Abstract
In this work, we present four weaknesses in current Linux and PaX ASLR design and implementation:
1) Too low entropy
2) Non-uniform distribution
3) Correlation between objects
4) Inheritance
A proof of concept exploiting the correlation weakness is presented, which bypasses the Full ASLR Linux in 64-bit systems in less than one second - the system is protected. A deep analysis of all these weaknesses enabled us to propose a new ASLR design. A proof of concept on Linux will be named ASLR-NG, which overcomes all current ASLRs including PaX solution. Finally, we present ASLRA, a suit tool to analyze the ASLR entropy of Linux.
1) Too low entropy
2) Non-uniform distribution
3) Correlation between objects
4) Inheritance
A proof of concept exploiting the correlation weakness is presented, which bypasses the Full ASLR Linux in 64-bit systems in less than one second - the system is protected. A deep analysis of all these weaknesses enabled us to propose a new ASLR design. A proof of concept on Linux will be named ASLR-NG, which overcomes all current ASLRs including PaX solution. Finally, we present ASLRA, a suit tool to analyze the ASLR entropy of Linux.
| Original language | English |
|---|---|
| Publication status | Published - 29 Mar 2016 |
| Event | Black Hat Asia 2016 - Marina Bay Sands, Singapore, Singapore Duration: 29 Mar 2016 → 1 Apr 2016 https://www.blackhat.com/asia-16/briefings.html |
Conference
| Conference | Black Hat Asia 2016 |
|---|---|
| Country/Territory | Singapore |
| City | Singapore |
| Period | 29/03/16 → 1/04/16 |
| Internet address |
Keywords
- CyberSecurity
- Linux
- ASLR