UNIVERSITY  OF  MASSACHUSETTS,  AMHERST    •    Department  of  Computer  Science  

Gene  Novark  &  Emery  Berger  University  of  Massachusetts,  Amherst  

DIEHARDER:  SECURING  THE  HEAP    

[originally  presented  at  CCS  2011]  

UNIVERSITY  OF  MASSACHUSETTS,  AMHERST    •    Department  of  Computer  Science  

DieHard:  ProbabilisFc  Memory  Safety  for  C/C++  Programs  [PLDI  2005]  

Direct  inspira4on  for  Windows  7’s  Fault-­‐Tolerant  Heap  (2009)  

UNIVERSITY  OF  MASSACHUSETTS,  AMHERST    •    Department  of  Computer  Science  

DieHard:  ProbabilisFc  Memory  Safety  for  C/C++  Programs  [PLDI  2005]  

Direct  inspira4on  for  Windows  7’s  Fault-­‐Tolerant  Heap  (2009)  

14  

15  

16  

17  

20  

23  

24  

25  

26  

27  

28  

29  

30  

31  

32  

sensitive  data  /  metadata  

33  

All data / metadata sensitive

sensitive  data  /  metadata  

34  

guard  /  unmapped  page  

35  

guard  /  unmapped  page  

36  

37  

38  

39  

Address-­‐space  layout  randomization  

object free space

heap metadata

object free space prev. object

object size

heap  metadata  (GNU  libc,  others)  

object free space

heap metadata

x

object free space

heap metadata

x

44  

45  

46  

47  

48  

49  

50  

51  

≈ 4-5 bits of entropy

52  

53  

Maximal entropy: log N bits (e.g., ≈ 25-30)

54  

44.2 sec

44.2 sec 41.6 sec

UNIVERSITY  OF  MASSACHUSETTS,  AMHERST    •    Department  of  Computer  Science  

Gene  Novark  &  Emery  Berger  University  of  Massachusetts,  Amherst  

DIEHARDER:  SECURING  THE  HEAP