Skip to main content

Heap Trajectory Prediction by Layout Abstraction

Julien Vanegue ( Cornell Tech )

Many modern security exploits rely on alignment of memory chunks to corrupt or leak memory content across privilege levels. Exploit mitigations such as ASLR and the use of large address spaces come to limit feasibility and reliability of such attacks. In this talk, we present a technique to abstract global heap configurations to approximate heap layout predictions in a program. Our implementation and experiments show that such abstraction scales to real programs like ls and ssh. We prove our heap representation to be a canonical abstraction "ala Clarke" by relating a concrete and abstract versions of the heap transition system. While such abstraction can be dependent on the allocator and was originally designed to work for the Linux GNU glibc allocator, our methodology is generic and can be applied to any dynamic memory allocator implementation.

 

 

Share this: