Yves Younan, W. Joosen, F. Piessens, Hans Van den Eynden
{"title":"Improving Memory Management Security for C and C++","authors":"Yves Younan, W. Joosen, F. Piessens, Hans Van den Eynden","doi":"10.4018/JSSE.2010040104","DOIUrl":null,"url":null,"abstract":"Memory managers are an important part of modern language and are used to dynamically allocate memory. Many managers exist; however, two major types can be identified: manual memory allocators and garbage collectors. In the case of manual memory allocators, the programmer must manually release memory back to the system when it is no longer needed. Problems can occur when a programmer forgets to release it, releases it twice or uses freed memory. These problems are solved in garbage collectors. However, both manual memory allocators and garbage collectors store management information. This paper describes several vulnerabilities for C and C++ and how these could be remedied by modifying the management information of a representative manual memory allocator and garbage collector. Additionally, the authors present an approach that, when applied to memory managers, will protect against these attack vectors.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"70 1","pages":"57-82"},"PeriodicalIF":0.0000,"publicationDate":"2010-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International journal of secure software engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/JSSE.2010040104","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6
Abstract
Memory managers are an important part of modern language and are used to dynamically allocate memory. Many managers exist; however, two major types can be identified: manual memory allocators and garbage collectors. In the case of manual memory allocators, the programmer must manually release memory back to the system when it is no longer needed. Problems can occur when a programmer forgets to release it, releases it twice or uses freed memory. These problems are solved in garbage collectors. However, both manual memory allocators and garbage collectors store management information. This paper describes several vulnerabilities for C and C++ and how these could be remedied by modifying the management information of a representative manual memory allocator and garbage collector. Additionally, the authors present an approach that, when applied to memory managers, will protect against these attack vectors.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
