SlimGuard: A Secure and Memory-Efficient Heap Allocator

Beichen Liu; Pierre Olivier; Binoy Ravindran

doi:10.1145/3361525.3361532

SlimGuardCitation formats

Authors:
Beichen Liu
Pierre Olivier
Binoy Ravindran

Standard

SlimGuard : A Secure and Memory-Efficient Heap Allocator. / Liu, Beichen; Olivier, Pierre; Ravindran, Binoy.

Middleware '19: Proceedings of the 20th International Middleware Conference . Association for Computing Machinery, 2019. p. 1-13.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Harvard

Liu, B, Olivier, P & Ravindran, B 2019, SlimGuard: A Secure and Memory-Efficient Heap Allocator. in Middleware '19: Proceedings of the 20th International Middleware Conference . Association for Computing Machinery, pp. 1-13, Middleware 2019, Davis, United States, 9/12/19. https://doi.org/10.1145/3361525.3361532

APA

Liu, B., Olivier, P., & Ravindran, B. (2019). SlimGuard: A Secure and Memory-Efficient Heap Allocator. In Middleware '19: Proceedings of the 20th International Middleware Conference (pp. 1-13). Association for Computing Machinery. https://doi.org/10.1145/3361525.3361532

Vancouver

Liu B, Olivier P, Ravindran B. SlimGuard: A Secure and Memory-Efficient Heap Allocator. In Middleware '19: Proceedings of the 20th International Middleware Conference . Association for Computing Machinery. 2019. p. 1-13 https://doi.org/10.1145/3361525.3361532

Author

Liu, Beichen ; Olivier, Pierre ; Ravindran, Binoy. / SlimGuard : A Secure and Memory-Efficient Heap Allocator. Middleware '19: Proceedings of the 20th International Middleware Conference . Association for Computing Machinery, 2019. pp. 1-13

Bibtex

@inproceedings{335ae0a678c64250af466ef831265ae7,

title = "SlimGuard: A Secure and Memory-Efficient Heap Allocator",

abstract = "Attacks on the heap are an increasingly severe threat. State-of-the-art secure dynamic memory allocators can offer protection, however their memory footprint is high, making them suboptimal in many situations. We introduce Slim-Guard, a secure allocator whose design is driven by memory efficiency. Among other features, SlimGuard uses an efficient fine-grain size classes indexing mechanism and implements a novel dynamic canary scheme. It offers a low memory overhead due its size classes optimized for canary usage, its on-demand metadata allocation, and the combination of randomized allocations and over-provisioning into a single memory efficient security feature. SlimGuard protects against widespread heap-related attacks such as overflows, over-reads, double/invalid free, and use-after-free. Evaluation over a wide range of applications shows that it offers a significant reduction in memory consumption compared to the state-of-the-art secure allocator (up to 2x in macro-benchmarks), while offering similar or better security guarantees and good performance.",

author = "Beichen Liu and Pierre Olivier and Binoy Ravindran",

year = "2019",

month = dec,

day = "9",

doi = "10.1145/3361525.3361532",

language = "English",

pages = "1--13",

booktitle = "Middleware '19: Proceedings of the 20th International Middleware Conference",

publisher = "Association for Computing Machinery",

address = "United States",

note = "Middleware 2019 ; Conference date: 09-12-2019 Through 13-12-2019",

}

RIS

TY - GEN

T1 - SlimGuard

T2 - Middleware 2019

AU - Liu, Beichen

AU - Olivier, Pierre

AU - Ravindran, Binoy

PY - 2019/12/9

Y1 - 2019/12/9

N2 - Attacks on the heap are an increasingly severe threat. State-of-the-art secure dynamic memory allocators can offer protection, however their memory footprint is high, making them suboptimal in many situations. We introduce Slim-Guard, a secure allocator whose design is driven by memory efficiency. Among other features, SlimGuard uses an efficient fine-grain size classes indexing mechanism and implements a novel dynamic canary scheme. It offers a low memory overhead due its size classes optimized for canary usage, its on-demand metadata allocation, and the combination of randomized allocations and over-provisioning into a single memory efficient security feature. SlimGuard protects against widespread heap-related attacks such as overflows, over-reads, double/invalid free, and use-after-free. Evaluation over a wide range of applications shows that it offers a significant reduction in memory consumption compared to the state-of-the-art secure allocator (up to 2x in macro-benchmarks), while offering similar or better security guarantees and good performance.

AB - Attacks on the heap are an increasingly severe threat. State-of-the-art secure dynamic memory allocators can offer protection, however their memory footprint is high, making them suboptimal in many situations. We introduce Slim-Guard, a secure allocator whose design is driven by memory efficiency. Among other features, SlimGuard uses an efficient fine-grain size classes indexing mechanism and implements a novel dynamic canary scheme. It offers a low memory overhead due its size classes optimized for canary usage, its on-demand metadata allocation, and the combination of randomized allocations and over-provisioning into a single memory efficient security feature. SlimGuard protects against widespread heap-related attacks such as overflows, over-reads, double/invalid free, and use-after-free. Evaluation over a wide range of applications shows that it offers a significant reduction in memory consumption compared to the state-of-the-art secure allocator (up to 2x in macro-benchmarks), while offering similar or better security guarantees and good performance.

U2 - 10.1145/3361525.3361532

DO - 10.1145/3361525.3361532

M3 - Conference contribution

SP - 1

EP - 13

BT - Middleware '19: Proceedings of the 20th International Middleware Conference

PB - Association for Computing Machinery

Y2 - 9 December 2019 through 13 December 2019

ER -