发新话题
打印

[转载]On the Effectiveness of AddressSpace Randomization

[转载]On the Effectiveness of AddressSpace Randomization

信息来源:邪恶八进制信息安全团队(www.eviloctal.com

ABSTRACT
Address-space randomization is a technique used to fortify
systems against bu er over
ow attacks. The idea is to in-
troduce arti cial diversity by randomizing the memory lo-
cation of certain system components. This mechanism is
available for both Linux (via PaX ASLR) and OpenBSD.
We study the e ectiveness of address-space randomization
and nd that its utility on 32-bit architectures is limited by
the number of bits available for address randomization. In
particular, we demonstrate a derandomization attack that
will convert any standard bu er-over
ow exploit into an ex-
ploit that works against systems protected by address-space
randomization. The resulting exploit is as e ective as the
original exploit, although it takes a little longer to compro-
mise a target machine: on average 216 seconds to compro-
mise Apache running on a Linux PaX ASLR system. The
attack does not require running code on the stack.
We also explore various ways of strengthening address-
space randomization and point out weaknesses in each. Sur-
prisingly, increasing the frequency of re-randomizations adds
at most 1 bit of security. Furthermore, compile-time ran-
domization appears to be more e ective than runtime ran-
domization. We conclude that, on 32-bit architectures, the
only bene t of PaX-like address-space randomization is a
small slowdown in worm propagation speed. The cost of
randomization is extra complexity in system support.

附件

On the Effectiveness of AddressSpace Randomization.rar (103.45 KB)

2008-3-25 22:29, 下载次数: 531

曾几何时,有人对我说:装B遭雷劈。我说:去你妈的。于是,这个人又对我说:如果再说脏话,上帝会惩罚你的。我说:我操上帝。结论:彪悍的人生不需要上帝。

TOP

发新话题