Address Space Randomization for Mobile Devices

[Nytro]

Address Space Randomization for Mobile Devices

Hristo Bojinov

Stanford University

Dan Boneh

Stanford University

Rich Cannings

Google, Inc.

Iliyan Malchev

Google, Inc.

ABSTRACT

Address Space Layout Randomization (ASLR) is a defen-

sive technique supported by many desktop and server oper-

ating systems. While smartphone vendors wish to make it

available on their platforms, there are technical challenges

in implementing ASLR on these devices. Pre-linking, lim-

ited processing power and restrictive update processes make

it difficult to use existing ASLR implementation strategies

even on the latest generation of smartphones. In this paper

we introduce retouching, a mechanism for executable ASLR

that requires no kernel modications and is suitable for mo-

bile devices. We have implemented ASLR for the Android

operating system and evaluated its eectiveness and per-

formance. In addition, we introduce crash stack analysis,

a technique that uses crash reports locally on the device,

or in aggregate in the cloud to reliably detect attempts to

brute-force ASLR protection. We expect that retouching

and crash stack analysis will become standard techniques in

mobile ASLR implementations.

Download:

http://bojinov.org/professional/wisec2011-mobileaslr-paper.pdf