Dangless: safe dangling pointer errors

Dangless (dangless-malloc) is a memory allocator that aims to eliminate dangling pointer vulnerabilities at a low overhead, using low-overhead virtualisation. It is being developed as my Computer Science Master's thesis with the VUSec research group.

Work on Dangless is currently ongoing.

Presentation

2018 September 24, VU University Amsterdam

Note that the results reported in this presentation were early ones; you can find newer performance figures later on this page, in the Performance section.

Performance (preliminary results)

On the SPEC 2006 benchmarking suite, the C and C++ benchmarks have been executed. Of these, perlbench and omnetpp don't complete successfully, for reasons currently unclear (EPT violation error). For the rest of the benchmarks, prelimianary results are a geometric mean of 5.7% performance overhead and 8.2% memory overhead.

Below, you can see some diagrams comparing Dangless to the performance reported by the current state-of-the-art solution, Oscar (see the paper Oscar: A Practical Page-Permissions-Based Scheme for Thwarting Dangling Pointers, 2017).

Some analysis of the factors behind the performance overhead (Excel sheet with details):

Abstract (preliminary)

Manual memory management required in programming languages like C and C++ has its advantages, but comes at a cost in complexity, frequently leading to bugs and security vulnerabilities. One such example is temporal memory errors, whereby an object or memory region is accessed after it has been deallocated. The pointer through which this access occurs is said to be dangling.

Our solution, Dangless, protects against such bugs by ensuring that any references through dangling pointers are caught immediately. This is done by maintaining a unique virtual alias for each individual allocation. We do this efficiently by running the process in a light-weight virtual environment, where the allocator can directly modify the page tables.

We have evaluated performance on the SPEC 2006 benchmarking suite, and on a majority subset of the benchmarks have found a geometric mean of 5.7% runtime performance overhead and 8.2% memory overhead. This makes Dangless provide temporal heap memory safety at a significantly lesser performance penalty than any previous solutions.