Now Offering a 50% Discount When a Minimum of Five Titles in Related Subject Areas are Purchased TogetherAlso, receive free worldwide shipping on orders over US$ 395.(This offer will be automatically applied upon checkout and is applicable to print & digital publications)Browse Titles

Special Offers
- Receive a 50% Discount When a Minimum of Five Titles are Purchased Together
  This 50% discount is automatically applied upon checkout and is only applicable when five or more reference books and scholarly journals are ordered. Discount valid on purchases made directly through IGI Global’s Online Bookstore (www.igi-global.com) and cannot be combined with any other discount. It may not be used by distributors or book sellers and the offer does not apply to databases. Exclusions of select titles may apply.
  Browse Titles
- IGI Global Converts Over 30+ Journals to Full Gold Open Access (OA)
  With access to digital resources and OA content being critical during this time, IGI Global has converted 30 journals to full Gold OA. IGI Global OA provides a quality, expediate, high-quality OA publishing process, flexible funding options, and more, which allows researchers to benefit from freely and immediately sharing their peer-reviewed research with the world.
  Learn More
- Additional Source of OA Funding When Your Institution Invests in IGI Global’s InfoSci-Databases
  When an institution invests in IGI Global’s InfoSci-Databases, IGI Global will match the library’s investment with a fund of equal value to go toward subsidizing the OA article processing charges (APCs) for faculty at that institution when their work is submitted and accepted under OA (following peer review) into an IGI Global journal.
  Learn More
- Reduced Research Anthology Pricing
  Based on the increased interest in our Research Anthologies line from last year and understanding current budgetary limitations, IGI Global is reducing the price of our multi-volume Research Anthologies up to 50%. These publications are ideal for accommodating library budgets, as they contain hand-selected research content of the highest quality.
  Learn More
- Receive Complimentary Electronic Access to the First, Second, Third, and Fourth Edition of the
  Encyclopedia of Information Science and Technology with the Purchase of the Fifth Edition
  For a limited time, receive the complimentary e-books for the first, second, third, and fourth editions with the purchase of the Encyclopedia of Information Science and Technology, Fifth Edition e-book*. Offer is only valid when purchasing the fifth edition’s hardcover + e-book or e-book only option directly through IGI Global’s Online Bookstore (www.igi-global.com/books) and is not intended for use by book distributors or wholesalers. Contact Customer Service, cust@igi-global.com, for details. Offer expires July 1, 2021.
  Learn More
- Offering a 5% Pre-Publication Discount on
  All Reference Books Ordered Through IGI Global’s Online Bookstore*
  To support customers with accessing the latest research, IGI Global is offering a 5% pre-publication discount on all hardcover, softcover, e-books, and hardcover + e-books titles.
  *5% discount offer is eligible on hardcover, softcover, e-books, and hardcover + e-books titles and is automatically applied directly to the shopping cart. Discount offer only valid on purchases made directly through IGI Global’s Online Bookstore and offer expires 30 days after the publication’s release. This automatic discount is not intended for use by book distributors or wholesalers.
  Browse Titles
- Receive Free Shipping on Orders Over US$ 295.00
  Free shipping will be automatically applied to shopping cart orders over US$ 295.00 or more before tax, which can include a combination of print and non-shippable products (i.e. e-books, e-journals, and articles/chapters). It is only available when you order directly through IGI Global’s Online Bookstore and is only valid on standard U.S. and international shipping. There will be additional charges for express shipping and limitations may apply.
  Browse Titles
- Create a Free IGI Global Library Account to Receive an Additional 5% Discount on All Purchases
  Exclusive benefits include one-click shopping, flexible payment options, free COUNTER 5 reports and MARC records, and a 5% discount on single all titles, as well as the award-winning InfoSci^®-Databases.
  Sign Up Now!
Books
Journals
- - Journals
  - Open Access Journals
InfoSci^®-Databases
Articles/Chapters
Publish with Us
Resources
- - Instructors
  - Course Adoption
  - Teaching Cases
  - K-12 Online Learning Collection
  - Authors and Editors
  - eEditorial Discovery^® System
  - Peer Review Process
  - Ethics and Malpractice
  - COPE Membership
  - Fair Use Policy
  - Open Access Publishing
  - Editorial Services
  - FAQ
Catalogs
About Us
Newsroom

Improving Memory Management Security for C and C++

Yves Younan (Katholieke Universiteit Leuven, Belgium), Wouter Joosen (Katholieke Universiteit Leuven, Belgium), Frank Piessens (Katholieke Universiteit Leuven, Belgium) and Hans Van den Eynden (Katholieke Universiteit Leuven, Belgium)

Source Title: International Journal of Secure Software Engineering (IJSSE) 1(2)

DOI: 10.4018/jsse.2010040104

OnDemand PDF Download:

Available

$37.50

Current Special Offers

No Current Special Offers

Abstract

Memory managers are an important part of modern language and are used to dynamically allocate memory. Many managers exist; however, two major types can be identified: manual memory allocators and garbage collectors. In the case of manual memory allocators, the programmer must manually release memory back to the system when it is no longer needed. Problems can occur when a programmer forgets to release it, releases it twice or uses freed memory. These problems are solved in garbage collectors. However, both manual memory allocators and garbage collectors store management information. This paper describes several vulnerabilities for C and C++ and how these could be remedied by modifying the management information of a representative manual memory allocator and garbage collector. Additionally, the authors present an approach that, when applied to memory managers, will protect against these attack vectors.

Article Preview

Top

Heap-Based Vulnerabilities For Code Injection Attacks

There are a number of vulnerabilities that occur frequently and as such have become a favorite for attackers to use to perform code injection. We will examine how different memory allocators might be misused by using one of three common vulnerabilities: “heap-based buffer overflows”, “off by one errors” and “dangling pointer references”. In this section we will describe what these vulnerabilities are and how they could lead to a code injection attack.

Heap-Based Buffer Overflow

Heap memory is dynamically allocated at run-time by the application. Buffer overflow, which are usually exploited on the stack, are also possible in this kind of memory. Exploitation of such heap-based buffer overflows usually relies on finding either function pointers or by performing an indirect pointer attack (Bulba & Kil3r, 2000) on data pointers in this memory area. However, these pointers are not always present in the data stored by the program in this memory. As such, most attackers overwrite the memory management information that the memory allocator stores in or around memory chunks it manages. By modifying this information, attackers can perform an indirect pointer overwrite. This allows attackers to overwrite arbitrary memory locations, which could lead to a code injection attack (anonymous, 2001; Younan, 2003). In the following sections we will describe how an attacker could use specific memory managers to perform this kind of attack.

Complete Article List

Search this Journal:

Reset

Open Access Articles: Forthcoming

Volume 8: 4 Issues (2017)

Volume 7: 4 Issues (2016)

Volume 6: 4 Issues (2015)

Volume 5: 4 Issues (2014)

Volume 4: 4 Issues (2013)

Volume 3: 4 Issues (2012)

Volume 2: 4 Issues (2011)

Volume 1: 4 Issues (2010)

View Complete Journal Contents Listing

MLA

APA

Chicago

Export Reference

Improving Memory Management Security for C and C++

Abstract

Heap-Based Vulnerabilities For Code Injection Attacks

Heap-Based Buffer Overflow

Complete Article List