ASLR MAP OBFUSCATION

US 20160092674A1
Filed: 09/30/2014
Published: 03/31/2016
Est. Priority Date: 09/30/2014
Status: Active Grant

First Claim

Patent Images

1. A non-transitory machine-readable medium storing instructions which, when executed by one or more processors, cause the processors to perform operations comprising:

receiving a request from a user process for an address of a function in a randomized address space;

relaying the request for the address to a memory manager in a region of memory protected from access by the user process;

receiving the address of the function from the memory manager; and

configuring an indirect call to the function without disclosing the address of the function in the randomized address space to the user process.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data processing system can use a method of fine-grained address space layout randomization to mitigate the system'"'"'s vulnerability to return oriented programming security exploits. The randomization can occur at the sub-segment level by randomizing clumps of virtual memory pages. The randomized virtual memory can be presented to processes executing on the system. The mapping between memory spaces can be obfuscated using several obfuscation techniques to prevent the reverse engineering of the shuffled virtual memory mapping.

Citations

20 Claims

1. A non-transitory machine-readable medium storing instructions which, when executed by one or more processors, cause the processors to perform operations comprising:
- receiving a request from a user process for an address of a function in a randomized address space;
  
  relaying the request for the address to a memory manager in a region of memory protected from access by the user process;
  
  receiving the address of the function from the memory manager; and
  
  configuring an indirect call to the function without disclosing the address of the function in the randomized address space to the user process.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The medium of claim 1 further comprising loading the function from an object file into the randomized address space.
  - 3. The medium of claim 2 wherein the object file is a dynamically loaded shared library.
  - 4. The medium of claim 2 wherein the randomized address space includes a shared library cache.
  - 5. The medium of claim 2 wherein receiving the request occurs while loading instructions into memory for an application and the application is dynamically linked to the object file.
  - 6. The medium of claim 1 further comprising:
    - determining the address of the function in the randomized address space using a set of just in-time (JIT) compiled instructions; and
      
      providing the address of the function in response to the request.
  - 7. The medium of claim 6 wherein determining the address of the function includes algorithmically deriving a mapping to the address of the function in the randomized address space.
  - 8. The medium of claim 7 wherein algorithmically deriving the mapping includes generating a permutation of a set of virtual addresses using a shuffling algorithm.
  - 9. The medium of claim 8 further comprising reproducing the permutation to generate debug information.
  - 10. The medium of claim 6 further comprising restricting access to the memory storing the JIT compiled instructions.
  - 11. The medium of claim 10 wherein restricting access includes loading the JIT compiled instructions into a random address in memory.
  - 12. The medium of claim 10 wherein restricting access includes preventing read access from the memory storing the JIT compiled instructions.

13. A data processing system comprising:
- one or more processors coupled to a memory device;
  
  a first process to execute on the one or more processors to request access to a shared library function stored in a randomized region of memory, the randomized region to include a random shuffling of multiple groups of pages, each of the multiple groups including one or more pages of memory;
  
  a linker to request an address of the shared library function in response to the request; and
  
  a mapping module to determine the address of the shared library function in the randomized region of memory.
- View Dependent Claims (14, 15, 16)
- - 14. The system as in claim 13 wherein the multiple groups of pages include one or more pages of virtual memory.
  - 15. The system as in claim 13 wherein the linker to request the address of the shared library function via a system call to an operating system kernel.
  - 16. The system as in claim 13 wherein the linker to request the address of the shared library function via a call to a JIT compiled function stored in a protected region of virtual memory.

17. An electronic device comprising:
- one or more processors coupled to a bus;
  
  coupled to the bus, a memory device to store a shared library cache; and
  
  a first process, stored on the one or more memory devices, to cause the one or more processors to allocate a block of protected virtual memory in response to a request from a second process, load an intermediate representation of instructions into the block of protected virtual memory, compile the set of instructions in the protected virtual memory using a just-in-time (JIT) compiler, and call the JIT compiled instructions to algorithmically derive the address in the randomized address space.
- View Dependent Claims (18, 19, 20)
- - 18. The electronic device as in claim 17 wherein the first process is associated with an operating system of the electronic device and the second process is associated with a user account on the electronic device.
  - 19. The electronic device as in claim 17 wherein the first process is further to receive the address of the function in the randomized address space, wherein the randomize address space is a shuffled address space, wherein the shuffled address space includes multiple clumps of memory, each clump including one or more pages of memory, wherein each clump is shuffled into the shuffled address space using a shuffle algorithm.
  - 20. The electronic device as in claim 19 wherein the shuffle algorithm includes a Fisher-Yates shuffle, a Knuth Shuffle, or a variant thereof.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Hughes, Gregory D., Cooper, Simon P., Vidrine, Jacques A., Allegra, Nicholas C.

Granted Patent

US 10,311,227 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/52   during program execution, e...

G06F 21/53   by executing in a restricte...

G06F 2221/033   Test or assess software

ASLR MAP OBFUSCATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ASLR MAP OBFUSCATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links