{"id":"https://openalex.org/W2913628813","doi":"https://doi.org/10.1109/desec.2018.8625135","title":"Use-After-Free Mitigation via Protected Heap Allocation","display_name":"Use-After-Free Mitigation via Protected Heap Allocation","publication_year":2018,"publication_date":"2018-12-01","ids":{"openalex":"https://openalex.org/W2913628813","doi":"https://doi.org/10.1109/desec.2018.8625135","mag":"2913628813"},"language":"en","primary_location":{"id":"doi:10.1109/desec.2018.8625135","is_oa":false,"landing_page_url":"https://doi.org/10.1109/desec.2018.8625135","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 IEEE Conference on Dependable and Secure Computing (DSC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5045410942","display_name":"Mingbo Zhang","orcid":"https://orcid.org/0000-0003-3607-8814"},"institutions":[{"id":"https://openalex.org/I102322142","display_name":"Rutgers, The State University of New Jersey","ror":"https://ror.org/05vt9qd57","country_code":"US","type":"education","lineage":["https://openalex.org/I102322142"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Mingbo Zhang","raw_affiliation_strings":["Department of Electrical and Computer Engineering Rutgers, The State University of New Jersey"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering Rutgers, The State University of New Jersey","institution_ids":["https://openalex.org/I102322142"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5059269246","display_name":"Saman Zonouz","orcid":"https://orcid.org/0000-0001-9047-4047"},"institutions":[{"id":"https://openalex.org/I102322142","display_name":"Rutgers, The State University of New Jersey","ror":"https://ror.org/05vt9qd57","country_code":"US","type":"education","lineage":["https://openalex.org/I102322142"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Saman Zonouz","raw_affiliation_strings":["Department of Electrical and Computer Engineering Rutgers, The State University of New Jersey"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering Rutgers, The State University of New Jersey","institution_ids":["https://openalex.org/I102322142"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5045410942"],"corresponding_institution_ids":["https://openalex.org/I102322142"],"apc_list":null,"apc_paid":null,"fwci":0.6515,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.77951624,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":"3","issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10478","display_name":"Diamond and Carbon-based Materials Research","score":0.9912999868392944,"subfield":{"id":"https://openalex.org/subfields/2505","display_name":"Materials Chemistry"},"field":{"id":"https://openalex.org/fields/25","display_name":"Materials Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9829000234603882,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.9584454894065857},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7635514736175537},{"id":"https://openalex.org/keywords/heap","display_name":"Heap (data structure)","score":0.7144959568977356},{"id":"https://openalex.org/keywords/allocator","display_name":"Allocator","score":0.6157695055007935},{"id":"https://openalex.org/keywords/compiler","display_name":"Compiler","score":0.538769006729126},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.41992390155792236},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4186363220214844},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.3787503242492676},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.36094361543655396},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.20344078540802002}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.9584454894065857},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7635514736175537},{"id":"https://openalex.org/C134757568","wikidata":"https://www.wikidata.org/wiki/Q274089","display_name":"Heap (data structure)","level":2,"score":0.7144959568977356},{"id":"https://openalex.org/C162262903","wikidata":"https://www.wikidata.org/wiki/Q343527","display_name":"Allocator","level":2,"score":0.6157695055007935},{"id":"https://openalex.org/C169590947","wikidata":"https://www.wikidata.org/wiki/Q47506","display_name":"Compiler","level":2,"score":0.538769006729126},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.41992390155792236},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4186363220214844},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.3787503242492676},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.36094361543655396},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.20344078540802002}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/desec.2018.8625135","is_oa":false,"landing_page_url":"https://doi.org/10.1109/desec.2018.8625135","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 IEEE Conference on Dependable and Secure Computing (DSC)","raw_type":"proceedings-article"},{"id":"pmh:oai:alma.01RUT_INST:11663469980004646","is_oa":false,"landing_page_url":"https://scholarship.libraries.rutgers.edu/esploro/outputs/conferenceProceeding/Use-After-Free-Mitigation-via-Protected-Heap-Allocation/991031653979104646","pdf_url":null,"source":{"id":"https://openalex.org/S4210197018","display_name":"View","issn_l":"2688-268X","issn":["2688-268X","2688-3988"],"is_oa":false,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310320595","host_organization_name":"Wiley","host_organization_lineage":["https://openalex.org/P4310320595"],"host_organization_lineage_names":["Wiley"],"type":"journal"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Conference Proceedings"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.8199999928474426,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":8,"referenced_works":["https://openalex.org/W1545927878","https://openalex.org/W2062553811","https://openalex.org/W2089448621","https://openalex.org/W2136651729","https://openalex.org/W2136938453","https://openalex.org/W2154795299","https://openalex.org/W4250981365","https://openalex.org/W6680472633"],"related_works":["https://openalex.org/W2920417665","https://openalex.org/W4379518516","https://openalex.org/W3033802101","https://openalex.org/W2766468145","https://openalex.org/W92825922","https://openalex.org/W3104774169","https://openalex.org/W2486766535","https://openalex.org/W2944895246","https://openalex.org/W4322751585","https://openalex.org/W2515904313"],"abstract_inverted_index":{"Use":[0],"after":[1],"free":[2],"(UAF)":[3],"exploits":[4,30,126,148],"have":[5,37],"contributed":[6],"to":[7,39,80,86,144],"many":[8,27],"software":[9,135],"memory":[10,66,78],"corruption":[11],"attacks":[12],"in":[13,20,112,131,149],"recent":[14,124],"practice.":[15],"They":[16],"are":[17],"especially":[18],"popular":[19,134],"the":[21,42,59,104,113,147,157,161,167],"world":[22],"of":[23,58,94,107,115,156,166],"web":[24],"browsers.":[25],"Despite":[26],"successful":[28,52,154],"UAF":[29,53,109,125],"against":[31,127],"widely-used":[32],"applications,":[33],"state-of-the-art":[34],"defense":[35,72,121],"mechanisms":[36],"proved":[38],"still":[40],"leave":[41],"systems":[43],"vulnerable.":[44],"In":[45],"this":[46],"paper,":[47],"we":[48],"argue":[49],"that":[50,75],"a":[51,70,108],"exploit":[54,110],"is":[55],"feasible":[56],"because":[57],"fine-grained":[60,89],"determinism":[61],"provided":[62],"by":[63],"existing":[64],"heap":[65,116],"allocators.":[67],"We":[68,118],"introduce":[69],"new":[71],"strategy,":[73],"Zeus,":[74],"leverages":[76],"additional":[77],"buffers":[79],"make":[81],"allocation":[82],"outcomes":[83],"locally":[84],"unpredictable":[85],"adversaries.":[87],"This":[88],"non-determinism":[90],"prevents":[91],"exact":[92],"alignment":[93],"subsequent":[95],"allocations":[96],"and":[97,133,138,152],"in-object":[98],"member":[99],"fields.":[100],"It":[101],"significantly":[102],"lowers":[103],"success":[105],"rate":[106],"even":[111],"presence":[114],"sprays.":[117],"validated":[119],"our":[120],"using":[122],"real":[123],"several":[128],"CVE":[129],"vulnerabilities":[130],"large":[132],"packages":[136],"(FireFox":[137],"Tor":[139],"browsers).":[140],"Zeus":[141],"was":[142,173],"able":[143],"terminate":[145],"all":[146],"early":[150],"stages":[151],"prevented":[153],"location":[155],"gadget":[158],"addresses":[159],"for":[160],"follow-up":[162],"return-oriented":[163],"programming":[164],"steps":[165],"intrusion.":[168],"Zeus's":[169],"runtime":[170],"performance":[171],"overhead":[172],"negligible":[174],"(1.2%":[175],"on":[176],"average).":[177]},"counts_by_year":[{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}