Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

CAMP: Compiler and Allocator-based Heap Memory Protection

Zhenpeng Lin, Zheng Yu, Ziyi Guo, Simone Campanoni, Peter Dinda, Xinyu Xing

TL;DR

Evaluation and comparison of CAMP with existing tools show that it provides even better heap corruption detection capability with lower runtime overhead, and minimizes runtime overhead without sacrificing security guarantees.

Abstract

The heap is a critical and widely used component of many applications. Due to its dynamic nature, combined with the complexity of heap management algorithms, it is also a frequent target for security exploits. To enhance the heap's security, various heap protection techniques have been introduced, but they either introduce significant runtime overhead or have limited protection. We present CAMP, a new sanitizer for detecting and capturing heap memory corruption. CAMP leverages a compiler and a customized memory allocator. The compiler adds boundary-checking and escape-tracking instructions to the target program, while the memory allocator tracks memory ranges, coordinates with the instrumentation, and neutralizes dangling pointers. With the novel error detection scheme, CAMP enables various compiler optimization strategies and thus eliminates redundant and unnecessary check instrumentation. This design minimizes runtime overhead without sacrificing security guarantees. Our evaluation and comparison of CAMP with existing tools, using both real-world applications and SPEC CPU benchmarks, show that it provides even better heap corruption detection capability with lower runtime overhead.

CAMP: Compiler and Allocator-based Heap Memory Protection

TL;DR

Evaluation and comparison of CAMP with existing tools show that it provides even better heap corruption detection capability with lower runtime overhead, and minimizes runtime overhead without sacrificing security guarantees.

Abstract

The heap is a critical and widely used component of many applications. Due to its dynamic nature, combined with the complexity of heap management algorithms, it is also a frequent target for security exploits. To enhance the heap's security, various heap protection techniques have been introduced, but they either introduce significant runtime overhead or have limited protection. We present CAMP, a new sanitizer for detecting and capturing heap memory corruption. CAMP leverages a compiler and a customized memory allocator. The compiler adds boundary-checking and escape-tracking instructions to the target program, while the memory allocator tracks memory ranges, coordinates with the instrumentation, and neutralizes dangling pointers. With the novel error detection scheme, CAMP enables various compiler optimization strategies and thus eliminates redundant and unnecessary check instrumentation. This design minimizes runtime overhead without sacrificing security guarantees. Our evaluation and comparison of CAMP with existing tools, using both real-world applications and SPEC CPU benchmarks, show that it provides even better heap corruption detection capability with lower runtime overhead.
Paper Structure (46 sections, 2 figures, 9 tables, 1 algorithm)

This paper contains 46 sections, 2 figures, 9 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Background
  3. Heap Memory Corruption & Protection
  4. Heap Overflow.
  5. Heap Use-After-Free.
  6. Heap Memory Allocator
  7. Assumptions & Threat Model
  8. CAMP
  9. A vulnerable toy program
  10. CAMP's Protection
  11. Pointer Validation.
  12. Neutralizing Dangling Pointers.
  13. Design Overview
  14. Compiler Instrumentation
  15. Instrumenting Range Checking.
  16. ...and 31 more sections

Figures (2)

  • Figure 1: The design overview of CAMP.
  • Figure 2: Evaluation result of CAMP breakdown on SPEC CPU2017. From left to right, the bars show the normalized time of tcmalloc replacement, CAMP, CAMP with each optimization disabled, and CAMP without optimization.