Effective Entropy: Security-Centric Metric for Memory Randomization Techniques
نویسندگان
چکیده
User space memory randomization techniques are an emerging field of cyber defensive technology which attempts to protect computing systems by randomizing the layout of memory. Quantitative metrics are needed to evaluate their effectiveness at securing systems against modern adversaries and to compare between randomization technologies. We introduce Effective Entropy, a measure of entropy in user space memory which quantitatively considers an adversary’s ability to leverage low entropy regions of memory via absolute and dynamic inter-section connections. Effective Entropy is indicative of adversary workload and enables comparison between different randomization techniques. Using Effective Entropy, we present a comparison of static Address Space Layout Randomization (ASLR), Position Independent Executable (PIE) ASLR, and a theoretical fine grain randomization technique.
منابع مشابه
Performance and Entropy of Various ASLR Implementations
Whether or not a security feature is useful is highly dependent on how effective it is and how it affects system performance. If a security feature is effective but greatly degrades the performance of the system, then the feature is not useful. Likewise, if a security feature is very fast but is not very effective, then it is also not useful. A useful security feature needs to add a reasonable ...
متن کاملSGX-Shield: Enabling Address Space Layout Randomization for SGX Programs
Traditional execution environments deploy Address Space Layout Randomization (ASLR) to defend against memory corruption attacks. However, Intel Software Guard Extension (SGX), a new trusted execution environment designed to serve security-critical applications on the cloud, lacks such an effective, well-studied feature. In fact, we find that applying ASLR to SGX programs raises non-trivial issu...
متن کاملNOZZLE: A Defense Against Heap-spraying Code Injection Attacks
Heap spraying is a security attack that increases the exploitability of memory corruption errors in type-unsafe applications. In a heap-spraying attack, an attacker coerces an application to allocate many objects containing malicious code in the heap, increasing the success rate of an exploit that jumps to a location within the heap. Because heap layout randomization necessitates new forms of a...
متن کاملAutomated, Sub-second Attack Signature Generation: A Basis for Building Self-Protecting Servers
It is widely recognized that large-scale attacks, such as those launched by worms and zombie farms, pose a grave threat to our network-centric society. Existing approaches such as software patches are simply unable to cope with the volume and speed with which new vulnerabilities are being discovered. In this paper, we develop a new approach that can provide effective protection against a vast m...
متن کاملAndro-Dumpsys: Anti-malware system based on the similarity of malware creator and malware centric information
With the fast growth in mobile technologies and the accompanied rise of the integration of such technologies into our everyday life, mobile security is viewed as one of the most prominent areas and is being addressed accordingly. For that, and especially to address the threat associated with malware, various malware-centric analysis methods are developed in the literature to identify, classify,...
متن کامل