Use-After-Free Mitigation via Protected Heap Allocation

Mingbo Zhang, Saman Zonouz

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations


Use after free (UAF) exploits have contributed to many software memory corruption attacks in recent practice. They are especially popular in the world of web browsers. Despite many successful UAF exploits against widely-used applications, state-of-The-Art defense mechanisms have proved to still leave the systems vulnerable. In this paper, we argue that a successful UAF exploit is feasible because of the fine-grained determinism provided by existing heap memory allocators. We introduce a new defense strategy, Zeus, that leverages additional memory buffers to make allocation outcomes locally unpredictable to adversaries. This fine-grained non-determinism prevents exact alignment of subsequent allocations and in-object member fields. It significantly lowers the success rate of a UAF exploit even in the presence of heap sprays. We validated our defense using real recent UAF exploits against several CVE vulnerabilities in large and popular software packages (FireFox and Tor browsers). Zeus was able to terminate all the exploits in early stages and prevented successful location of the gadget addresses for the follow-up return-oriented programming steps of the intrusion. Zeus's runtime performance overhead was negligible (1.2% on average).

Original languageEnglish (US)
Title of host publicationDSC 2018 - 2018 IEEE Conference on Dependable and Secure Computing
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781538657904
StatePublished - Jan 23 2019
Event2018 IEEE Conference on Dependable and Secure Computing, DSC 2018 - Kaohsiung, Taiwan, Province of China
Duration: Dec 10 2018Dec 13 2018

Publication series

NameDSC 2018 - 2018 IEEE Conference on Dependable and Secure Computing


Conference2018 IEEE Conference on Dependable and Secure Computing, DSC 2018
Country/TerritoryTaiwan, Province of China

All Science Journal Classification (ASJC) codes

  • Safety, Risk, Reliability and Quality
  • Software
  • Computer Networks and Communications


Dive into the research topics of 'Use-After-Free Mitigation via Protected Heap Allocation'. Together they form a unique fingerprint.

Cite this