Address space layout randomization
|
In computer science, address space layout randomization (ASLR) is a process which entails arranging the positions of major data areas randomly in virtual address space. This can include the base of the executable, libraries, heap, and stack. The chances of an attacker guessing where any of these randomly placed areas is <math>1/{2^b}<math>, where b is the number of bits of entropy used to determine the position of the data area. In many systems, <math>2^b<math> can be in the thousands or millions; on modern 64-bit systems, these numbers typically reach the millions at least.
Address space layout randomization was a concept used to exemplify a simple hinderance to certain classes of computer security attacks by preventing targeted data--usually program code--from being placed at addresses easily determined by the attacker; attackers trying to execute return-to-libc attacks could, for example, run the program they are attacking on their home computer to determine the layout of the program under normal, non-random circumstances.
Several security systems implement ASLR, notably PaX and Exec Shield on Linux. W^X on OpenBSD also implements a form of ASLR.
Some systems may also implement Library Load Order Randomization, which is a less entropic form of ASLR that simply randomizes the order in which libraries loaded on program load are loaded. This leaves libraries at highly predictable positions; the chances of an attacker correctly guessing the location of any of the randomly ordered libraries is <math>1/n<math>, where n is the number of libraries loaded.
References
- PaX Documentation: ASLR (http://pax.grsecurity.net/docs/aslr.txt)