research-article

Address space randomization for mobile devices

Authors:

Hristo Bojinov,

Iliyan MalchevAuthors Info & Claims

WiSec '11: Proceedings of the fourth ACM conference on Wireless network security

Pages 127 - 138

https://doi.org/10.1145/1998412.1998434

Published: 14 June 2011 Publication History

Abstract

Address Space Layout Randomization (ASLR) is a defensive technique supported by many desktop and server operating systems. While smartphone vendors wish to make it available on their platforms, there are technical challenges in implementing ASLR on these devices. Pre-linking, limited processing power and restrictive update processes make it difficult to use existing ASLR implementation strategies even on the latest generation of smartphones. In this paper we introduce retouching, a mechanism for executable ASLR that requires no kernel modifications and is suitable for mobile devices. We have implemented ASLR for the Android operating system and evaluated its effectiveness and performance. In addition, we introduce crash stack analysis, a technique that uses crash reports locally on the device, or in aggregate in the cloud to reliably detect attempts to brute-force ASLR protection. We expect that retouching and crash stack analysis will become standard techniques in mobile ASLR implementations.

References

[1]

Android. www.android.com.

[2]

Ruediger R. Asche. Rebasing win32 dlls: The whole story, 1995. http://msdn.microsoft.com/en-us/library/ms810432.aspx.

[3]

Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar. Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In In Proceedings of the 12th USENIX Security Symposium, pages 105--120, 2003.

Digital Library

[4]

Dion Blazakis. Interpreter exploitation: Pointer inference and jit spraying, 2010. http://www.semantiscope.com/research/BHDC2010/BHDC-2010-Paper.pdf.

[5]

Monica Chew and Dawn Song. Mitigating buffer overflows by operating system randomization. Technical report, UC Berkeley, 2002.

[6]

Crispin Cowan, Steve Beattie, John Johansen, and Perry Wagle. Pointguard#8482;: Protecting pointers from buffer overflow vulnerabilities. In In Proc. of the 12th Usenix Security Symposium, 2003.

Digital Library

[7]

Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, and Marcel Winandy. Privilege escalation attacks on android. In ISC, pages 346--360, 2010.

Digital Library

[8]

Jake Edge. Linux aslr vulnerabilities, 2009. http://lwn.net/Articles/330866/.

[9]

Hiroaki Etoh. Gcc extension for protecting applications from stack-smashing attacks, 2005. http://www.research.ibm.com/trl/projects/security/ssp/.

[10]

Aurélien Francillon, Daniele Perito, and Claude Castelluccia. Defending embedded systems against control flow attacks. In SecuCode '09: Proceedings of the first ACM workshop on Secure execution of untrusted code, pages 19--26, New York, NY, USA, 2009. ACM.

Digital Library

[11]

Gaurav S. Kc. Countering code-injection attacks with instruction-set randomization. In In Proceedings of the ACM Computer and Communications Security (CCS) Conference, pages 272--280. ACM Press, 2003.

Digital Library

[12]

Chongkyung Kil, Jinsuk Jun, Christopher Bookholt, Jun Xu, and Peng Ning. Address space layout permutation (aslp): Towards fine-grained randomization of commodity software. In ACSAC '06: Proceedings of the 22nd Annual Computer Security Applications Conference, pages 339--348, Washington, DC, USA, 2006. IEEE Computer Society.

Digital Library

[13]

J. Krhovjak, V. Matyas, and J. Zizkovsky. Generating Random and Pseudorandom Sequences in Mobile Devices, pages 122--. Springer, 2009.

[14]

David Litchfield. Buffer underruns, dep, aslr and improving the exploitation prevention mechanisms (xpms) on the windows platform, 2005. http://www.ngssoftware.com/papers/xpms.pdf.

[15]

Charlie Miller. Owning the fanboys: Hacking mac os x, 2008. http://www.blackhat.com/presentations/bh-jp-08/bh-jp-08-Miller/BlackHat%-Japan-08-Miller-Hacking-OSX.pdf.

[16]

Charlie Miller. Fuzzing the phone in your phone, 2009. http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-F%uzzingPhone-PAPER.pdf.

[17]

John Moser. Prelink and address space randomization, 2006. http://lwn.net/Articles/190139/.

[18]

Giampaolo Fresi Roglia, Lorenzo Martignoni, Roberto Paleari, and Danilo Bruschi. Surgically returning to randomized lib(c). In ACSAC '09: Proceedings of the 2009 Annual Computer Security Applications Conference, pages 60--69, Washington, DC, USA, 2009. IEEE Computer Society.

Digital Library

[19]

Clint Ruoho. Aslr: Leopard versus vista, 2008. http://www.laconicsecurity.com/aslr-leopard-versus-vista.html.

[20]

Mark Russinovich. Inside the windows vista kernel: Part 3, 2007. http://technet.microsoft.com/en-us/magazine/2007.04.vistakernel.aspx.

[21]

segvguard. http://www.daemon-systems.org/man/security.8.html.

[22]

Hovav Shacham. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86. In In Proceedings of the 14th ACM Conference on Computer and Communications Security, 2007.

Digital Library

[23]

Hovav Shacham, Eu jin Goh, Nagendra Modadugu, Ben Pfaff, and Dan Boneh. On the effectiveness of address-space randomization. In In CCS'04: Proceedings of the 11th ACM Conference on Computer and Communications Security, pages 298--307. ACM Press, 2004.

Digital Library

[24]

Brad Spengler. Pax: The guaranteed end of arbitrary code execution, 2003. http://grsecurity.net/PaX-presentation_files/frame.htm.

[25]

The PaX Team. Homepage of the pax team, 2008. http://pax.grsecurity.net/.

[26]

Ollie Whitehouse. An analysis of address space layout randomization on windows vista, 2007. http://www.symantec.com/avcenter/reference/Address_Space_Layout_Randomi%zation.pdf.

[27]

Haizhi Xu and Steve J. Chapin. Improving address space randomization with a dynamic offset randomization technique. In SAC '06: Proceedings of the 2006 ACM symposium on Applied computing, pages 384--391, New York, NY, USA, 2006. ACM.

Digital Library

Cited By

Potteiger BZhang ZCheng LKoutsoukos X(2022)A Tutorial on Moving Target Defense Approaches Within Automotive Cyber-Physical SystemsFrontiers in Future Transportation10.3389/ffutr.2021.7925732Online publication date: 7-Feb-2022
https://doi.org/10.3389/ffutr.2021.792573
Potteiger BZhang ZKoutsoukos X(2020)Integrated moving target defense and control reconfiguration for securing Cyber-Physical systemsMicroprocessors & Microsystems10.1016/j.micpro.2019.10295473:COnline publication date: 1-Mar-2020
https://dl.acm.org/doi/10.1016/j.micpro.2019.102954
Marco-Gisbert HRipoll Ripoll I(2019)Address Space Layout Randomization Next GenerationApplied Sciences10.3390/app91429289:14(2928)Online publication date: 22-Jul-2019
https://doi.org/10.3390/app9142928
Show More Cited By

Index Terms

Address space randomization for mobile devices
1. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Modern operating systems use hardware support to protect against control-flow hijacking attacks such as code-injection attacks. Typically, write access to executable pages is prevented and kernel mode execution is restricted to kernel code pages only. ...
Protecting against address space layout randomisation (ASLR) compromises and return-to-libc attacks using network intrusion detection systems

Writable XOR executable (W X) and address space layout randomisation (ASLR) have elevated the understanding necessary to perpetrate buffer overflow exploits[1]. However, they have not proved to be a panacea[1---3], and so other mechanisms, such as stack ...
Mobile Attacks and Defense

Smartphones' features are great, but with the power they provide, there's also a threat. Smartphones are becoming a target of attackers in the same way PCs have been for many years. This article examines the security models of two popular smart phone ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WiSec '11: Proceedings of the fourth ACM conference on Wireless network security

June 2011

186 pages

ISBN:9781450306928

DOI:10.1145/1998412

General Chairs:
Dieter Gollmann
TU Hamburg, Germany
,
Dirk Westhoff
HAW Hamburg, Germany
,
Program Chairs:
Gene Tsudik
University of California, Irvine, USA
,
N. Asokan
Nokia Research Center, Helsinki, Finland

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

In-Cooperation

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 June 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

WISEC'11

Sponsor:

SIGSAC

WISEC'11: Fourth ACM Conference on Wireless Network Security

June 14 - 17, 2011

Hamburg, Germany

Acceptance Rates

Overall Acceptance Rate 98 of 338 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

25
Total Citations
View Citations
648
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)0

Reflects downloads up to 25 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Potteiger BZhang ZCheng LKoutsoukos X(2022)A Tutorial on Moving Target Defense Approaches Within Automotive Cyber-Physical SystemsFrontiers in Future Transportation10.3389/ffutr.2021.7925732Online publication date: 7-Feb-2022
https://doi.org/10.3389/ffutr.2021.792573
Potteiger BZhang ZKoutsoukos X(2020)Integrated moving target defense and control reconfiguration for securing Cyber-Physical systemsMicroprocessors & Microsystems10.1016/j.micpro.2019.10295473:COnline publication date: 1-Mar-2020
https://dl.acm.org/doi/10.1016/j.micpro.2019.102954
Marco-Gisbert HRipoll Ripoll I(2019)Address Space Layout Randomization Next GenerationApplied Sciences10.3390/app91429289:14(2928)Online publication date: 22-Jul-2019
https://doi.org/10.3390/app9142928
Tsoutsos NManiatakos M(2018)Anatomy of Memory Corruption Attacks and Mitigations in Embedded SystemsIEEE Embedded Systems Letters10.1109/LES.2018.282977710:3(95-98)Online publication date: Sep-2018
https://doi.org/10.1109/LES.2018.2829777
Raja ALee JGao D(2017)On Return Oriented Programming Threats in Android Runtime2017 15th Annual Conference on Privacy, Security and Trust (PST)10.1109/PST.2017.00038(259-2598)Online publication date: Aug-2017
https://doi.org/10.1109/PST.2017.00038
Fellmuth JHerber PPfeffer TGlesner S(2017)Securing Real-Time Cyber-Physical Systems Using WCET-Aware Artificial Diversity2017 IEEE 15th Intl Conf on Dependable, Autonomic and Secure Computing, 15th Intl Conf on Pervasive Intelligence and Computing, 3rd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech)10.1109/DASC-PICom-DataCom-CyberSciTec.2017.88(454-461)Online publication date: Nov-2017
https://doi.org/10.1109/DASC-PICom-DataCom-CyberSciTec.2017.88
Ghosh RGhosh R(2017)Mobile OS and Application ProtocolsWireless Networking and Mobile Data Management10.1007/978-981-10-3941-6_8(217-261)Online publication date: 21-Apr-2017
https://doi.org/10.1007/978-981-10-3941-6_8
Evtyushkin DPonomarev DAbu-Ghazaleh NHsu WYang CLipasti MLee H(2016)Jump over ASLRThe 49th Annual IEEE/ACM International Symposium on Microarchitecture10.5555/3195638.3195686(1-13)Online publication date: 15-Oct-2016
https://dl.acm.org/doi/10.5555/3195638.3195686
Kisore N(2016)A qualitative framework for evaluating buffer overflow protection mechanismsInternational Journal of Information and Computer Security10.1504/IJICS.2016.0791878:3(272-307)Online publication date: 1-Jan-2016
https://dl.acm.org/doi/10.1504/IJICS.2016.079187
Crane SHomescu ALarsen P(2016)Code Randomization: Haven’t We Solved This Problem Yet?2016 IEEE Cybersecurity Development (SecDev)10.1109/SecDev.2016.036(124-129)Online publication date: Nov-2016
https://doi.org/10.1109/SecDev.2016.036
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents