Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Memory randomization as application security enhancement?

I recently came upon a Microsoft article that touted new "defensive enhancements" of Windows 7. Specifically:

  • Address space layout randomization (ASLR)
  • Heap randomization
  • Stack randomization

The article went on to say that "...some of these defenses are in the core operating system, and the Microsoft Visual C++ compiler offers others" but didn't explain how these strategies would actually increase security.

Anyone know why memory randomization increases security, if at all? Do other platforms and compilers employ similar strategies?

like image 680
Paul Sasik Avatar asked Apr 21 '10 19:04

Paul Sasik


People also ask

What is ASLR and why is it useful?

Address space layout randomization (ASLR) is a memory-protection process for operating systems (OSes) that guards against buffer-overflow attacks by randomizing the location where system executables are loaded into memory.

What is Windows ASLR?

Address space layout randomization (ASLR) is a computer security technique involved in preventing exploitation of memory corruption vulnerabilities.


2 Answers

It increases security by making it hard to predict where something will be in memory. Quite a few buffer overflow exploits work by putting (for example) the address of a known routine on the stack, and then returning to it. It's much harder to do that without knowing the address of the relevant routine.

As far as I know, OpenBSD was about the first to do this, at least among the reasonably well-known OSes for PCs.

like image 164
Jerry Coffin Avatar answered Oct 07 '22 18:10

Jerry Coffin


It makes attacks like return to libc (or return to user-provided data buffer in the case of the latter two) much harder. And yes, it is available in Linux, BSD, and Mac OS. As you would expect, the details vary by OS. See Wikipedia for an introduction.

like image 22
Matthew Flaschen Avatar answered Oct 07 '22 18:10

Matthew Flaschen