Design, Realization, and Evaluation of FastDIM to Prevent Memory Corruption Attacks

Software vulnerabilities, particularly memory corruption, are significant sources of security breaches. Traditional security measures like data-execution prevention, address space layout randomization, control-flow integrity, code-pointer integrity/separation, and data-flow integrity provide insufficient protection or lead to considerable performance degradation. This research introduces, develops, and scrutinizes FastDIM, a novel approach designed to safeguarding user applications from memory corruption threats. FastDIM encompasses an low-level virtual machine (LLVM) instrumentation mechanism and a distinct memory monitoring module. This system modifies applications in user space into a more secure variant, proactively reporting vital memory operations to a memory monitoring component within the kernel to ensure data integrity. Distinctive features of FastDIM compared to prior methodologies are twofold: FastDIM’s integrated out-of-band monitoring system that secures both control-flow and non-control data within program memory, and the creation of a dedicated shared memory space to enhance monitoring efficiency. Testing a prototype of FastDIM with a broad spectrum of real-life applications and standard benchmarks indicates that FastDIM’s runtime overhead is acceptable, at 4.4% for the SPEC CPU 2017 benchmarks, while providing the defense against memory corruption attacks.