address space layout randomization

2 results back to index

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities by Justin Schuh

address space layout randomization, Albert Einstein, Any sufficiently advanced technology is indistinguishable from magic, bash_history, business logic, business process, database schema, Debian, defense in depth, en.wikipedia.org, Firefox, information retrieval, information security, iterative process, Ken Thompson, loose coupling, MITM: man-in-the-middle, Multics, MVC pattern, off-by-one error, operational security, OSI model, RFC: Request For Comment, slashdot, SQL injection, web application

Although these mechanisms are a step in the right direction, heap overflows can still be exploited by manipulating application data rather than heap structures. Address Space Layout Randomization When an application is launched in most contemporary operating systems, the loader organizes the program and required libraries into memory at the same locations every time. Customarily, the program stack and heap are put in identical locations for each program that runs. This practice is useful for attackers exploiting a memory corruption vulnerability; they can predict with a high degree of accuracy the location of key data structures and program components they want to manipulate or misuse. Address space layout randomization (ASLR) technologies seek to remove this advantage from attackers by randomizing where different program components are loaded at in memory each time the application runs.

…

In general, this protection mechanism makes exploiting protected systems more difficult, but sophisticated attackers can usually find a way around it. With a little creativity, the existing code can be spliced, diced, and coerced into serving the attacker’s purpose. Address Space Layout Randomization Address space layout randomization (ASLR) is a technology that attempts to mitigate the threat of buffer overflows by randomizing where application data and code is mapped at runtime. Essentially, data and code sections are mapped at a (somewhat) random memory location when they are loaded. Because a crucial part of buffer overflow exploitation involves overwriting key data structures or returning to specific places in memory, ASLR should, in theory, prevent reliable exploitation because attackers can no longer rely on static addresses.

…

See ASP (Active Server Pages) Active X controls, 749, 753-754 COM (Component Object Model), security, 749-754 kill bit, 752 signing, 750 site-restricted controls, 752 threading, 753 ActiveX Data Objects (ADO), 1113-1115 address space layout randomization (ASLR). See ASLR (address space layout randomization) addresses IP addresses, 832-834 maintaining state with, 1029-1030 subnet addresses, 834 AdjustTokenGroups( ) function, 643 AdjustTokenPrivileges( ) function, 643 ADO (ActiveX Data Objects), 1113-1115 ADT (abstract data type), stacks, 169 Age header field (HTTP), 1018 Aitel, Dave, 158 AIX, 460 AJAX (Asynchronous JavaScript and XML), 1085 algorithms analyzing, CC (code comprehension), 116 encryption, 41-42 block ciphers, 42 common vunerabilities, 43-45 exchange algorithms, 43 IV (initialization vector), 42 stream ciphers, 42 hashing algorithms, 326 software design, 26-27 alloc( ) function, 318 allocating 0 bytes, 370-371 allocation functions, auditing, 369-377 allocation-check-copy (ACC) logs.

Engineering Security by Peter Gutmann

active measures, address space layout randomization, air gap, algorithmic trading, Amazon Web Services, Asperger Syndrome, bank run, barriers to entry, bitcoin, Brian Krebs, business process, call centre, card file, cloud computing, cognitive bias, cognitive dissonance, cognitive load, combinatorial explosion, Credit Default Swap, crowdsourcing, cryptocurrency, Daniel Kahneman / Amos Tversky, Debian, domain-specific language, Donald Davies, Donald Knuth, double helix, Dr. Strangelove, Dunning–Kruger effect, en.wikipedia.org, endowment effect, false flag, fault tolerance, Firefox, fundamental attribution error, George Akerlof, glass ceiling, GnuPG, Google Chrome, Hacker News, information security, iterative process, Jacob Appelbaum, Jane Jacobs, Jeff Bezos, John Conway, John Gilmore, John Markoff, John von Neumann, Ken Thompson, Kickstarter, lake wobegon effect, Laplace demon, linear programming, litecoin, load shedding, MITM: man-in-the-middle, Multics, Network effects, nocebo, operational security, Paradox of Choice, Parkinson's law, pattern recognition, peer-to-peer, Pierre-Simon Laplace, place-making, post-materialism, QR code, quantum cryptography, race to the bottom, random walk, recommendation engine, RFID, risk tolerance, Robert Metcalfe, rolling blackouts, Ruby on Rails, Sapir-Whorf hypothesis, Satoshi Nakamoto, security theater, semantic web, seminal paper, Skype, slashdot, smart meter, social intelligence, speech recognition, SQL injection, statistical model, Steve Jobs, Steven Pinker, Stuxnet, sunk-cost fallacy, supply-chain attack, telemarketer, text mining, the built environment, The Death and Life of Great American Cities, The Market for Lemons, the payments system, Therac-25, too big to fail, Tragedy of the Commons, Turing complete, Turing machine, Turing test, Wayback Machine, web application, web of trust, x509 certificate, Y2K, zero day, Zimmermann PGP

scid=kb;en-us;307091. [276] “Local Administrator/Power User Non support of Patching/UAC Hall of Shame”, http://www.threatcode.com/. [277] “The Security Cost of Cheap User Interaction”, Rainer Bőhme and Jens Grossklags, Proceedings of the 2011 New Security Paradigms Workshop (NSPW’11), September 2011, to appear. [278] “Security in Longhorn: Focus on Least Privilege”, Keith Brown, April 2004, http://msdn2.microsoft.com/en-us/library/aa480194.aspx. [279] “Microsoft: Vista feature designed to ‘annoy users’”, Tom Espiner, 11 April 2008, http://news.zdnet.com/2100-9590_22-197085.html. [280] “Data Execution Prevention”, MSDN, http://msdn.microsoft.com/enus/library/aa366553%28VS.85%29.aspx. [281] “Address Space Layout Randomization in Windows Vista”, Michael Howard, 26 May 2006, http://blogs.msdn.com/b/michael_howard/archive/2006/05/26/address-space-layout-randomization-in-windowsvista.aspx. [282] “DEP / ASLR Neglected in Popular Programs”, Carsten Eiram / Secunia, 1 July 2010, http://secunia.com/blog/105. [283] “Top Apps Largely Forgo Windows Security Protections”, Brian Krebs, 1 July 2010, http://krebsonsecurity.com/2010/07/top-apps-largely-forgowindows-security-protections/.

…

TrustZone is accessed from supervisor mode via secure monitor call (SMC) instructions. As with other security products that were secure by executive fiat rather than by actual practice, the TrustZone kernel contained no security mitigations like DEP (data execution prevention), ASLR (address space layout randomization), non-executable heap or stack, or anything else that’s been applied in mainstream OSes for the last decade or so. Combined with unsafe programming practices like the use of strncpy(), it was possible to “exploit like it’s 1999” [48]. Finding various exploits 60 Making this even more apropos is the fact that Drew works in forensics and not cryptography. 248 Threats inside the trusted kernel was relatively simple, and at that point all of the cryptography became irrelevant.

Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks by Scott J. Shapiro

3D printing, 4chan, active measures, address space layout randomization, air gap, Airbnb, Alan Turing: On Computable Numbers, with an Application to the Entscheidungsproblem, availability heuristic, Bernie Sanders, bitcoin, blockchain, borderless world, Brian Krebs, business logic, call centre, carbon tax, Cass Sunstein, cellular automata, cloud computing, cognitive dissonance, commoditize, Compatible Time-Sharing System, Computing Machinery and Intelligence, coronavirus, COVID-19, CRISPR, cryptocurrency, cyber-physical system, Daniel Kahneman / Amos Tversky, Debian, Dennis Ritchie, disinformation, Donald Trump, double helix, Dr. Strangelove, dumpster diving, Edward Snowden, en.wikipedia.org, Evgeny Morozov, evil maid attack, facts on the ground, false flag, feminist movement, Gabriella Coleman, gig economy, Hacker News, independent contractor, information security, Internet Archive, Internet of things, invisible hand, John Markoff, John von Neumann, Julian Assange, Ken Thompson, Larry Ellison, Laura Poitras, Linda problem, loss aversion, macro virus, Marc Andreessen, Mark Zuckerberg, Menlo Park, meta-analysis, Minecraft, Morris worm, Multics, PalmPilot, Paul Graham, pirate software, pre–internet, QWERTY keyboard, Ralph Nader, RAND corporation, ransomware, Reflections on Trusting Trust, Richard Stallman, Richard Thaler, Ronald Reagan, Satoshi Nakamoto, security theater, Shoshana Zuboff, side hustle, Silicon Valley, Skype, SoftBank, SQL injection, Steve Ballmer, Steve Jobs, Steven Levy, Stuxnet, supply-chain attack, surveillance capitalism, systems thinking, TaskRabbit, tech billionaire, tech worker, technological solutionism, the Cathedral and the Bazaar, the new new thing, the payments system, Turing machine, Turing test, Unsafe at Any Speed, vertical integration, Von Neumann architecture, Wargames Reagan, WarGames: Global Thermonuclear War, Wayback Machine, web application, WikiLeaks, winner-take-all economy, young professional, zero day, éminence grise

Before the Morris Worm, the internet community naively believed that malicious behavior would be minor and outbreaks could be contained. After the Worm, the community realized that an end-to-end internetworking system can survive only if they hardened the end points. Harden the end points they did. Consider how Linux dealt with buffer overflows. In 2002, Linux implemented ASLR, short for “address space layout randomization.” The stack, that temporary scratch pad that Robert Morris Jr. used to implant malicious code on Finger servers, usually sits at the very top of the computer’s memory space. When ASLR is turned on, the operating system moves the stack to a random part of the memory space. Thus ASLR hides the stack to prevent hackers from injecting code through overflows.