Temporal memory safety vulnerabilities can allow attackers to escalate privileges on Linux based devices. This paper presents two solutions to temporal safety vulnerabilities. First, we present the Bounce Allocator: A pool-based memory allocator designed to mitigate temporal memory safety errors on ARMv8.5-A based Linux devices. Other solutions do not effectively mitigate temporal memory safety errors or have large memory and performance overheads that makes them unsuitable for production environments. The Bounce Allocator achieves entropy comparable with other solutions while using significantly less memory and having improved runtime performance. The Bounce Allocator is implemented on top of an existing allocator to help preserve kmalloc caching performance. This paper also presents Tag Exclusion Sets: A simple solution that deterministically prevents a subset of temporal memory safety attacks in the Linux kernel. This solution has little runtime overhead and no memory overhead and requires little change to the memory allocator.

Creator

• Backer, Jake

Contributors

• Shue, Craig A.
• Walls, Robert Joseph

Degree

• MS

Unit

• Computer Science

Publisher

• Worcester Polytechnic Institute

Identifier

• etd-104781

Keyword

• Memory Safety
• Security
• Linux
• Cybersecurity
• Memory Allocator
• ARM

Advisor

• Walls, Robert Joseph

Orcid

• https://orcid.org/0000-0003-2282-4943

Defense date

• 2023-04-20

Year

• 2023

Date created

• 2023-04-25

Resource type

• Thesis

Source

• etd-104781

Rights statement

• In Copyright

License

• Creative Commons BY-NC Attribution-NonCommercial 4.0 International

Last modified

• 2023-11-06