China
Africa
Explore chapters and articles related to this topic
War of Control Hijacking
Published in Uzzal Sharma, Parmanand Astya, Anupam Baliyan, Salah-ddine Krit, Vishal Jain, Mohammad Zubair Khan, Advancing Computational Intelligence Techniques for Security Systems Design, 2023
Ragini Karwayun, Monika Sainger
ASLR is a very popular and widely used protection technique that prevents various exploits by randomizing the memory address space layout of processes. Unlike source code analysis tools, discussed in the previous section, which focus on providing security by getting rid of vulnerabilities from the system, ASLR tries to make the process of exploitation more difficult. The security provided by ASLR depends on multiple factors [22], such as the predictability of randomization of memory layout, the effect random memory addresses have on the exploitation technique and number of attempts an attacker can try. ASLR degenerates code execution attacks into denial-of-service attacks by crashing the application. The ASLR has multiple implementations, each having its own improvisation in performance and security coverage between them.
Attacking Smartphone Security and Privacy
Published in Georgios Kambourakis, Asaf Shabtai, Constantinos Kolias, Dimitrios Damopoulos, Intrusion Detection and Prevention for Mobile Ecosystems, 2017
Vincent F. Taylor, Ivan Martinovic
Sandboxing is a well-known security mechanism that is also used on smartphone operating systems for separating running programs. Apps running in a sandbox may only access a tightly controlled set of resources as arbitrated by the operating system. Any additional resources required are accessed through well-defined APIs and, in many cases, apps need to have their intentions to access “third-party” resources declared, a priori, to the operating system. DEP is another feature borrowed from modern computer operating systems for use on smartphones. DEP demarcates areas of memory as containing data that is executable or nonexecutable. This protects against malicious exploits such as buffer overflow attacks that store executable instructions in a data area of memory. ASLR is typically combined with DEP for even greater security. ASLR randomizes the addresses for key memory areas such as the base of the executable file as well as the stack, heap, and relevant libraries. This makes it very difficult for an attacker to correctly jump to an exploited function in memory and protects against buffer overflow attacks. Verified boot is a hardware and/or software technique concerned with restricting the software that can run on the device during boot up. Verified boot typically only allows software cryptographically signed by the manufacturer to run on the device. This provides an additional layer of security since it detects and prevents potentially compromised software from running on critical parts of the system. In iOS, a secure boot chain ensures that low-level software has not been tampered with and that the iOS will only run on validated Apple devices [9].
The Flat Tire of Antivirus Technologies
Published in Rocky Dr. Termanini, The Nano Age of Digital Immunity Infrastructure Fundamentals and Applications, 2018
AVT software is incredibly invasive when it steps into the privileged areas of system memory. An antivirus, in an attempt to catch viruses before they can infect your system, forcibly hooks itself into other pieces of software on your computer, such as your browser, word processor, and even the operating system (OS) kernel. O’Callaghan gives one particularly shocking example: “Back when we first made sure ASLR was working for Firefox on Windows, many AV vendors broke it by injecting their own ASLR-disabled DLLs into our processes.” ASLR, or address-space layout randomization, is one of the better protections against buffer overflow exploits.
Optimization of virtual machines performance using fuzzy hashing and genetic algorithm-based memory deduplication of static pages
Published in Automatika, 2023
N. Jagadeeswari, V. Mohanraj, Y. Suresh, J. Senthilkumar
Vano Garcia et al. (2018) performed a kernel randomization technique for cancelling memory deduplication [26]. The memory deduplication paradigm is rendered useless by the address space layout randomization (ASLR) safeguard method, is a key example. The authors of this research provided a detailed investigation of how the address kernel randomization technique affects the memory deduplication technique. The findings show that the memory cost for running 24 kernels increases by 534% when kernel ASLR is enabled (from 613 MiB to 3.9 GiB). In tests where the host is running 24 virtual machines, 44.89 % of the memory pages depend on kernel randomization. The stopping of memory sharing is due to these pages. The addresses of kernel components, which alter each time the computer boots, are among their contents. The memory deduplication technique is unable to share them when kernel randomization is enabled because each virtual machine’s contents differ. The memory saving rate decreases by about 50% when the kernels of guest virtual machines are not randomly generated. As a consequence, the memory needed to run the kernel of the virtual machines is severely increased.