Windows Vista Heap (Build It!) presented at ShmooCon 2006

by Adrian Marinescu,

Tags: Security Development

Summary : All applications and operating systems have coding errors and we have seen technical advances both in attack and mitigation sophistication as more security vulnerabilities are exploiting defects related to application and OS memory and heap usage. Starting with W2k3 and XP/ SP2 Windows incorporated technologies to reduce the reliability of such attacks. The heap manager in Windows Vista pushes the innovation much further in this area. This talk will describe the challenges the heap team faced and the technical details of the changes coming in Windows Vista.
Adrian Marinescu, development lead in the Windows Kernel group, has been with Microsoft Corporation since 1998. He joined then to work on few core components such as user-mode memory management, kernel object management and the kernel inter-process communication mechanism. In the heap management area, Adrian designed and implemented the Low Fragmentation Heap, a highly scalable addition to the Windows Heap Manager, and he currently focuses on techniques of reducing the reliability of certain well known heap exploits.