Adelie: continuous address space layout re-randomization for Linux drivers
Ruslan Nikolaev, Nadeem Hassan, Cathlyn Stone, Binoy Ravindran
Abstract
While address space layout randomization (ASLR) has been extensively studied for user-space programs, the corresponding OS kernel's KASLR support remains very limited, making the kernel vulnerable to just-in-time (JIT) return-oriented programming (ROP) attacks. Furthermore, commodity OSs such as Linux restrict their KASLR range to 32 bits due to architectural constraints (e.g., x86-64 only supports 32-bit immediate operands for most instructions), which makes them vulnerable to even unsophisticated brute-force ROP attacks due to low entropy. Most in-kernel pointers remain static, exacerbating the problem when pointers are leaked.
Topics & Concepts
Computer scienceRandomizationSpace (punctuation)Operating systemRandomized controlled trialSurgeryMedicineSecurity and Verification in ComputingAdvanced Malware Detection TechniquesNetwork Security and Intrusion Detection