A use-after-free error is a software flaw that potentially allows an attacker to remotely inject malicious software or corrupt memory values. Such attacks can result in the theft of private data, propagation of worms and viruses, or the creation of botnet nodes that can be programmed to spew spam or disrupt Internet traffic. Recently, use-after-free vulnerabilities have been found in crucial software such as Microsoft's Internet Explorer, Adobe Acrobat Reader, and Firefox among others. The goal of the Watchdog project is to devise hardware and software mechanisms to prevent all such vulnerabilities.
To prevent use-after-free vulnerabilities, the researchers will develop hardware for enforcing safe manual memory management, without compromising system performance. They will study a formal model of their designs to establish the correctness of the techniques. The hardware designs will be prototyped using detailed micro-architectural simulations. The researchers will evaluate correctness and performance by using a suite of benchmark tests and off-the-shelf software. The tools and prototypes will be openly distributed for others to build upon, and the research findings will be integrated into the security and hardware courses taught by the researchers. If successful, the technology developed by this research will have significant societal impacts, improving the security of our computing ecosystem by eliminating an important class of vulnerabilities that is actively being exploited to compromise systems and spread malware.
