Export Citations
Save this search
Please login to be able to save your searches and receive alerts for new content matching your search criteria.
- research-articleOctober 2023
All Use-After-Free Vulnerabilities Are Not Created Equal: An Empirical Study on Their Characteristics and Detectability
RAID '23: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and DefensesPages 623–638https://doi.org/10.1145/3607199.3607229Over the past decade, use-after-free (UaF) has become one of the most exploited types of vulnerabilities. To address this increasing threat, we need to advance the defense in multiple directions, such as UaF vulnerability detection, UaF exploit defense, ...
- research-articleJanuary 2022
Prevention of DoS Attacks on Use-After-Free Vulnerabilities in Mosquitto
Procedia Computer Science (PROCS), Volume 207, Issue CPages 1763–1772https://doi.org/10.1016/j.procs.2022.09.234AbstractSmartification of public services is being promoted, but smart public services are at significant risk of cyberattacks. One of the most common cyberattacks is a denial-of-service (DoS) attack on unknown vulnerabilities. Recovery from DoS requires ...
- research-articleDecember 2018
Type-After-Type: Practical and Complete Type-Safe Memory Reuse
ACSAC '18: Proceedings of the 34th Annual Computer Security Applications ConferencePages 17–27https://doi.org/10.1145/3274694.3274705Temporal memory errors, such as use-after-free bugs, are increasingly popular among attackers and their exploitation is hard to stop efficiently using current techniques. We present a new design, called Type-After-Type, which builds on abstractions in ...
- research-articleFebruary 2018
nAdroid: statically detecting ordering violations in Android applications
CGO '18: Proceedings of the 2018 International Symposium on Code Generation and OptimizationPages 62–74https://doi.org/10.1145/3168829Modern mobile applications use a hybrid concurrency model. In this model, events are handled sequentially by event loop(s), and long-running tasks are offloaded to other threads. Concurrency errors in this hybrid concurrency model can take multiple forms:...
- ArticleSeptember 2015
SUDUTA: Script UAF Detection Using Taint Analysis
STM 2015: Proceedings of the 11th International Workshop on Security and Trust Management - Volume 9331Pages 136–151https://doi.org/10.1007/978-3-319-24858-5_9Use-after-free UAF vulnerabilities are caused by the use of dangling pointers. Their exploitation inside script engine-hosting applications, e.g. web browsers, can even bypass state-of-the-art countermeasures. This work proposes SUDUTA Script UAF ...