Address Space Layout Randomization Next Generation

Systems that are built using low-power computationally-weak devices, which force developers to favor performance over security; which jointly with its high connectivity, continuous and autonomous operation makes those devices specially appealing to attackers. ASLR (Address Space Layout Randomization) is one of the most effective mitigation techniques against remote code execution attacks, but when it is implemented in a practical system its effectiveness is jeopardized by multiple constraints: the size of the virtual memory space, the potential fragmentation problems, compatibility limitations, etc. As a result, most ASLR implementations (specially in 32-bits) fail to provide the necessary protection. In this paper we propose a taxonomy of all ASLR elements, which categorizes the entropy in three dimensions: (1) how, (2) when and (3) what; and includes novel forms of entropy. Based on this taxonomy we have created, ASLRA, an advanced statistical analysis tool to assess the effectiveness of any ASLR implementation. Our analysis show that all ASLR implementations suffer from several weaknesses, 32-bit systems provide a poor ASLR, and OS X has a broken ASLR in both 32- and 64-bit systems. This is jeopardizing not only servers and end users devices as smartphones but also the whole IoT ecosystem. To overcome all these issues, we present ASLR-NG, a novel ASLR that provides the maximum possible absolute entropy and removes all correlation attacks making ASLR-NG the best solution for both 32- and 64-bit systems. We implemented ASLR-NG in the Linux kernel 4.15. The comparative evaluation shows that ASLR-NG overcomes PaX, Linux and OS X implementations, providing strong protection to prevent attackers from abusing weak ASLRs.

[1]  Todd M. Austin,et al.  Smokestack: Thwarting DOP Attacks with Runtime Stack Layout Randomization , 2019, 2019 IEEE/ACM International Symposium on Code Generation and Optimization (CGO).

[2]  Kevin W. Hamlen,et al.  Binary stirring: self-randomizing instruction addresses of legacy x86 binary code , 2012, CCS.

[3]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[4]  Shixiang Gao,et al.  Defending ROP Attacks Using Basic Block Level Randomization , 2014, 2014 IEEE Eighth International Conference on Software Security and Reliability-Companion.

[5]  Ismael Ripoll,et al.  Preventing Brute Force Attacks Against Stack Canary Protection on Networking Servers , 2013, 2013 IEEE 12th International Symposium on Network Computing and Applications.

[6]  Mohammad Zulkernine,et al.  Mitigating program security vulnerabilities: Approaches and challenges , 2012, CSUR.

[7]  Steve J. Chapin,et al.  Address-space layout randomization using code islands , 2009, J. Comput. Secur..

[8]  Dongyan Xu,et al.  Polymorphing Software by Randomizing Data Structure Layout , 2009, DIMVA.

[9]  Per Larsen,et al.  Readactor: Practical Code Randomization Resilient to Memory Disclosure , 2015, 2015 IEEE Symposium on Security and Privacy.

[10]  G.M. Uchenick,et al.  Multiple independent levels of safety and security: high assurance architecture for MSLS/MLS , 2005, MILCOM 2005 - 2005 IEEE Military Communications Conference.

[11]  Wenke Lee,et al.  How to Make ASLR Win the Clone Wars: Runtime Re-Randomization , 2016, NDSS.

[12]  Herbert Bos,et al.  Memory Errors: The Past, the Present, and the Future , 2012, RAID.

[13]  Dan Boneh,et al.  Address space randomization for mobile devices , 2011, WiSec '11.

[14]  Annick Lesne,et al.  Shannon entropy: a rigorous notion at the crossroads between probability, information theory, dynamical systems and statistical physics , 2014, Mathematical Structures in Computer Science.

[15]  Peng Ning,et al.  Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[16]  L. Györfi,et al.  Nonparametric entropy estimation. An overview , 1997 .

[17]  Ismael Ripoll,et al.  On the Effectiveness of NX, SSP, RenewSSP, and ASLR against Stack Buffer Overflows , 2014, 2014 IEEE 13th International Symposium on Network Computing and Applications.

[18]  Wenke Lee,et al.  From Zygote to Morula: Fortifying Weakened ASLR on Android , 2014, 2014 IEEE Symposium on Security and Privacy.

[19]  Michael Hamburg,et al.  Meltdown: Reading Kernel Memory from User Space , 2018, USENIX Security Symposium.

[20]  An Braeken,et al.  Symmetric-key Based Security for Multicast Communication in Wireless Sensor Networks , 2018, 2018 4th International Conference on Cloud Computing Technologies and Applications (Cloudtech).

[21]  Dan Boneh,et al.  Hacking Blind , 2014, 2014 IEEE Symposium on Security and Privacy.

[22]  David de Andrés,et al.  Attack Injection to Support the Evaluation of Ad Hoc Networks , 2010, 2010 29th IEEE Symposium on Reliable Distributed Systems.

[23]  Partha Dasgupta,et al.  Preventing Overflow Attacks by Memory Randomization , 2010, 2010 IEEE 21st International Symposium on Software Reliability Engineering.

[24]  William Herlands,et al.  Effective Entropy: Security-Centric Metric for Memory Randomization Techniques , 2014, CSET.

[25]  Hovav Shacham,et al.  On the effectiveness of address-space randomization , 2004, CCS '04.

[26]  Paul R. Wilson,et al.  Dynamic Storage Allocation: A Survey and Critical Review , 1995, IWMM.

[27]  Ravishankar K. Iyer,et al.  Transparent runtime randomization for security , 2003, 22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings..

[28]  A. Taufiq Asyhari,et al.  The Emergence of Internet of Things (IoT): Connecting Anything, Anywhere , 2019, Comput..

[29]  Hector Marco Gisbert,et al.  On the Effectiveness of Full-ASLR on 64-bit Linux , 2014 .

[30]  Jack W. Davidson,et al.  ILR: Where'd My Gadgets Go? , 2012, 2012 IEEE Symposium on Security and Privacy.

[31]  P. Balasubramanian,et al.  Generalized Majority Voter Design Method for N-Modular Redundant Systems Used in Mission- and Safety-Critical Applications , 2019, Comput..