10th International Congress on Information and Communication Technology in concurrent with ICT Excellence Awards (ICICT 2025) will be held at London, United Kingdom | February 18 - 21 2025.
Authors - Melike Aysenur Yildirim, Fadi Yilmaz Abstract - In contemporary cybersecurity, safeguarding systems from malicious attacks is paramount, given the proliferation of interconnected tools and the continuous efforts of cyber adversaries to disrupt these systems. Researchers have explored various methods to establish secure environments, including advanced techniques for detecting and mitigating cyber threats. One such method, in-lined reference monitoring (IRM), leverages a language-based security approach and has shown promise in enhancing system security. This paper focuses on the application of the IRM through the Lua programming language, renowned for its efficiency and widespread use in diverse domains such as gaming, scientific computing, and the Internet of Things (IoT) devices. We introduce and evaluate LuaLight, a novel, fully automated system designed to transform Lua executables to address use-after-free (UAF) vulnerabilities inherent in the Lua garbage collector (LGC), without necessitating modifications to the vulnerable Lua virtual machines (LVM). LuaLight offers a comprehensive solution to several known security vulnerabilities associated with the LGC, specifically addressing issues identified in CVE-2020-24371 and CVE-2021-44964.
