Further, the technique incurs a performance overhead of 7-13% during process startup and less than 1% overhead thereafter. The approach improves upon the protection of the best existing technique by an order of magnitude and with no more than 8 kilobytes lost to padding.
Our approach is to randomly permute the user stack, heap, and mmap allocations throughout the entire 3 gigabyte user address space. This thesis improves upon existing address randomization techniques by proposing and implementing a novel approach to increase the probabilistic protection provided by address obfuscation with performance overhead comparable to contemporary techniques and without the use of large pads. The relationship between protection and pad size forces system designers to choose between security and conservation of address space. To increase protection, the pad size need be increased, thereby wasting additional address space.
Padding limits the potential of existing techniques because pads are unused space. Address Space Layout Permutation: Increasing Resistance to Memory Corruption AttacksĪ key problem with current address obfuscation techniques is their use of randomly sized pads to shift the location of critical memory regions.
