10% Discount on All E-Books through IGI Global’s Online Bookstore Extended(10% discount on all e-books cannot be combined with most offers. Discount is valid on purchases made directly through IGI Global Online Bookstore (www.igi-global.com)
and may not be utilized by booksellers and distributors. Offer does not apply to e-Collections and exclusions of select titles may apply. Offer expires June 30, 2022.)Browse Titles

Special Offers
- 10% Discount on All E-Books through IGI Global’s Online Bookstore
  With the continued paper shortages and supply chain issues, we have been informed by our partners that there will be substantial delays in printing and shipping publications, especially as we approach the holiday season. To help incentive the electronic format and streamline access to the latest research, we are offering a 10% discount on all our e-books through IGI Global’s Online Bookstore. Hosted on the InfoSci^® platform, these titles feature no DRM, no additional cost for multi-user licensing, no embargo of content, full-text PDF & HTML format, and more.
  Browse Titles
- IGI Global to Convert an Additional 30 Journals to Full Gold Open Access for the 2022 Volume Year
  IGI Global is to convert an additional 30 journals to full gold open access (OA) for their 2022 volume year, which will expand their OA collection to contain 60 gold open access and one (1) platinum open access journal.
  Learn More
- All IGI Global Scholarly Journals Shift to "Digital Preferred" Format
  In response to the overwhelming demand for electronic content coupled with the mission to decrease the overall environmental impacts of print production and distribution, all IGI Global journals will shift into a digital preferred model for the 2022 volume year. Under this model, journals will become primarily available under electronic format and articles will be immediately available upon acceptance. Print subscriptions and print + electronic subscriptions will still be available, but for the print version, all articles that are published during the volume year will become available at the end of the year in a single (1) printed volume.
  Learn More
- IGI Global’s New DEI e-Book Collection
  Acquire Over 320+ E-Books on Diversity, Equity, and Inclusivity from a publisher that has been dedicated to DEI since its inception over 30 years ago. Now, benefit from a collection of all of our DEI e-Books at a 90% Discount.
  Learn More
- Offering a 5% Pre-Publication Discount on
  All Reference Books Ordered Through IGI Global’s Online Bookstore*
  To support customers with accessing the latest research, IGI Global is offering a 5% pre-publication discount on all hardcover, softcover, e-books, and hardcover + e-books titles.
  *5% discount offer is eligible on hardcover, softcover, e-books, and hardcover + e-books titles and is automatically applied directly to the shopping cart. Discount offer only valid on purchases made directly through IGI Global’s Online Bookstore and offer expires 30 days after the publication’s release. This automatic discount is not intended for use by book distributors or wholesalers.
  Browse Titles
Books
Journals
e-Collections
- - e-Collections
  - Transformative Open Access (Read & Publish)
Open Access
Publish with Us
Resources
- - Instructors
  - Course Adoption
  - Teaching Cases
  - K-12 Online Learning Collection
  - Authors and Editors
  - eEditorial Discovery^® System
  - Peer Review Process
  - Ethics and Malpractice
  - COPE Membership
  - Fair Use Policy
  - Open Access Publishing
  - Author Services
  - FAQ
Catalogs
About Us
Newsroom

Improving Memory Management Security for C and C++

Yves Younan (Katholieke Universiteit Leuven, Belgium), Wouter Joosen (Katholieke Universiteit Leuven, Belgium), Frank Piessens (Katholieke Universiteit Leuven, Belgium) and Hans Van den Eynden (Katholieke Universiteit Leuven, Belgium)

Source Title: International Journal of Secure Software Engineering (IJSSE) 1(2)

DOI: 10.4018/jsse.2010040104

OnDemand PDF Download:

Available

$37.50

Current Special Offers

No Current Special Offers

Abstract

Memory managers are an important part of modern language and are used to dynamically allocate memory. Many managers exist; however, two major types can be identified: manual memory allocators and garbage collectors. In the case of manual memory allocators, the programmer must manually release memory back to the system when it is no longer needed. Problems can occur when a programmer forgets to release it, releases it twice or uses freed memory. These problems are solved in garbage collectors. However, both manual memory allocators and garbage collectors store management information. This paper describes several vulnerabilities for C and C++ and how these could be remedied by modifying the management information of a representative manual memory allocator and garbage collector. Additionally, the authors present an approach that, when applied to memory managers, will protect against these attack vectors.

Article Preview

Top

Heap-Based Vulnerabilities For Code Injection Attacks

There are a number of vulnerabilities that occur frequently and as such have become a favorite for attackers to use to perform code injection. We will examine how different memory allocators might be misused by using one of three common vulnerabilities: “heap-based buffer overflows”, “off by one errors” and “dangling pointer references”. In this section we will describe what these vulnerabilities are and how they could lead to a code injection attack.

Heap-Based Buffer Overflow

Heap memory is dynamically allocated at run-time by the application. Buffer overflow, which are usually exploited on the stack, are also possible in this kind of memory. Exploitation of such heap-based buffer overflows usually relies on finding either function pointers or by performing an indirect pointer attack (Bulba & Kil3r, 2000) on data pointers in this memory area. However, these pointers are not always present in the data stored by the program in this memory. As such, most attackers overwrite the memory management information that the memory allocator stores in or around memory chunks it manages. By modifying this information, attackers can perform an indirect pointer overwrite. This allows attackers to overwrite arbitrary memory locations, which could lead to a code injection attack (anonymous, 2001; Younan, 2003). In the following sections we will describe how an attacker could use specific memory managers to perform this kind of attack.

Complete Article List

Search this Journal:

Reset

Open Access Articles: Forthcoming

Volume 8: 4 Issues (2017)

Volume 7: 4 Issues (2016)

Volume 6: 4 Issues (2015)

Volume 5: 4 Issues (2014)

Volume 4: 4 Issues (2013)

Volume 3: 4 Issues (2012)

Volume 2: 4 Issues (2011)

Volume 1: 4 Issues (2010)

View Complete Journal Contents Listing

MLA

APA

Chicago

Export Reference

Improving Memory Management Security for C and C++

Abstract

Heap-Based Vulnerabilities For Code Injection Attacks

Heap-Based Buffer Overflow

Complete Article List