Address space randomization for mobile devices
Venue
WiSec '11 - Proceedings of the fourth ACM conference on wireless network security, ACM, New York, NY (2011)
Publication Year
2011
Authors
Hristo Bojinov, Dan Boneh, Rich Cannings, Iliyan Malchev
BibTeX
Abstract
Address Space Layout Randomization (ASLR) is a defensive technique supported by
many desktop and server operating systems. While smartphone vendors wish to make it
available on their platforms, there are technical challenges in implementing ASLR
on these devices. Pre-linking, limited processing power and restrictive update
processes make it dicult to use existing ASLR implementation strategies even on the
latest generation of smartphones. In this paper we introduce retouching, a
mechanism for executable ASLR that requires no kernel modications and is suitable
for mobile devices. We have implemented ASLR for the Android operating system and
evaluated its eectiveness and performance. In addition, we introduce crash stack
analysis, a technique that uses crash reports locally on the device, or in
aggregate in the cloud to reliably detect attempts to brute-force ASLR protection.
We expect that retouching and crash stack analysis will become standard techniques
in mobile ASLR implementations.
