Address Space Layout Randomization (ASLR) Dirk Gordon

Slides:

Advertisements

Similar presentations

Topics Working Set Background Working Set Aging/Trimming.

Advertisements

Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.

David Brumley Carnegie Mellon University Credit: Some slides from Ed Schwartz.

Part III Counter measures The best defense is proper bounds checking but there are many C/C++ programmers and some are bound to forget  Are there any.

Review: Software Security David Brumley Carnegie Mellon University.

Framing Signals— A Return to Portable Shellcode

A Buffer Overflow Example João Paulo Magalhães 2009.

CS 153 Design of Operating Systems Spring 2015 Lecture 19: Page Replacement and Memory War.

Software and Security Buffer Overflow 1.

Engineering Problem Solving With C++ An Object Based Approach Fundamental Concepts Chapter 1 Engineering Problem Solving.

1 Engineering Problem Solving With C++ An Object Based Approach Fundamental Concepts Chapter 1 Engineering Problem Solving.

Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Maziéres, Dan Boneh

Chapter 2. Definition Characteristics ExamplesNon-examples Input Graphic.

OllyDbg Debuger.

How to ? Subnetting. Scenario How Many Networks? 2 How Many Network addresses are required? 2 Addresses Used: subnet mask

Paging Examples Assume a page size of 1K and a 15-bit logical address space. How many pages are in the system?

COS 598: Advanced Operating System. Operating System Review What are the two purposes of an OS? What are the two modes of execution? Why do we have two.

Buffer Overflows : An In-depth Analysis. Introduction Buffer overflows were understood as early as 1972 The legendary Morris Worm made use of a Buffer.

Java Chapter 1 Problem solving: 1. Understanding the problem. 2. Breaking the problem into manageable pieces. 3. Designing a solution. 4. Considering alternatives.

Rpisec.org/2013/ /exploitation.zip For the lazy – rpisec.org/2013/ Windows & Linux Binaries! … macs? RPISEC - 09/13/2013Intro to Memory Corruption1.

Windows XP & Vista Memory Management

Buffer Overflows Taught by Scott Coté.-. _ _.-. / \.-. ((___)).-. / \ /.ooM \ / \.-. [ x x ].-. / \ /.ooM \ -/ \ /-----\-----/---\--\ /--/---\-----/-----\ / \-

CNIT 127: Exploit Development Ch 14: Protection Mechanisms.

Group 9. Exploiting Software The exploitation of software is one of the main ways that a users computer can be broken into. It involves exploiting the.

Foundations of Network and Computer Security J J ohn Black CSCI 6268/TLEN 5550, Spring 2013.

Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Windows Security Features protect Memory Disk Network.

5.3 EVALUATION OF POSTFIX EXPRESSION For example, consider the evaluation of the following postfix expression using stacks: abc+d*f/- where, a=6, b=3,

3.13 How many output lines will a five-input decoder have?

Direct memory access. IO Command includes: buffer address buffer length read or write dada position in disk When IO complete, DMA sends an interrupt request.

CS 140 Lecture Notes: Virtual MemorySlide 1 Load-Time Relocation Process 1 0 ∞ Process 3 Operating System Process 6.

Programming with Java. Chapter 1 Focuses on: –components of a computer –how those components interact –how computers store and manipulate information.

THE CODING SYSTEM FOR REPRESENTING DATA IN COMPUTER.

1 Carnegie Mellon A Tour of Computer Systems Instructors: Sejin Park.

Remix: On-demand Live Randomization

CS 140 Lecture Notes: Virtual Memory

Engineering Problem Solving With C An Object Based Approach

CS2100 Computer Organization

CCP4 helpdesk: Installation CCP4 helpdesk:

Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR

CSC 495/583 Topics of Software Security Stack Overflows (2)

Von Neumann model - Memory

CSC 495/583 Topics of Software Security Return-oriented programming

Paging Examples Assume a page size of 1K and a 15-bit logical address space. How many pages are in the system?

CS 140 Lecture Notes: Virtual Memory

Data Structures and Analysis (COMP 410)

CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst

Paging Lecture November 2018.

Defeating Instruction Set Randomization Nora Sovarel

File Systems Implementation

Advanced Buffer Overflow: Pointer subterfuge

CS 140 Lecture Notes: Virtual Memory

Tail Recursion.

Binary Lesson 2 Bytes.

CSC 495/583 Topics of Software Security StackGuard & Format String Bug

Von Neumann model - Memory

Binary Lesson 2 Bytes.

Ашық сабақ 7 сынып Файлдар мен қапшықтар Сабақтың тақырыбы:

LPC2148 ARM7 myKernel Details

Windows басқару элементтері

Қош келдіңіздер!.

CSC 497/583 Advanced Topics in Computer Security

CS 140 Lecture Notes: Virtual Memory

Информатика пән мұғалімі : Аитова Карима.

Computer Architecture and System Programming Laboratory

Return-to-libc Attacks

Presentation transcript:

Address Space Layout Randomization (ASLR) Dirk Gordon

Implementation (32 bit) Windows Vista Linux 2.6.12 8 (28 = 256) bits of randomization Linux 2.6.12 16 (216 = 65536) bits of randomization

Process Memory ASLR_DEMO memory layout Buffer 4 bytes EBP 4 bytes Return Address 4 bytes

Process Memory ASLR_DEMO memory layout Buffer AAAA 4 bytes EBP 4 bytes Return Address \x00\x00\x00\x00 4 bytes

Process Memory ASLR_DEMO memory layout Buffer AAAA 4 bytes EBP 4 bytes Points to System() System() Address 4 bytes System() Return Address Points to Exit() 4 bytes Binary to execute System() Parameter 4 bytes