Attacks on the heap are an increasingly severe threat. State-of-the-art secure dynamic memory allocators can offer protection, however their memory footprint is high, making them suboptimal in many situations. We introduce Slim-Guard, a secure allocator whose design is driven by memory efficiency. Among other features, SlimGuard uses an efficient fine-grain size classes indexing mechanism and implements a novel dynamic canary scheme. It offers a low memory overhead due its size classes optimized for canary usage, its on-demand metadata allocation, and the combination of randomized allocations and over-provisioning into a single memory efficient security feature. SlimGuard protects against widespread heap-related attacks such as overflows, over-reads, double/invalid free, and use-after-free. Evaluation over a wide range of applications shows that it offers a significant reduction in memory consumption compared to the state-of-the-art secure allocator (up to 2x in macro-benchmarks), while offering similar or better security guarantees and good performance.
|Title of host publication||Middleware '19: Proceedings of the 20th International Middleware Conference|
|Publisher||Association for Computing Machinery|
|Publication status||Published - 9 Dec 2019|
|Event||Middleware 2019 - UC Davis, Davis, United States|
Duration: 9 Dec 2019 → 13 Dec 2019
|Period||9/12/19 → 13/12/19|