Design, Realization, and Evaluation of FastDIM to Prevent Memory Corruption Attacks

Software vulnerabilities, particularly memory corruption, are significant sources of security breaches. Traditional security measures like DEP, ASLR, CFI, CPI/CPS, and DFI provide insufficient protection or lead to considerable performance degradation. This research introduces, develops, and scrutinizes FastDIM, a novel approach to safeguarding user applications from memory corruption threats. FastDIM encompasses an LLVM instrumentation mechanism and a distinct memory monitoring module. This system modifies applications in user space into a more secure variant, proactively reporting vital memory operations to a memory monitoring component within the kernel to ensure data integrity. Distinctive features of FastDIM compared to prior methodologies include: 1) FastDIM’s integrated out-of-band monitoring system that secures both control-flow and non-control data within program memory, and 2) the creation of a dedicated shared memory space to enhance monitoring efficiency. Testing a prototype of FastDIM with a broad spectrum of real-life applications and standard benchmarks indicates that FastDIM’s runtime overhead is acceptable, at 4.4% for the SPEC CPU 2017 benchmarks, while providing the defense against memory corruption attacks.