In software development, the prevalence of unsafe languages such as C and C++ introduces potential vulnerabilities, especially within the heap, a pivotal component for dynamic memory allocation. Despite its significance, heap management complexities have made heap corruption pervasive, posing severe threats to system security. While prior solutions aiming for temporal and spatial memory safety exhibit overheads deemed impractical, we present ShadowBound, a unique heap memory protection design. At its core, ShadowBound is an efficient out-of-bounds defense that can work with various use-after-free defenses (e.g. MarkUs, FFMalloc, PUMM) without compatibility constraints. We harness a shadow memory-based metadata management mechanism to store heap chunk boundaries and apply customized compiler optimizations tailored for boundary checking. We implemented ShadowBound atop the LLVM framework and integrated three state-of-the-art use-after-free defenses. Our evaluations show that ShadowBound provides robust heap protection with minimal time and memory overhead, suggesting its effectiveness and efficiency in safeguarding real-world programs against prevalent heap vulnerabilities.

翻译：在软件开发中，C和C++等不安全语言的广泛使用引入了潜在漏洞，尤其是在堆这一动态内存分配的关键组件中。尽管堆管理至关重要，但其复杂性使得堆损坏问题普遍存在，对系统安全构成严重威胁。虽然先前旨在实现时空内存安全的解决方案存在被认为不切实际的开销，但我们提出了ShadowBound，一种独特的堆内存保护设计。其核心是一种高效的越界防御机制，可与多种释放后使用防御方案（如MarkUs、FFMalloc、PUMM）协同工作，且无兼容性限制。我们利用基于影子内存的元数据管理机制来存储堆块边界，并应用专为边界检查定制的编译器优化。我们在LLVM框架上实现了ShadowBound，并集成了三种先进的释放后使用防御方案。评估结果表明，ShadowBound以极低的时间和内存开销提供了强大的堆保护能力，证明了其在保护实际程序免受常见堆漏洞攻击方面的有效性和高效性。