Last semester (fall 2019), I took Harvard's CS 263: Systems Security course taught by James Mickens. At the end of the semester, I worked with Mridu Nanda and Noah Singer on a project called Memery, which analyzes raw heap memory to detect linked data structures. The abstract is below and the code and paper PDF are in the linked GitHub repository.
Memory reading vulnerabilities allow attackers to siphon sensitive data from a remote victim process, but time constraints and throughput limitations may necessitate a method to efficiently identify memory of interest. Toward this end, we design Memery, a black-box heap analysis algorithm that extracts information about the high-level program constructs of an executable with a memory read vulnerability. Memery follows chains of pointers to reliably detect both singly- and doubly-linked data structures (and any looping within them) and offers insights about the types of information stored in the data structures (including pointers to functions and character strings). Besides singly-and doubly-linked data structures, Memery's analysis can be used as a foundation for detecting many other chained data structures.