address space layout randomization

back to index

description: security technique to randomise memory locations of processes

3 results

Engineering Security

by Peter Gutmann

products that were secure by executive fiat rather than by actual practice, the TrustZone kernel contained no security mitigations like DEP (data execution prevention), ASLR (address space layout randomization), non-executable heap or stack, or anything else that’s been applied in mainstream OSes for the last decade or so. Combined with unsafe programming

] “Data Execution Prevention”, MSDN, http://msdn.microsoft.com/enus/library/aa366553%28VS.85%29.aspx. [281] “Address Space Layout Randomization in Windows Vista”, Michael Howard, 26 May 2006, http://blogs.msdn.com/b/michael_howard/archive/2006/05/26/address-space-layout-randomization-in-windowsvista.aspx. [282] “DEP / ASLR Neglected in Popular Programs”, Carsten Eiram / Secunia, 1 July

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

by Justin Schuh  · 20 Nov 2006  · 2,054pp  · 359,149 words

and Static Data Overflows Shellcode Writing the Code Finding Your Code in Memory Protection Mechanisms Stack Cookies Heap Implementation Hardening Nonexecutable Stack and Heap Protection Address Space Layout Randomization SafeSEH Function Pointer Obfuscation Assessing Memory Corruption Impact Where Is the Buffer Located in Memory? What Other Data Is Overwritten? How Many Bytes Can Be

degree. Although these mechanisms are a step in the right direction, heap overflows can still be exploited by manipulating application data rather than heap structures. Address Space Layout Randomization When an application is launched in most contemporary operating systems, the loader organizes the program and required libraries into memory at the same locations every

vulnerability; they can predict with a high degree of accuracy the location of key data structures and program components they want to manipulate or misuse. Address space layout randomization (ASLR) technologies seek to remove this advantage from attackers by randomizing where different program components are loaded at in memory each time the application runs

usually find a way around it. With a little creativity, the existing code can be spliced, diced, and coerced into serving the attacker’s purpose. Address Space Layout Randomization Address space layout randomization (ASLR) is a technology that attempts to mitigate the threat of buffer overflows by randomizing where application data and code is mapped at runtime. Essentially

COM (Component Object Model), security, 749-754 kill bit, 752 signing, 750 site-restricted controls, 752 threading, 753 ActiveX Data Objects (ADO), 1113-1115 address space layout randomization (ASLR). See ASLR (address space layout randomization) addresses IP addresses, 832-834 maintaining state with, 1029-1030 subnet addresses, 834 AdjustTokenGroups( ) function, 643 AdjustTokenPrivileges( ) function, 643 ADO (ActiveX Data Objects

integers, 213-220 arithmetic shift, 273 Arithmetic Vulnerability Example in the Parent Function listing (7-10), 318 Arithmetic Vulnerability Example listing (7-9), 317 ASLR (address space layout randomization), 194 operational vulnerabilities, preventing, 78 ASN.1 (Abstract Syntax Notation), 972-974 BER (Basic Encoding Rules), 975-979 CER (Canonical Encoding Rules), 976-979 DER

, 180-183 process memory layout, 169 SHE (structured exception handling) attacks, 178-180 stack overflows, 169-178 static overflows, 186 protection mechanisms, 189-190 ASLR (address space layout randomization), 194 assessing, 196-202 function pointer obfuscation, 195-196 heap hardening, 191-193 nonexecutable stack, 193 SafeSEH, 194-195 stack cookies, 190-191 shellcode, 187

Detect_attack Truncation Vulnerability in SSH listing (6-19), 262 developer documentation, reviewing, 51 developers, interviewing, 51 development protective measures, operational vulnerabilities, 76-79 ASLR (address space layout randomization), 78 heap protection, 77-78 nonexecutable stacks, 76 registered function pointers, 78 stack protection, 77 VMs (virtual machines), 79 device files UNIX, 511 Windows NT

, 180-183 process memory layout, 169 SHE (structured exception handling) attacks, 178-180 stack overflows, 169-178 static overflows, 186 protection mechanisms, 189-190 ASLR (address space layout randomization), 194 function pointer obfuscation, 195-196 heap hardening, 191-193 nonexecutable stack, 193 SafeSEH, 194-195 stack cookies, 190-191 shellcode, 187-189 memory management

bytes, 1068 path traversal, 1067-1068 programmatic SSI, 1068 operational vulnerabilities, 76 access control, 69-70 attack surfaces, 68 development protective measures, 76-79 ASLR (address space layout randomization), 78 heap protection, 77-78 nonexecutable stacks, 76 registered function pointers, 78-79 stack protection, 77 VMs (virtual machines), 79 exposure, 68-73 host-based

Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks

by Scott J. Shapiro  · 523pp  · 154,042 words

they hardened the end points. Harden the end points they did. Consider how Linux dealt with buffer overflows. In 2002, Linux implemented ASLR, short for “address space layout randomization.” The stack, that temporary scratch pad that Robert Morris Jr. used to implant malicious code on Finger servers, usually sits at the very top of