Prober: Practically Defending Overflows with Page Protection

Heap-based over ows are still not completely solved even after decades of research. This paper proposes Prober, a novel system aiming to detect and prevent heap over ows in the production environment. Prober leverages a key observation based on the analysis of dozens of real bugs: all heap over ows are related to arrays. Based on this observation, Prober only focuses on arrayrelated heap objects, instead of all heap objects. Prober utilizes static analysis to label all susceptible call-stacks during the compilation, and then employs the page protection to detect any invalid accesses during the runtime. In addition to this, Prober integrates multiple existing methods together to ensure the e ciency of its detection. Overall, Prober introduces almost negligible performance overhead, with 1.5% on average. Prober not only stops possible attacks on time, but also reports the faulty instructions that could guide bug xes. Prober is ready for deployment due to its e ectiveness and low overhead. CCS CONCEPTS • Software and its engineering → Automated static analysis; Software testing and debugging.