engleski

SoK: Secure Memory Allocation

Heap-related memory corruption vulnerabilities are a severe threat that continues to wreak havoc in widespread software despite a few decades of research. Research in hardening memory allocation yielded several proposed designs and a large number of techniques designed to mitigate common heap- related vulnerabilities. However, rigid performance requirements imposed by the majority of vulnerable workloads are a severe hindrance to the practical use of secure memory allocation techniques and systems. This paper aims to systematically analyze and classify all secure heap allocation techniques and systems implementing them, which emerged in the last two decades, and compare their performance to conventional systems. We provide a concise overview of heap-related vulnerabilities and construct a threat model to identify previously overlooked and unmitigated threats. We analyze the root causes of performance overheads observed in the existing literature and identify practical issues hindering the adoption of secure memory allocation systems in practice. We conduct fine-grained and coarse-grained benchmarks on real-life workloads and well-known benchmark suites to compare and analyze the overall performance of secure memory allocation systems to conventional ones. Using the aforementioned benchmark results, we compare different designs of secure memory allocation systems and provide guidelines for striking a balance between security and performance in future designs.

Memory allocation ; Systems security ; Memory safety

nije evidentirano