ViK: Practical Mitigation of Temporal Memory Safety Violations through Object ID Inspection

Haehyun Cho; Jinbum Park; Adam Oest; Tiffany Bao; Ruoyu Wang; Yan Shoshitaishvili; Adam Doupé; Gail Joon Ahn

doi:10.1145/3503222.3507780

ViK: Practical Mitigation of Temporal Memory Safety Violations through Object ID Inspection

Haehyun Cho, Jinbum Park, Adam Oest, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé, Gail Joon Ahn

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Scopus citations

Abstract

Temporal memory safety violations, such as use-After-free (UAF) vulnerabilities, are a critical security issue for software written in memory-unsafe languages such as C and C++. In this paper, we introduce ViK, a novel, lightweight, and widely applicable runtime defense that can protect both operating system (OS) kernels and user-space applications against temporal memory safety violations. ViK performs object ID inspection, where it assigns a random identifier to every allocated object and stores the identifier in the unused bits of the corresponding pointer. When the pointer is used, ViK inspects the value of a pointer before dereferencing, ensuring that the pointer still references the original object. To the best of our knowledge, this is the first mitigation against temporal memory safety violations that scales to OS kernels. We evaluated the software prototype of ViK on Android and Linux kernels and observed runtime overhead of around 20%. Also, we evaluated a hardware-Assisted prototype of ViK on Android kernel, where the runtime overhead was as low as 2%.

Original language	English (US)
Title of host publication	ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems
Editors	Babak Falsafi, Michael Ferdman, Shan Lu, Thomas F. Wenisch
Publisher	Association for Computing Machinery
Pages	271-284
Number of pages	14
ISBN (Electronic)	9781450392051
DOIs	https://doi.org/10.1145/3503222.3507780
State	Published - Feb 28 2022
Event	27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2022 - Virtual, Online, Switzerland Duration: Feb 28 2022 → Mar 4 2022

Publication series

Name	International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS

Conference

Conference	27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2022
Country/Territory	Switzerland
City	Virtual, Online
Period	2/28/22 → 3/4/22

Keywords

Operating System Kernels
Temporal Memory Safety Violations

ASJC Scopus subject areas

Software
Information Systems
Hardware and Architecture

Access to Document

10.1145/3503222.3507780

Cite this

Cho, H., Park, J., Oest, A., Bao, T., Wang, R., Shoshitaishvili, Y., Doupé, A., & Ahn, G. J. (2022). ViK: Practical Mitigation of Temporal Memory Safety Violations through Object ID Inspection. In B. Falsafi, M. Ferdman, S. Lu, & T. F. Wenisch (Eds.), ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (pp. 271-284). (International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS). Association for Computing Machinery. https://doi.org/10.1145/3503222.3507780

ViK: Practical Mitigation of Temporal Memory Safety Violations through Object ID Inspection. / Cho, Haehyun; Park, Jinbum; Oest, Adam et al.
ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. ed. / Babak Falsafi; Michael Ferdman; Shan Lu; Thomas F. Wenisch. Association for Computing Machinery, 2022. p. 271-284 (International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Cho, H, Park, J, Oest, A, Bao, T , Wang, R , Shoshitaishvili, Y , Doupé, A & Ahn, GJ 2022, ViK: Practical Mitigation of Temporal Memory Safety Violations through Object ID Inspection. in B Falsafi, M Ferdman, S Lu & TF Wenisch (eds), ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS, Association for Computing Machinery, pp. 271-284, 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2022, Virtual, Online, Switzerland, 2/28/22. https://doi.org/10.1145/3503222.3507780

Cho H, Park J, Oest A, Bao T , Wang R , Shoshitaishvili Y et al. ViK: Practical Mitigation of Temporal Memory Safety Violations through Object ID Inspection. In Falsafi B, Ferdman M, Lu S, Wenisch TF, editors, ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. Association for Computing Machinery. 2022. p. 271-284. (International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS). doi: 10.1145/3503222.3507780

Cho, Haehyun ; Park, Jinbum ; Oest, Adam et al. / ViK : Practical Mitigation of Temporal Memory Safety Violations through Object ID Inspection. ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. editor / Babak Falsafi ; Michael Ferdman ; Shan Lu ; Thomas F. Wenisch. Association for Computing Machinery, 2022. pp. 271-284 (International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS).

@inproceedings{586e7739438a468b87e3969d291ebb23,

title = "ViK: Practical Mitigation of Temporal Memory Safety Violations through Object ID Inspection",

abstract = "Temporal memory safety violations, such as use-After-free (UAF) vulnerabilities, are a critical security issue for software written in memory-unsafe languages such as C and C++. In this paper, we introduce ViK, a novel, lightweight, and widely applicable runtime defense that can protect both operating system (OS) kernels and user-space applications against temporal memory safety violations. ViK performs object ID inspection, where it assigns a random identifier to every allocated object and stores the identifier in the unused bits of the corresponding pointer. When the pointer is used, ViK inspects the value of a pointer before dereferencing, ensuring that the pointer still references the original object. To the best of our knowledge, this is the first mitigation against temporal memory safety violations that scales to OS kernels. We evaluated the software prototype of ViK on Android and Linux kernels and observed runtime overhead of around 20%. Also, we evaluated a hardware-Assisted prototype of ViK on Android kernel, where the runtime overhead was as low as 2%.",

keywords = "Operating System Kernels, Temporal Memory Safety Violations",

author = "Haehyun Cho and Jinbum Park and Adam Oest and Tiffany Bao and Ruoyu Wang and Yan Shoshitaishvili and Adam Doup{\'e} and Ahn, {Gail Joon}",

note = "Publisher Copyright: {\textcopyright} 2022 ACM.; 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2022 ; Conference date: 28-02-2022 Through 04-03-2022",

year = "2022",

month = feb,

day = "28",

doi = "10.1145/3503222.3507780",

language = "English (US)",

series = "International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS",

publisher = "Association for Computing Machinery",

pages = "271--284",

editor = "Babak Falsafi and Michael Ferdman and Shan Lu and Wenisch, {Thomas F.}",

booktitle = "ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems",

}

TY - GEN

T1 - ViK

T2 - 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2022

AU - Cho, Haehyun

AU - Park, Jinbum

AU - Oest, Adam

AU - Bao, Tiffany

AU - Wang, Ruoyu

AU - Shoshitaishvili, Yan

AU - Doupé, Adam

AU - Ahn, Gail Joon

PY - 2022/2/28

Y1 - 2022/2/28

N2 - Temporal memory safety violations, such as use-After-free (UAF) vulnerabilities, are a critical security issue for software written in memory-unsafe languages such as C and C++. In this paper, we introduce ViK, a novel, lightweight, and widely applicable runtime defense that can protect both operating system (OS) kernels and user-space applications against temporal memory safety violations. ViK performs object ID inspection, where it assigns a random identifier to every allocated object and stores the identifier in the unused bits of the corresponding pointer. When the pointer is used, ViK inspects the value of a pointer before dereferencing, ensuring that the pointer still references the original object. To the best of our knowledge, this is the first mitigation against temporal memory safety violations that scales to OS kernels. We evaluated the software prototype of ViK on Android and Linux kernels and observed runtime overhead of around 20%. Also, we evaluated a hardware-Assisted prototype of ViK on Android kernel, where the runtime overhead was as low as 2%.

AB - Temporal memory safety violations, such as use-After-free (UAF) vulnerabilities, are a critical security issue for software written in memory-unsafe languages such as C and C++. In this paper, we introduce ViK, a novel, lightweight, and widely applicable runtime defense that can protect both operating system (OS) kernels and user-space applications against temporal memory safety violations. ViK performs object ID inspection, where it assigns a random identifier to every allocated object and stores the identifier in the unused bits of the corresponding pointer. When the pointer is used, ViK inspects the value of a pointer before dereferencing, ensuring that the pointer still references the original object. To the best of our knowledge, this is the first mitigation against temporal memory safety violations that scales to OS kernels. We evaluated the software prototype of ViK on Android and Linux kernels and observed runtime overhead of around 20%. Also, we evaluated a hardware-Assisted prototype of ViK on Android kernel, where the runtime overhead was as low as 2%.

KW - Operating System Kernels

KW - Temporal Memory Safety Violations

UR - http://www.scopus.com/inward/record.url?scp=85126392909&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85126392909&partnerID=8YFLogxK

U2 - 10.1145/3503222.3507780

DO - 10.1145/3503222.3507780

M3 - Conference contribution

AN - SCOPUS:85126392909

T3 - International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS

SP - 271

EP - 284

BT - ASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

A2 - Falsafi, Babak

A2 - Ferdman, Michael

A2 - Lu, Shan

A2 - Wenisch, Thomas F.

PB - Association for Computing Machinery

Y2 - 28 February 2022 through 4 March 2022

ER -

ViK: Practical Mitigation of Temporal Memory Safety Violations through Object ID Inspection

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this