Revisiting Address Space Randomization
نویسندگان
چکیده
Address space randomization is believed to be a strong defense against memory error exploits. Many code and data objects in a potentially vulnerable program and the system could be randomized, including those on the stack and heap, base address of code, order of functions, PLT, GOT, etc. Randomizing these code and data objects is believed to be effective in obfuscating the addresses in memory to obscure locations of code and data objects. However, attacking techniques have advanced since the introduction of address space randomization. In particular, return-oriented programming has made attacks without injected code much more powerful than what they were before. Keeping this new attacking technique in mind, in this paper, we revisit address space randomization and analyze the effectiveness of randomizing various code and data objects. We show that randomizing certain code and data objects has become much less effective. Typically, randomizing the base and order of functions in shared libraries and randomizing the location and order of entries in PLT and GOT do not introduce significant difficulty to attacks using return-oriented programming. We propose a more general version of such attacks than what was introduced before, and point out weaknesses of a previously proposed fix. We argue that address space randomization was introduced without considering such attacks and a simple fix probably does not exist.
منابع مشابه
Effective Entropy: Security-Centric Metric for Memory Randomization Techniques
User space memory randomization techniques are an emerging field of cyber defensive technology which attempts to protect computing systems by randomizing the layout of memory. Quantitative metrics are needed to evaluate their effectiveness at securing systems against modern adversaries and to compare between randomization technologies. We introduce Effective Entropy, a measure of entropy in use...
متن کاملAddress Space Layout Permutation
Address space randomization is an emerging and promising method for stopping a broad range of memory corruption attacks. By randomly shifting critical memory regions at process initialization time, a memory layout randomization scheme converts an otherwise successful malicious attack into a benign process crash. Recent work[7] has shown that current randomization schemes can be bruteforced atta...
متن کاملRevisiting the Wrong-Key-Randomization Hypothesis
Linear cryptanalysis can be considered to be one of the strongest techniques in the cryptanalyst’s arsenal. In most cases, Matsui’s Algorithm 2 is used for the key recovery part of the attack. The success rate analysis of this algorithm is based on an assumption regarding the bias of a linear approximation for a wrong key, known as the wrongkey-randomization hypothesis. This hypothesis was refi...
متن کاملASLR Smack & Laugh Reference Seminar on Advanced Exploitation Techniques
Address space layout randomization (ASLR) is a security technology to prevent exploitations of buffer overflows. But this technology is far from perfect. ”[...] its only up to the creativity of the attacker what he does. So it raises the bar for us all :) but just might make writing exploits an interesting business again.” ([Dul00] about ASLR). This paper is an introduction and a reference abou...
متن کامل