HeapTherapy

An Efficient End-to-End Solution against Heap Buffer Overflows

Qiang Zeng, Mingyi Zhao, Peng Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Citations (Scopus)

Abstract

For decades buffer overflows have been one of the most prevalent and dangerous software vulnerabilities. Although many techniques have been proposed to address the problem, they mostly introduce a very high overhead while others assume the availability of a separate system to pinpoint attacks or provide detailed traces for defense generation, which is very slow in itself and requires considerable extra resources. We propose an efficient solution against heap buffer overflows that integrates exploit detection, defense generation, and overflow prevention in a single system, named Heap Therapy. During program execution it conducts on-the-fly lightweight trace collection and exploit detection, and initiates automated diagnosis upon detection to generate defenses in real-time. It can handle both over-write and over-read attacks, such as the recent Heartbleed attack. The system has no false positives, and keeps effective under polymorphic exploits.%as the generated defense captures semantic characteristics of exploits. It is compliant with mainstream hardware and operating systems, and does not rely on specific allocation algorithms. We evaluated Heap Therapy on a variety of services (database, web, and ftp) and benchmarks (SPEC CPU2006), it incurs a very low average overhead in terms of both speed (6.2%) and memory (7.7%).

Original languageEnglish (US)
Title of host publicationProceedings - 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015
PublisherIEEE Computer Society
Pages485-496
Number of pages12
Volume2015-September
ISBN (Electronic)9781479986293
DOIs
StatePublished - Sep 14 2015
Event45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015 - Rio de Janeiro, Brazil
Duration: Jun 22 2015Jun 25 2015

Other

Other45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015
CountryBrazil
CityRio de Janeiro
Period6/22/156/25/15

Fingerprint

Semantics
Availability
Hardware
Data storage equipment

All Science Journal Classification (ASJC) codes

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications

Cite this

Zeng, Q., Zhao, M., & Liu, P. (2015). HeapTherapy: An Efficient End-to-End Solution against Heap Buffer Overflows. In Proceedings - 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015 (Vol. 2015-September, pp. 485-496). [7266875] IEEE Computer Society. https://doi.org/10.1109/DSN.2015.54
Zeng, Qiang ; Zhao, Mingyi ; Liu, Peng. / HeapTherapy : An Efficient End-to-End Solution against Heap Buffer Overflows. Proceedings - 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015. Vol. 2015-September IEEE Computer Society, 2015. pp. 485-496
@inproceedings{50261b9ae95b4284a3ccbbf641d80b10,
title = "HeapTherapy: An Efficient End-to-End Solution against Heap Buffer Overflows",
abstract = "For decades buffer overflows have been one of the most prevalent and dangerous software vulnerabilities. Although many techniques have been proposed to address the problem, they mostly introduce a very high overhead while others assume the availability of a separate system to pinpoint attacks or provide detailed traces for defense generation, which is very slow in itself and requires considerable extra resources. We propose an efficient solution against heap buffer overflows that integrates exploit detection, defense generation, and overflow prevention in a single system, named Heap Therapy. During program execution it conducts on-the-fly lightweight trace collection and exploit detection, and initiates automated diagnosis upon detection to generate defenses in real-time. It can handle both over-write and over-read attacks, such as the recent Heartbleed attack. The system has no false positives, and keeps effective under polymorphic exploits.{\%}as the generated defense captures semantic characteristics of exploits. It is compliant with mainstream hardware and operating systems, and does not rely on specific allocation algorithms. We evaluated Heap Therapy on a variety of services (database, web, and ftp) and benchmarks (SPEC CPU2006), it incurs a very low average overhead in terms of both speed (6.2{\%}) and memory (7.7{\%}).",
author = "Qiang Zeng and Mingyi Zhao and Peng Liu",
year = "2015",
month = "9",
day = "14",
doi = "10.1109/DSN.2015.54",
language = "English (US)",
volume = "2015-September",
pages = "485--496",
booktitle = "Proceedings - 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015",
publisher = "IEEE Computer Society",
address = "United States",

}

Zeng, Q, Zhao, M & Liu, P 2015, HeapTherapy: An Efficient End-to-End Solution against Heap Buffer Overflows. in Proceedings - 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015. vol. 2015-September, 7266875, IEEE Computer Society, pp. 485-496, 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015, Rio de Janeiro, Brazil, 6/22/15. https://doi.org/10.1109/DSN.2015.54

HeapTherapy : An Efficient End-to-End Solution against Heap Buffer Overflows. / Zeng, Qiang; Zhao, Mingyi; Liu, Peng.

Proceedings - 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015. Vol. 2015-September IEEE Computer Society, 2015. p. 485-496 7266875.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - HeapTherapy

T2 - An Efficient End-to-End Solution against Heap Buffer Overflows

AU - Zeng, Qiang

AU - Zhao, Mingyi

AU - Liu, Peng

PY - 2015/9/14

Y1 - 2015/9/14

N2 - For decades buffer overflows have been one of the most prevalent and dangerous software vulnerabilities. Although many techniques have been proposed to address the problem, they mostly introduce a very high overhead while others assume the availability of a separate system to pinpoint attacks or provide detailed traces for defense generation, which is very slow in itself and requires considerable extra resources. We propose an efficient solution against heap buffer overflows that integrates exploit detection, defense generation, and overflow prevention in a single system, named Heap Therapy. During program execution it conducts on-the-fly lightweight trace collection and exploit detection, and initiates automated diagnosis upon detection to generate defenses in real-time. It can handle both over-write and over-read attacks, such as the recent Heartbleed attack. The system has no false positives, and keeps effective under polymorphic exploits.%as the generated defense captures semantic characteristics of exploits. It is compliant with mainstream hardware and operating systems, and does not rely on specific allocation algorithms. We evaluated Heap Therapy on a variety of services (database, web, and ftp) and benchmarks (SPEC CPU2006), it incurs a very low average overhead in terms of both speed (6.2%) and memory (7.7%).

AB - For decades buffer overflows have been one of the most prevalent and dangerous software vulnerabilities. Although many techniques have been proposed to address the problem, they mostly introduce a very high overhead while others assume the availability of a separate system to pinpoint attacks or provide detailed traces for defense generation, which is very slow in itself and requires considerable extra resources. We propose an efficient solution against heap buffer overflows that integrates exploit detection, defense generation, and overflow prevention in a single system, named Heap Therapy. During program execution it conducts on-the-fly lightweight trace collection and exploit detection, and initiates automated diagnosis upon detection to generate defenses in real-time. It can handle both over-write and over-read attacks, such as the recent Heartbleed attack. The system has no false positives, and keeps effective under polymorphic exploits.%as the generated defense captures semantic characteristics of exploits. It is compliant with mainstream hardware and operating systems, and does not rely on specific allocation algorithms. We evaluated Heap Therapy on a variety of services (database, web, and ftp) and benchmarks (SPEC CPU2006), it incurs a very low average overhead in terms of both speed (6.2%) and memory (7.7%).

UR - http://www.scopus.com/inward/record.url?scp=84950138681&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84950138681&partnerID=8YFLogxK

U2 - 10.1109/DSN.2015.54

DO - 10.1109/DSN.2015.54

M3 - Conference contribution

VL - 2015-September

SP - 485

EP - 496

BT - Proceedings - 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015

PB - IEEE Computer Society

ER -

Zeng Q, Zhao M, Liu P. HeapTherapy: An Efficient End-to-End Solution against Heap Buffer Overflows. In Proceedings - 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015. Vol. 2015-September. IEEE Computer Society. 2015. p. 485-496. 7266875 https://doi.org/10.1109/DSN.2015.54