Franck de Goër and Roland Groz, LIG - Univ. Grenoble Alpes; Laurent Mounier, Verimag - Univ. Grenoble Alpes
Memory management in a binary can be handled by a standard allocator (e.g. the libc allocator) or by a custom one. For many security and safety analysis focused on memory, the knowledge of the allocator is a requirement. In this paper, we propose an approach to retrieve allocators in binaries, based on heuristics and one single execution, with a scalable instrumentation. In addition, we propose a metric to evaluate the consistency of the detected allocator, in order to confirm or invalidate the result. Finally, we propose an open-source implementation and repeatable experiments. Preliminary results show that our approach allows to successfully retrieve the standard libc allocator in coreutils programs plus in mupdf, pdflatex and readelf; and the custom embedded allocator on jasper. They also confirm the relevance of our metric for consistency on these examples.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Franck de Go{\"e}r and Roland Groz and Laurent Mounier},
title = {Metrics for runtime detection of allocators in binaries},
booktitle = {10th USENIX Workshop on Cyber Security Experimentation and Test (CSET 17)},
year = {2017},
address = {Vancouver, BC},
url = {https://www.usenix.org/conference/cset17/workshop-program/presentation/degoer},
publisher = {USENIX Association},
month = aug
}