Countering code-injection attacks with instruction-set randomization
Proceedings of the 10th ACM conference on Computer and communications security
On the effectiveness of address-space randomization
Proceedings of the 11th ACM conference on Computer and communications security
Improving address space randomization with a dynamic offset randomization technique
Proceedings of the 2006 ACM symposium on Applied computing
Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
PointguardTM: protecting pointers from buffer overflow vulnerabilities
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)
Proceedings of the 14th ACM conference on Computer and communications security
Defending embedded systems against control flow attacks
Proceedings of the first ACM workshop on Secure execution of untrusted code
Surgically Returning to Randomized lib(c)
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Privilege escalation attacks on android
ISC'10 Proceedings of the 13th international conference on Information security
Enhanced operating system security through efficient and fine-grained address space randomization
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Exposing security risks for commercial mobile devices
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Back to the future: fault-tolerant live update with time-traveling state transfer
LISA'13 Proceedings of the 27th international conference on Large Installation System Administration
Hi-index | 0.00 |
Address Space Layout Randomization (ASLR) is a defensive technique supported by many desktop and server operating systems. While smartphone vendors wish to make it available on their platforms, there are technical challenges in implementing ASLR on these devices. Pre-linking, limited processing power and restrictive update processes make it difficult to use existing ASLR implementation strategies even on the latest generation of smartphones. In this paper we introduce retouching, a mechanism for executable ASLR that requires no kernel modifications and is suitable for mobile devices. We have implemented ASLR for the Android operating system and evaluated its effectiveness and performance. In addition, we introduce crash stack analysis, a technique that uses crash reports locally on the device, or in aggregate in the cloud to reliably detect attempts to brute-force ASLR protection. We expect that retouching and crash stack analysis will become standard techniques in mobile ASLR implementations.