Title

Revisiting Address Space Randomization

Publication Type

Conference Proceeding Article

Publication Date

12-2010

Abstract

Address space randomization is believed to be a strong defense against memory error exploits. Many code and data objects in a potentially vulnerable program and the system could be randomized, including those on the stack and heap, base address of code, order of functions, PLT, GOT, etc. Randomizing these code and data objects is believed to be effective in obfuscating the addresses in memory to obscure locations of code and data objects. However, attacking techniques have advanced since the introduction of address space randomization. In particular, return-oriented programming has made attacks without injected code much more powerful than what they were before. Keeping this new attacking technique in mind, in this paper, we revisit address space randomization and analyze the effectiveness of randomizing various code and data objects. We show that randomizing certain code and data objects has become much less effective. Typically, randomizing the base and order of functions in shared libraries and randomizing the location and order of entries in PLT and GOT do not introduce significant difficulty to attacks using return-oriented programming. We propose a more general version of such attacks than what was introduced before, and point out weaknesses of a previously proposed fix. We argue that address space randomization was introduced without considering such attacks and a simple fix probably does not exist.

Keywords

Address space randomization, return-oriented programming, software exploit

Discipline

Information Security

Research Areas

Cybersecurity

Publication

ICISC'10 Proceedings of the 13th international conference on Information security and cryptology

Volume

6829

First Page

207

Last Page

221

ISBN

9783642242083

Identifier

10.1007/978-3-642-24209-0_14

City or Country

Seoul, Korea

This document is currently not available here.

Share

COinS