- DCN Tutorial
- Data Comm & Networks Home
- DCN - Overview
- DCN - Computer Network Types
- DCN - Network LAN Technologies
- DCN - Computer Network Topologies
- DCN - Computer Network Models
- DCN - Computer Network Security
- Physical Layer
- DCN - Physical Layer Introduction
- DCN - Digital Transmission
- DCN - Analog Transmission
- DCN - Transmission media
- DCN - Wireless Transmission
- DCN - Multiplexing
- DCN - Network Switching
- Data Link Layer
- DCN - Data Link Layer Introduction
- DCN - Error detection and Correction
- DCN - Data Link Control & Protocols
- Network Layer
- DCN - Network Layer Introduction
- DCN - Network Addressing
- DCN - Routing
- DCN - Internetworking
- DCN - Network Layer Protocols
- Transport Layer
- DCN - Transport Layer Introduction
- DCN - Transmission Control Protocol
- DCN - User Datagram Protocol
- Application Layer
- DCN - Application Layer Introduction
- DCN - Client-Server Model
- DCN - Application Protocols
- DCN - Network Services
- DCN Useful Resources
- DCN - Quick Guide
- DCN - Useful Resources
Address Space Layout Randomization (ASLR)
Memory corruption vulnerabilities have plagued software for decades, despite efforts by large companies like Apple, Google, and Microsoft to eradicate them. This article presents some basic facts about ASLR, focusing on the Windows implementation. In addition to covering what ASLR accomplishes to improve security posture, we aim to give defenders advice on how to improve the security of their software, and to give researchers more insight into how ASLR works and ideas for investigating its limitations.
Memory corruption vulnerabilities occur when a program mistakenly writes attacker-controlled data outside of an intended memory region or outside intended memory’s scope. This may crash the program, or worse, provide the attacker full control over the system. Since these bugs are hard to find and just one can compromise a system, security professionals have designed failsafe mechanisms to thwart software exploitation and limit the damage should a memory corruption bug be exploited. Unfortunately, nothing is perfect, but address space layout randomization (ASLR) is one of the best mitigations available.
ASLR works by breaking assumptions that developers could otherwise make about where programs and libraries would lie in memory at runtime. A common example is the locations of gadgets used in return-oriented programming (ROP), which is often used to defeat the defence of data execution prevention (DEP). ASLR mixes up the address space of the vulnerable process—the main program, its dynamic libraries, the stack and heap, memory-mapped files, and so on—so that exploit payloads must be uniquely tailored to however the address space of the victim process is laid out at the time.
- Related Articles
- What is the relationship between Address and Memory Space in a Virtual Memory System?
- C++ Program to Implement Quick Sort Using Randomization
- Div Layout vs. Table Layout in HTML
- How to create a date vector with randomization in R?
- CSS Grid Layout
- Difference between IP Address and MAC Address
- Difference between MAC Address and IP Address
- How to create a blank column with randomization in an R data frame?
- Difference between 2-address and 1-address Instructions
- Difference between 3-address and 0-address Instructions
- Difference between 3-address and 1-address Instructions
- Difference between 3-address and 2-address Instructions
- The Address
- CSS Flexbox Layout Module
- Liquid Layout in CSS
