JIS  Vol.10 No.3 , July 2019
Unlink Attack Defense Method Based on New Chunk Structure
Abstract: The Unlink attack is a way of attacking the heap overflow vulnerability under the Linux platform. However, because the heap overflow data seldom directly leads to program control flow hijacking and related protection mechanism limitations, the existing detection technology is difficult to judge whether the program meets the heap overflow attack condition. There are certain inspection measures in the existing unlink mechanism, but with carefully constructing the contents of the heap, you can bypass the inspection measures. The unlink mechanism must be triggered with the free function, and this principle is similar to function-exit of stacks. The paper obtains the inspiration through the canary protection mechanism in the stack, adds it to the chunk structure, encrypts the canary value, and defends the unlink attack from the fundamental structure. The experimental results show that this method can effectively prevent the occurrence of unlink attacks and has the ability to detect common heap overflows.
Cite this paper: Huo, Y. , Wang, G. and Yang, F. (2019) Unlink Attack Defense Method Based on New Chunk Structure. Journal of Information Security, 10, 177-187. doi: 10.4236/jis.2019.103010.

[1]   von Hagen, W. (2006) Building and Installing Glibc. In: The Definitive Guide to GCC, Apress, Berkeley, CA, 247-279.

[2]   Conover, M. (1999) w00w00 on Heap Overflows.

[3]   Sumi, A. (2003) Bounds Checking for C and C++. Social Science Japan Journal, 1, 165-168.

[4]   Dinakar, D. and Vikram, A. (2006) Backwards-Compatible Array Bounds Checking for C with Very Low Overhead. In: Proceedings of the 28th International Conference on Software Engineering, ACM, New York, 162-171.

[5]   Lhee, K. and Chapin, S.J. (2002) Type-Assisted Dynamic Buffer Overflow Detection. In: USENIX Security Symposium, San Francisco, CA, 81-88.

[6]   Robertson, W.K., Kruegel, C., Mutz, D. and Valeur, F. (2003) Run-Time Detection of Heap Based Overflows. In: 2003 Large Installation Systems Administration Conference, San Diego, CA, 51-60.

[7]   Zeng, Q., Wu, D. and Liu, P. (2011) Cruiser: Concurrent Heap Buffer Overflow Monitoring Using Lock-Free Data Structures. In: ACM SIGPLAN Notices, ACM, New York, 367-377.

[8]   Kharbutli, M., Jiang, X., Solihin, Y., Venkataramani, G. and Prvulovic, M. (2006) Comprehensively and Efficiently Protecting the Heap. ACM SIGOPS Operating Systems Review, 40, 207-218.

[9]   Miller, C., Caballero, J., et al. (2010) Crash Analysis with BitBlaze. Revista Mexicana De Sociología, 44, 81-117.

[10]   Heelan, S. (2009) Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerabilities. University of Oxford, Oxford.

[11]   Zhu, J. (2017) Research on Enhanced Stack Protection Technology Based on Canary. Nanjing University, Nanjing.

[12]   Berger, E.D. (2006) HeapShield: Library-Based Heap Overflow Protection for Free. UMass CS TR, 6-28.

[13]   Wang, Y., Cao, Y. and Wang, M. (2018) Study on Stack Protection Technology Based on GCC Plug-in. Microelectronics & Computer, 35, 133-136.

[14]   Wang, X. and Yu, H. (2005) How to Break MD5 and Other Hash Functions. In: Cramer, R., Ed., Advances in Cryptology-EUROCRYPT 2005. Lecture Notes in Computer Science, Springer, Berlin, Heidelberg, 19-35.