Full metadata record
DC Field | Value | Language |
---|---|---|
dc.contributor.author | 조영필 | - |
dc.date.accessioned | 2021-04-06T07:51:36Z | - |
dc.date.available | 2021-04-06T07:51:36Z | - |
dc.date.issued | 2020-02 | - |
dc.identifier.citation | Network and Distributed System Security Symposium 2019, Page. 1-15 | en_US |
dc.identifier.isbn | 1-891562-55-X | - |
dc.identifier.uri | https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_05A-4_Shin_paper.pdf | - |
dc.identifier.uri | https://repository.hanyang.ac.kr/handle/20.500.11754/161232 | - |
dc.description.abstract | Pointer invalidation has been a popular approach adopted in many recent studies to mitigate use-after-free errors. The approach can be divided largely into two different schemes: explicit invalidation and implicit invalidation. The former aims to eradicate the root cause of use-after-free errors by invalidating every dangling pointer one by one explicitly. In contrast, the latter aims to prevent dangling pointers by freeing an object only if there is no pointer referring to it. A downside of the explicit scheme is that it is expensive, as it demands high-cost algorithms or a large amount of space to maintain every up-to-date list of pointer locations linking to each object at all times. Implicit invalidation is more efficient in that even without any explicit effort, it can eliminate dangling pointers by leaving objects undeleted until all the links between the objects and their referring pointers vanish by themselves during program execution. However, such an argument only holds if the scheme knows exactly when each link is created and deleted. Reference counting is a traditional method to determine the existence of reference links between objects and pointers. Unfortunately, impeccable reference counting for legacy C/C++ code is very difficult and expensive to achieve in practice, mainly because of the type unsafe operations in the code. In this paper, we present a solution, called CRCount, to the use-after-free problem in legacy C/C++. For effective and efficient problem solving, CRCount is armed with the pointer footprinting technique that enables us to compute, with high accuracy, the reference count of every object referred to by the pointers in the legacy code. Our experiments demonstrate that CRCount mitigates the use-after-free errors with a lower performance-wise and space-wise overhead than the existing pointer invalidation solutions. | en_US |
dc.description.sponsorship | This work was partly supported by MSIT(Ministry of Science and ICT), Korea, under the ITRC(Information Technology Research Center) support program(IITP-2018-2015-0-00403) supervised by the IITP(Institute for Information & communications Technology Promotion), the National Research Foundation of Korea(NRF) grant funded by the Korea government(MSIT) (NRF2017R1A2A1A17069478, NRF-2018R1D1A1B07049870), IITP grant funded by the Korea government(MSIT) (No.2016-0-00078, Cloud based Security Intelligence Technology Development for the Customized Security Service Provisioning; No.2018-0-00230, Development on Autonomous Trust Enhancement Technology of IoT Device and Study on Adaptive IoT Security Open Architecture based on Global Standardization [TrusThingz Project]). The ICT at Seoul National University provides research facilities for this study. | en_US |
dc.language.iso | en | en_US |
dc.publisher | Interne Society | en_US |
dc.title | CRCount: Pointer Invalidation with Reference Counting to Mitigate Use-after-free in Legacy C/C++ | en_US |
dc.type | Article | en_US |
dc.identifier.doi | 10.14722/ndss.2019.23541 | - |
dc.relation.page | 1-15 | - |
dc.contributor.googleauthor | Shin, Jangseop | - |
dc.contributor.googleauthor | Kwon, Donghyun | - |
dc.contributor.googleauthor | Seo, Jiwon | - |
dc.contributor.googleauthor | Cho, Yeongpil | - |
dc.contributor.googleauthor | Paek, Yunheung | - |
dc.relation.code | 20200124 | - |
dc.sector.campus | S | - |
dc.sector.daehak | COLLEGE OF ENGINEERING[S] | - |
dc.sector.department | DEPARTMENT OF COMPUTER SCIENCE | - |
dc.identifier.pid | ypcho | - |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.