ASLR MAP OBFUSCATION
First Claim
1. A non-transitory machine-readable medium storing instructions which, when executed by one or more processors, cause the processors to perform operations comprising:
- receiving a request from a user process for an address of a function in a randomized address space;
relaying the request for the address to a memory manager in a region of memory protected from access by the user process;
receiving the address of the function from the memory manager; and
configuring an indirect call to the function without disclosing the address of the function in the randomized address space to the user process.
1 Assignment
0 Petitions
Accused Products
Abstract
A data processing system can use a method of fine-grained address space layout randomization to mitigate the system'"'"'s vulnerability to return oriented programming security exploits. The randomization can occur at the sub-segment level by randomizing clumps of virtual memory pages. The randomized virtual memory can be presented to processes executing on the system. The mapping between memory spaces can be obfuscated using several obfuscation techniques to prevent the reverse engineering of the shuffled virtual memory mapping.
-
Citations
20 Claims
-
1. A non-transitory machine-readable medium storing instructions which, when executed by one or more processors, cause the processors to perform operations comprising:
-
receiving a request from a user process for an address of a function in a randomized address space; relaying the request for the address to a memory manager in a region of memory protected from access by the user process; receiving the address of the function from the memory manager; and configuring an indirect call to the function without disclosing the address of the function in the randomized address space to the user process. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A data processing system comprising:
-
one or more processors coupled to a memory device; a first process to execute on the one or more processors to request access to a shared library function stored in a randomized region of memory, the randomized region to include a random shuffling of multiple groups of pages, each of the multiple groups including one or more pages of memory; a linker to request an address of the shared library function in response to the request; and a mapping module to determine the address of the shared library function in the randomized region of memory. - View Dependent Claims (14, 15, 16)
-
-
17. An electronic device comprising:
-
one or more processors coupled to a bus; coupled to the bus, a memory device to store a shared library cache; and a first process, stored on the one or more memory devices, to cause the one or more processors to allocate a block of protected virtual memory in response to a request from a second process, load an intermediate representation of instructions into the block of protected virtual memory, compile the set of instructions in the protected virtual memory using a just-in-time (JIT) compiler, and call the JIT compiled instructions to algorithmically derive the address in the randomized address space. - View Dependent Claims (18, 19, 20)
-
Specification