并在程序编译期间将指向关系存储在程序的数据段中。由于LightDE在消除悬垂指针时仅需验证指针分析所识别的指针是否指向已释放对象,因此该方法非常轻量。我们的实验结果表明,LightDE能有效防御UAF漏洞,且其引入的性能开销极低。