Sciweavers

CCS
2015
ACM

Timely Rerandomization for Mitigating Memory Disclosures

8 years 7 months ago
Timely Rerandomization for Mitigating Memory Disclosures
Address Space Layout Randomization (ASLR) can increase the cost of exploiting memory corruption vulnerabilities. One major weakness of ASLR is that it assumes the secrecy of memory addresses and is thus ineffective in the face of memory disclosure vulnerabilities. Even fine-grained variants of ASLR are shown to be ineffective against memory disclosures. In this paper we present an approach that synchronizes randomization with potential runtime disclosure. By applying rerandomization to the memory layout of a process every time it generates an output, our approach renders disclosures stale by the time they can be used by attackers to hijack control flow. We have developed a fully functioning prototype for x86 64 C programs by extending the Linux kernel, GCC, and the libc dynamic linker. The prototype operates on C source code and recompiles programs with a set of augmented information required to track pointer locations and support runtime rerandomization. Using this augmented info...
David Bigelow, Thomas Hobson, Robert Rudd, William
Added 17 Apr 2016
Updated 17 Apr 2016
Type Journal
Year 2015
Where CCS
Authors David Bigelow, Thomas Hobson, Robert Rudd, William W. Streilein, Hamed Okhravi
Comments (0)