Proceedings of the Korea Information Processing Society Conference (한국정보처리학회:학술대회논문집)

  • 2024.05a
  • /
  • Pages.279-282
  • /
  • 2024
  • /
  • 2005-0011(pISSN)
  • /
  • 2671-7298(eISSN)
Korea Information Processing Society (한국정보처리학회)
권호 표지

A Study on Defense Technique Against Use-After-Free Attacks Using MTE

MTE 를 활용한 사용 후 해제 공격 방어기법 연구

  • Yunseong Hwang (Dept. of Electrical and Computer Engineering and Inter-University Semiconductor Research Center(ISRC), Seoul National University) ;
  • Junseung You (Dept. of Electrical and Computer Engineering and Inter-University Semiconductor Research Center(ISRC), Seoul National University) ;
  • Yunheung Paek (Dept. of Electrical and Computer Engineering and Inter-University Semiconductor Research Center(ISRC), Seoul National University)
  • 황윤성 (서울대학교 전기정보공학부, 반도체공동연구소) ;
  • 유준승 (서울대학교 전기정보공학부, 반도체공동연구소) ;
  • 백윤흥 (서울대학교 전기정보공학부, 반도체공동연구소)
  • Published : 2024.05.23
Download PDF
⟨ Previous Next ⟩

Abstract

The Use-after-free (UAF) bug is a long-standing temporal memory safety issue. To prevent UAF attacks, two commonly used approaches are lock-and-key and pointer nullification. Recently, ARM architecture supports the Memory Tagging Extension (MTE) that implemented a lock-and-key mechanism using a 4-bit tag during memory access. Previous research proposed a virtual address tagging scheme utilizing MTE to prevent UAF attacks. In this paper, we aimed to measure a simplified version of the previously proposed virtual address tagging scheme on real machines supporting MTE by implementing a simple module and conducting experiments.

Keywords

Acknowledgement

This work was supported by the BK21 FOUR program of the Education and Research Program for Future ICT Pioneers, Seoul National University in 2024. This work was supported by Institute of Information & communications Technology Planning & Evaluation (IITP) under the artificial intelligence semiconductor support program to nurture the best talents (IITP-2023-RS-2023-00256081) grant funded by the Korea government(MSIT). This work was supported by the National Research Foundation of Korea(NRF) grant funded by the Korea government(MSIT) (RS-2023-00277326). This work was supported by Inter-University Semiconductor Research Center (ISRC).

References

  1. CVE-2024-31083 https://nvd.nist.gov/vuln/detail/CVE-2024-31083
  2. CVE-2024-3299 https://nvd.nist.gov/vuln/detail/CVE-2024-3299
  3. CVE-2024-26801 https://nvd.nist.gov/vuln/detail/CVE-2024-26801
  4. Van Der Kouwe, E., Nigade, V., & Giuffrida, C. (2017, April). Dangsan: Scalable use-after-free detection. In Proceedings of the Twelfth European Conference on Computer Systems (pp. 405-419).
  5. Caballero, J., Grieco, G., Marron, M., & Nappa, A. (2012, July). Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities. In Proceedings of the 2012 International Symposium on Software Testing and Analysis (pp. 133-143).
  6. Lee, B., Song, C., Jang, Y., Wang, T., Kim, T., Lu, L., & Lee, W. (2015, February). Preventing Use-after-free with Dangling Pointers Nullification. In NDSS. 
  7. Ainsworth, S., & Jones, T. M. (2020, May). MarkUs: Drop-in use-after-free prevention for low-level languages. In 2020 IEEE Symposium on Security and Privacy (SP) (pp. 578-591). IEEE.
  8. Erdos, M., Ainsworth, S., & Jones, T. M. (2022, February). MineSweeper: a "clean sweep" for drop-in use-after-free prevention. In Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (pp. 212-225).
  9. ARM Limited, ''Armv8.5-A memory tagging extension,'' White Paper, 2021.
  10. Bang, I., Kayondo, M., You, J., Kwon, D., Cho, Y., & Paek, Y. (2023). Enhancing a Lock-and-key Scheme with MTE to Mitigate Use-After-Frees. IEEE Access.
  11. S. Nagarakatte, J. Zhao, M. M. K. Martin, and S. dancewic, ''CETS: Compiler enforced temporal safety for C,'' in Proc. Int. Symp. Memory Manage., Jun. 2010, pp. 31-40.
  12. T. H. Y. Dang, P. Maniatis, and D. Wagner, ''Oscar: A practical pagepermissions-based scheme for thwarting dangling pointers,'' in Proc. 26th USENIX Secur. Symp., 2017, pp. 815-832.
  13. Memory Tagging Extension User-Space Support, 2020. [Online]. Available: https://lore.kernel.org/linux-arm-kernel/20200703153718.16973-1-catalin.marinas@arm.com