NECSTFridayTalk – The Illusion of Randomness: An Empirical Analysis of Address Space Layout Randomization Implementations
Speaker: Lorenzo Binosi
DEIB - Research Assistant
DEIB - NECSTLab Meeting Room (Bld. 20)
Online by Zoom
October 25h, 2024 | 11.30 am
Contact: Prof. Marco Santambrogio
DEIB - Research Assistant
DEIB - NECSTLab Meeting Room (Bld. 20)
Online by Zoom
October 25h, 2024 | 11.30 am
Contact: Prof. Marco Santambrogio
Sommario
On October 25th, 2024 at 11.30 am a new appointment of NECSTFridayTalk series titled "The Illusion of Randomness: An Empirical Analysis of Address Space Layout Randomization Implementations" will take place at DEIB NECSTLab Meeting Room (Building 20) and on line by Zoom.
During this talk, we will have, as speaker, Lorenzo Binosi, Research Assistant at Dipartimento di Elettronica, Informazione e Bioingegneria.
Address Space Layout Randomization (ASLR) is a crucial defense mechanism modern operating systems employ to mitigate exploitation by randomizing processes’ memory layouts. However, the stark reality is that real-world implementations of ASLR are imperfect and subject to weaknesses that attackers can exploit. This work evaluates the effectiveness of ASLR on major desktop platforms, including Linux, MacOS, and Windows, by examining the variability in the placement of memory objects across various processes, threads, and system restarts. In particular, we collect samples of memory object locations, conduct statistical analyses to measure the randomness of these placements and examine the memory layout to find any patterns among objects that could decrease this randomness. The results show that while some systems, like Linux distributions, provide robust randomization, others, like Windows and MacOS, often fail to randomize key areas like executable code and libraries adequately. Moreover, we find a significant entropy reduction in the entropy of libraries after the Linux 5.18 version and identify correlation paths that an attacker could leverage to reduce exploitation complexity significantly. Ultimately, we rank the identified weaknesses based on severity and validate our entropy estimates with a proof-of-concept attack. In brief, this work provides the first comprehensive evaluation of ASLR effectiveness across different operating systems and highlights opportunities for Operating System (OS) vendors to strengthen ASLR implementations.
During this talk, we will have, as speaker, Lorenzo Binosi, Research Assistant at Dipartimento di Elettronica, Informazione e Bioingegneria.
Address Space Layout Randomization (ASLR) is a crucial defense mechanism modern operating systems employ to mitigate exploitation by randomizing processes’ memory layouts. However, the stark reality is that real-world implementations of ASLR are imperfect and subject to weaknesses that attackers can exploit. This work evaluates the effectiveness of ASLR on major desktop platforms, including Linux, MacOS, and Windows, by examining the variability in the placement of memory objects across various processes, threads, and system restarts. In particular, we collect samples of memory object locations, conduct statistical analyses to measure the randomness of these placements and examine the memory layout to find any patterns among objects that could decrease this randomness. The results show that while some systems, like Linux distributions, provide robust randomization, others, like Windows and MacOS, often fail to randomize key areas like executable code and libraries adequately. Moreover, we find a significant entropy reduction in the entropy of libraries after the Linux 5.18 version and identify correlation paths that an attacker could leverage to reduce exploitation complexity significantly. Ultimately, we rank the identified weaknesses based on severity and validate our entropy estimates with a proof-of-concept attack. In brief, this work provides the first comprehensive evaluation of ASLR effectiveness across different operating systems and highlights opportunities for Operating System (OS) vendors to strengthen ASLR implementations.
The NECSTLab is a DEIB laboratory, with different research lines on advanced topics in computing systems: from architectural characteristics, to hardware-software codesign methodologies, to security and dependability issues of complex system architectures.
Every week, the “NECSTFridayTalk” invites researchers, professionals or entrepreneurs to share their work experiences and projects they are implementing in the “Computing Systems”.
