Revisiting Address Space Randomization

Author

Zhi WANG, Nankai University
Renquan CHENG
Debin GAO, Singapore Management UniversityFollow

Publication Type

Conference Proceeding Article

Version

acceptedVersion

Publication Date

12-2010

Abstract

Address space randomization is believed to be a strong defense against memory error exploits. Many code and data objects in a potentially vulnerable program and the system could be randomized, including those on the stack and heap, base address of code, order of functions, PLT, GOT, etc. Randomizing these code and data objects is believed to be effective in obfuscating the addresses in memory to obscure locations of code and data objects. However, attacking techniques have advanced since the introduction of address space randomization. In particular, return-oriented programming has made attacks without injected code much more powerful than what they were before. Keeping this new attacking technique in mind, in this paper, we revisit address space randomization and analyze the effectiveness of randomizing various code and data objects. We show that randomizing certain code and data objects has become much less effective. Typically, randomizing the base and order of functions in shared libraries and randomizing the location and order of entries in PLT and GOT do not introduce significant difficulty to attacks using return-oriented programming. We propose a more general version of such attacks than what was introduced before, and point out weaknesses of a previously proposed fix. We argue that address space randomization was introduced without considering such attacks and a simple fix probably does not exist.

Keywords

Address space randomization, return-oriented programming, software exploit

Discipline

Information Security

Research Areas

Cybersecurity

Publication

Information Security and Cryptology ICISC 2010: 13th International Conference, Seoul, Korea, December 1-3, Revised Selected Papers

Volume

6829

First Page

207

Last Page

221

ISBN

9783642242083

Identifier

10.1007/978-3-642-24209-0_14

Publisher

Springer

City or Country

Berlin

Citation

WANG, Zhi; CHENG, Renquan; and GAO, Debin. Revisiting Address Space Randomization. (2010). Information Security and Cryptology ICISC 2010: 13th International Conference, Seoul, Korea, December 1-3, Revised Selected Papers. 6829, 207-221.
Available at: https://ink.library.smu.edu.sg/sis_research/1321

Copyright Owner and License

Authors

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1007/978-3-642-24209-0_14