ASLR
ASLR definition
Address space layout randomization (ASLR) is a security technique that randomly arranges key data area positions in a process’s address space. This includes the base of the executable and the positions of the stack, heap, and libraries. By doing this, ASLR makes it more difficult for an attacker to predict target addresses, making exploitation of memory corruption bugs much harder.
See also: buffer overflow attack, stack smashing
ASLR history
2001: The PaX project, an open-source patch for the Linux kernel, is implemented to address the rising problem of buffer overflow attacks. It is considered the origin of the concept of ASLR.
2003: OpenBSD integrates a similar feature.
2005: ASLR is integrated into the Linux kernel, starting with version 2.6.12.
2007: Microsoft introduces ASLR in Windows Vista as part of several new security features. Apple introduces ASLR in Mac OS X Leopard (10.5).
2011: Apple extends ASLR to the iOS platform in version 4.3.
ASLR benefits
- More difficult to exploit. By randomizing memory addresses, ASLR makes it much harder for attackers to predict where specific code will reside in memory. This largely mitigates certain types of threats, such as buffer overflow and return-to-libc attacks.
- System-wide protection. ASLR is implemented at the system level, so it protects all processes running on the system, not just individual applications.
ASLR limitations
- Information leakage. If an attacker can find a way to reveal the memory layout (a memory leak vulnerability, for example), they can bypass ASLR. This is because once the base address is known, so are the relative addresses.
- Limited entropy. The degree of randomness (or entropy) depends on the architecture of the system. On 32-bit systems, there is much less entropy available for ASLR compared to 64-bit systems, making it less effective.