Security of memory allocators for C and C++
Authors: Yves Younan, Wouter Joosen and Frank Piessens and Hans Van den Eynden
Published as: Technical Report CW419, Departement Computerwetenschappen, Katholieke Universiteit Leuven
Date: July 2005
Abstract: Most memory allocators ignore security issues. Instead they focus on maximizing performance and limiting fragmentation and waste. While these are very important issues for a memory allocator, in the days of worms that use code injection attacks to cause significant economical damage, security can not be ignored. This
paper evaluates a representative set of commonly used memory allocators for C and C++ with respect to their resilience against code injection attacks. We present a significant improvement for memory allocators in order to increase robustness against code injection attacks. We evaluate this new approach in terms of performance and
memory usage and show that the associated overhead is negligible.
| Attachment | Size |
|---|---|
| CW419.pdf | 192.47 KB |
