When browsing the web it is vital to have peace of mind that your data has not been stolen or corrupted by a virus or a malicious site. Researchers understand the severity of situations where data is compromised and have worked for many years to come up with a way to block impending attacks.
Dr. Jeff Huang, assistant professor in the Department of Computer Science and Engineering at Texas A&M University, has proposed a new technique that can detect Use-After-Free (UAF) bugs in web browsers with a higher detection ability than the state-of-the-art techniques currently being used.
UAF is a class of memory errors in computer programs written in unsafe languages such as C/C++. UAF errors occur when a program continues to use a pointer after it has been freed. Depending on the timing of the vulnerability or flaw, the use of previously freed memory can have any number of adverse consequences, ranging from the corruption of valid data to the execution of arbitrary code, which is when the attacker can execute any command of choice on a target machine. UAFs have been one of most exploited memory errors in web browsers such as Chrome. Many zero-day cyberattacks, which occur when a flaw is exploited and attackers release malware before a developer has an opportunity to create a patch to fix the vulnerability, have also been launched through UAFs.
Huang was awarded the prestigious Google Faculty Research Award for this work. The Google Faculty Research Awards program supports academic research in computer science, engineering and related fields. Through the program, Google funds world-class research at top universities, facilitates interaction between Google and academia, and supports projects whose output will be made openly available to the research community. This project is one of the 152 considered by Google during its 2017 call for research project proposals, chosen from a total of 1033 covering 46 countries and over 360 universities.
“What excites me most about this project is its practical impact,” Huang said. “Web browsers such as Chrome are used by billions of people. This project will make browsers more secure by killing more UAFs.”
Huang is working on this project with his students in the automated software engineering research (ASER) group in the Parasol Laboratory at Texas A&M. This is the second Google Faculty Research Award he has received. Among Huang’s many honors are a 2016 National Science Foundation CAREER award, a 2015 Google Faculty Research Award, the 2013 Association for Computing Machinery SIGSOFT Outstanding Dissertation Award, and a 2013 ACM SIGPLAN PLDI Distinguished Paper Award, which was also recognized as ACM SIGPLAN Research Highlights.