SlimGuard: A Secure and Memory-Efficient Heap Allocator

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Attacks on the heap are an increasingly severe threat. State-of-the-art secure dynamic memory allocators can offer protection, however their memory footprint is high, making them suboptimal in many situations. We introduce Slim-Guard, a secure allocator whose design is driven by memory efficiency. Among other features, SlimGuard uses an efficient fine-grain size classes indexing mechanism and implements a novel dynamic canary scheme. It offers a low memory overhead due its size classes optimized for canary usage, its on-demand metadata allocation, and the combination of randomized allocations and over-provisioning into a single memory efficient security feature. SlimGuard protects against widespread heap-related attacks such as overflows, over-reads, double/invalid free, and use-after-free. Evaluation over a wide range of applications shows that it offers a significant reduction in memory consumption compared to the state-of-the-art secure allocator (up to 2x in macro-benchmarks), while offering similar or better security guarantees and good performance.

Bibliographical metadata

Original languageEnglish
Title of host publicationMiddleware '19: Proceedings of the 20th International Middleware Conference
PublisherAssociation for Computing Machinery
Pages1-13
ISBN (Electronic)978-1-4503-7009-7
DOIs
Publication statusPublished - 9 Dec 2019
EventMiddleware 2019 - UC Davis, Davis, United States
Event duration: 9 Dec 201913 Dec 2019

Conference

ConferenceMiddleware 2019
CountryUnited States
CityDavis
Period9/12/1913/12/19

Related information

Researchers

View all