The article, called Nozzle: Counteracting Memory Exploits, accompanies a white paper called 'Nozzle: a Defense against Heap-spraying Code Injection Attacks [PDF]'. They describe a technology designed to prevent an attack that has become popular against browser-based software.
A heap-spraying attack targets the area of memory that is used for dynamic memory allocation in software. The heap frees up memory as the software needs it, and then reclaims it afterwards.
Heap spraying peppers heap memory with objects containing executable code, in the hope that they will be allocated to a program, causing it to run the code and compromise the system.
Researchers Ben Zorn, Ben Livshits, and Paruj Ratanaworabhan have developed a technology to scan heap memory for object data and identify executable code, disassemble it, and build a control flow graph. The technology dramatically reduces the false positive rate of detection, by looking for code that affects the heap globally.
"Using sampling and concurrent scanning to reduce overhead, we showed that the performance overhead of Nozzle is less than 7% on average", the researchers said in the white paper. They tested the technology against 12 published heap spraying exploits and 2000 synthetically generated ones, and caught them all.