March 21, 2011

ASLR

Mobile devices, as computers, time by time concern more about security. Due to unstoppable increase in processing power, classical encryption methods and security procedures are pushed until their protection limits until cracked, of course many other ways to improve known weaknesses are worked out, that's what I would like to talk you about.

ASLR, in other words, Address Space Layout Randomization, which is a security method to rearrange memory addresses at runtime for key data spaces: executables, library pointers, heap, stack, between the most importants pieces of code.

The technique tries to change the pointers and address of the necessary code during execution, as consequence hinders some types of security attacks by making it more difficult for an attacker to predict interesting addresses. For example, attackers trying to execute return-to-libc attacks must locate the code to be executed, while other attackers trying to execute shellcode injected on the stack have to find the stack first. In both cases, the related memory addresses are obscured from the attackers. These values have to be guessed, and a mistaken guess is not usually recoverable due to the application crashing.
To defeat the randomization, attackers must successfully guess the positions of all areas they wish to attack. For data areas such as stack and heap, where custom code or useful data can be loaded, more than one state can be attacked by using NOP slides for code or repeated copies of data. This allows an attack to succeed if the area is randomized to one of a handful of values. In contrast, code areas such as library base and main executable need to be discovered exactly.

Ok, many works, let's watch a video:


Also it worth the saying that Apple introduced ASLR in iOS 4.3. This not only makes it harder to jailbreak those devices, but it stops developers from having their apps themselves break the device.

No comments:

Post a Comment