Revisiting Address Space Randomization

Revisiting Address Space Randomization

Address space randomization is believed to be a strong defense against memory error exploits. Many code and data objects in a potentially vulnerable program and the system could be randomized, including those on the stack and heap, base address of code, order of functions, PLT, GOT, etc. Randomizing...

Full description

Saved in:
Bibliographic Details
Main Authors: WANG, Zhi, CHENG, Renquan, GAO, Debin
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2010
Subjects:
Address space randomization
return-oriented programming
software exploit
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/1321
https://ink.library.smu.edu.sg/context/sis_research/article/2320/viewcontent/icisc10_av.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-2320
record_format dspace
spelling sg-smu-ink.sis_research-23202020-01-03T14:25:56Z Revisiting Address Space Randomization WANG, Zhi CHENG, Renquan GAO, Debin Address space randomization is believed to be a strong defense against memory error exploits. Many code and data objects in a potentially vulnerable program and the system could be randomized, including those on the stack and heap, base address of code, order of functions, PLT, GOT, etc. Randomizing these code and data objects is believed to be effective in obfuscating the addresses in memory to obscure locations of code and data objects. However, attacking techniques have advanced since the introduction of address space randomization. In particular, return-oriented programming has made attacks without injected code much more powerful than what they were before. Keeping this new attacking technique in mind, in this paper, we revisit address space randomization and analyze the effectiveness of randomizing various code and data objects. We show that randomizing certain code and data objects has become much less effective. Typically, randomizing the base and order of functions in shared libraries and randomizing the location and order of entries in PLT and GOT do not introduce significant difficulty to attacks using return-oriented programming. We propose a more general version of such attacks than what was introduced before, and point out weaknesses of a previously proposed fix. We argue that address space randomization was introduced without considering such attacks and a simple fix probably does not exist. 2010-12-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/1321 info:doi/10.1007/978-3-642-24209-0_14 https://ink.library.smu.edu.sg/context/sis_research/article/2320/viewcontent/icisc10_av.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Address space randomization return-oriented programming software exploit Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Address space randomization
return-oriented programming
software exploit
Information Security
spellingShingle Address space randomization
return-oriented programming
software exploit
Information Security
WANG, Zhi
CHENG, Renquan
GAO, Debin
Revisiting Address Space Randomization
description Address space randomization is believed to be a strong defense against memory error exploits. Many code and data objects in a potentially vulnerable program and the system could be randomized, including those on the stack and heap, base address of code, order of functions, PLT, GOT, etc. Randomizing these code and data objects is believed to be effective in obfuscating the addresses in memory to obscure locations of code and data objects. However, attacking techniques have advanced since the introduction of address space randomization. In particular, return-oriented programming has made attacks without injected code much more powerful than what they were before. Keeping this new attacking technique in mind, in this paper, we revisit address space randomization and analyze the effectiveness of randomizing various code and data objects. We show that randomizing certain code and data objects has become much less effective. Typically, randomizing the base and order of functions in shared libraries and randomizing the location and order of entries in PLT and GOT do not introduce significant difficulty to attacks using return-oriented programming. We propose a more general version of such attacks than what was introduced before, and point out weaknesses of a previously proposed fix. We argue that address space randomization was introduced without considering such attacks and a simple fix probably does not exist.
format text
author WANG, Zhi
CHENG, Renquan
GAO, Debin
author_facet WANG, Zhi
CHENG, Renquan
GAO, Debin
author_sort WANG, Zhi
title Revisiting Address Space Randomization
title_short Revisiting Address Space Randomization
title_full Revisiting Address Space Randomization
title_fullStr Revisiting Address Space Randomization
title_full_unstemmed Revisiting Address Space Randomization
title_sort revisiting address space randomization
publisher Institutional Knowledge at Singapore Management University
publishDate 2010
url https://ink.library.smu.edu.sg/sis_research/1321
https://ink.library.smu.edu.sg/context/sis_research/article/2320/viewcontent/icisc10_av.pdf
_version_ 1770570948756373504

Similar Items