Address Space Layout Randomization

from Wikipedia, the free encyclopedia

Address Space Layout Randomization ( ASLR ; German for example random design of the address space structure , or memory scrambling or address scrambling forshort) is a technique thatmakes it difficult toexploit security gaps in computer systems . ASLR assigns address ranges to the programs on a random basis, which means that the allocation of the address ranges of a program is practically no longer predictable. This should make attacks by buffer overflow more difficult. There are attack techniques that can circumvent this protection, such as Return Oriented Programming .

ASLR refers to the EBP and libraries as well as the heap , text, data and BSS segments , although the latter are not randomized in all ASLR solutions .

Desktop operating systems

The ASLR technology was first used in the OpenBSD operating system and was also introduced by Microsoft with the appearance of Windows Vista , and it was also introduced by Apple in Mac OS X Leopard . However, the implementation in Vista and Mac OS X Leopard is different. While ASLR is implemented throughout the system in Vista, only the library is protected in Mac OS X Leopard. With the introduction of Mac OS X Lion , ASLR was completely implemented.

The official Linux kernel from version 2.6.12 (June 2005) offers an incomplete ASLR implementation. With PaX , however, it has been possible to use more extensive support since 2001. Since kernel version 3.14 there is a full implementation of ASLR. From version 4.8 the Kernel Address Space Layout Randomization (KASLR) no longer collides with the Hibernate function.

Mobile operating systems

With iOS 4.3, ASLR technology was also used for the first time on an operating system for mobile devices. The implementation in the mobile web browser Apple Safari was supposed to bring security advantages to users, but initially led to a security gap. Just three days after the firmware was released, the hacker Charlie Miller managed to hack it through the ASLR gateway. Android also introduced an incomplete ASLR implementation in version 4.0 (Ice Cream Sandwich) . Starting with version 4.1 (Jelly Bean) , Android has a full implementation.

Avoidance via spraying

ASLR can be bypassed by so-called spraying . The malicious code is duplicated over hundreds of megabytes in the memory (large-scale "spraying"). This increases the likelihood that a library call will nevertheless (at some point) execute malicious code.

Individual evidence

  1. ASLR: Leopard versus Vista ( Memento from February 22, 2010 in the Internet Archive )
  2. KASLR: An Exercise in Cargo Cult Security , March 20, 2013
  3. 1.7. Kernel address space randomization
  4. x86 / KASLR, x86 / power: Remove x86 hibernation restrictions
  5. iOS 4.3 vulnerability requires update ( memento of the original from March 14, 2011 in the Internet Archive ) Info: The archive link was inserted automatically and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. , March 12, 2011 @1@ 2Template: Webachiv / IABot / www.macnews.de
  6. Address scrambling for Android 4. Retrieved on July 17, 2012 .
  7. Correct address scrambling for Android. Retrieved July 17, 2012 .
  8. heise security: The return of buffer overflows , August 9, 2008