aslr_什么是ASLR,它如何确保计算机安全?
aslr
Address Space Layout Randomization (ASLR) is a curity technique ud in operating systems, first implemented in 2001. The current versions of all major operating systems (iOS, Android, Windows, macOS, and Linux) feature ASLR protection. But in the past week, a new method of bypassing ASLR . So, should you be worried?
地址空间布局随机化(ASLR)是操作系统中使⽤的⼀种安全技术,于2001年⾸次实现。所有主要操作系统
(iOS,Android,Windows,macOS和Linux)的当前版本均具有ASLR保护。 但在过去的⼀周内,绕过
圣诞节是什么节
ASLR的新⽅法 。 那么,您应该担⼼吗?
To tho without a low-level programming background, ASLR can be confusing. To understand it, you must first understand virtual memory.
对于那些没有底层编程背景的⼈,ASLR可能会令⼈困惑。 要了解它,您必须⾸先了解虚拟内存。
什么是虚拟内存? (What Is Virtual Memory?)
Virtual Memory is a memory management technique with many benefits, but it was primarily created to make programming easier. Imagine you have Google Chrome, Microsoft Word, and veral other programs open on a computer with 4 GB of RAM. As a whole, the programs on this computer u much more than 4 GB of RAM. However, not all the programs will be active at all times, or need simultaneous access to that RAM.
虚拟内存是⼀种具有很多优点的内存管理技术,但其主要⽬的是简化编程。 假设您在具有4 GB RAM的计算机上打开了Google
Chrome,Microsoft Word和其他⼏个程序。 总体⽽⾔,此计算机上的程序使⽤的内存远远超过4 GB。 但是,并⾮所有程序始终都处于活动状态,或者需要同时访问该RAM。
The operating system allocates chunks of memory to programs called pages. If there is not enough RAM to store all the pages at once, the pages least likely to be needed are stored on the slower (but more spacious) hard drive. When the stored pages are needed, they’ll switch spaces with less necessary pages currently in RAM. This process is called paging, and lends its name to .深秋帘幕千家雨
操作系统将内存块分配给称为page的程序。 如果没有⾜够的RAM⼀次存储所有页⾯,则将最不需要的页⾯存储在速度较慢(但更宽敞)的硬盘驱动器上。 当需要存储的页⾯时,它们将切换RAM中当前具有较少必要页⾯的空间。 此过程称为分页,并将其名称借给 。
Virtual memory makes it easier for programs to manage their own memory, and also makes them more cure. Programs don’t need to worry about where other programs are storing data, or how much RAM is left. They can just ask the operating system for additional memory (or return unud memory) as necessary. All the program es is a single continuous chunk of memory address for its exclusive u, called virtual address. The program is not allowed to look at another program’s memory.
蜂皇浆的作用虚拟内存使程序更易于管理⾃⼰的内存,也使程序更加安全。 程序⽆需担⼼其他程序将数据存储在何处或剩余多少RAM。 他们可以根据需要向操作系统索要更多内存(或返回未使⽤的内存)。 程序只看到⼀个连续的内存地址块,供其专⽤,称为虚拟地址。 该程序不允许查看其他程序的内存。权益收益率
When a program needs to access memory, it gives the operating system a virtual address. The operating system contacts the CPU’s memory management unit (MMU). The MMU translates between virtual and physical address, returning that information to the operating system. At no point does the program directly interact with RAM.
毒瘾发作的症状当程序需要访问内存时,它将为操作系统提供⼀个虚拟地址。 操作系统与CPU的内存管理单元(MMU)联系。 MMU在虚拟地址和物理地址之间进⾏转换,然后将该信息返回给操作系统。 程序绝对不会直接与RAM交互。
什么是ASLR? (What Is ASLR?)
Address Space Layout Randomization (ASLR) is primarily ud to protect against buffer overflow attacks. In a buffer overflow, attackers feed a function as much junk data as it can handle, followed by a malicious payload. The payload will overwrite data the program intends to access. Instructions to jump to another point in code are a common payload. The famous , for example, ud a buffer overflow attack, prompting Apple to add ASLR to iOS 4.3.
地址空间布局随机化(ASLR)主要⽤于防⽌缓冲区溢出攻击。 在缓冲区溢出中,攻击者会向函数提供尽可能多的垃圾数据,然后是恶意的有效负载。 有效负载将覆盖程序打算访问的数据。 跳转到代码
另⼀点的指令是常见的有效载荷。 例如,著名使⽤了缓冲区溢出攻击,促使苹果将ASLR添加到iOS 4.3。
Buffer overflows require an attacker to know where each part of the program is located in memory. Figuring this out is usually a difficult process of trial and error. After determining that, they must craft a payload and find a suitable place to inject it. If the attacker does not know where their target code is located, it can be difficult or impossible to exploit it.
缓冲区溢出要求攻击者知道程序的每个部分在内存中的位置。 弄清这⼀点通常是⼀个反复试验的困难过程。 确定后,他们必须制造有效载荷并找到合适的位置进⾏注⼊。 如果攻击者不知道其⽬标代码位于何处,则可能很难或不可能利⽤它。
ASLR works alongside virtual memory management to randomize the locations of different parts of the program in memory. Every time the program is run, components (including the stack, heap, and libraries) are moved to a different address in virtual memory. Attackers can no longer learn where their target is through trial and error, becau the address will be different every time. Generally, applications need to be compiled with ASLR support, but this is becoming the default, and is even required on Android 5.0 and later.
ASLR与虚拟内存管理⼀起⼯作,以使程序在内存中不同部分的位置随机化。 每次运⾏程序时,组件(包括堆栈,堆和库)都将移⾄虚拟内存中的其他地址。 攻击者⽆法通过反复试验来了解⽬标所在,因为每次的地址都会不同。 通常,应⽤程序需要使⽤ASLR⽀持进⾏编译,但这已成为默认设置,甚⾄在Android 5.0及更⾼版本上也是如此。
那么ASLR仍然可以保护您吗? (So Does ASLR Still Protect You?)
Last Tuesday, rearchers from SUNY Binghamton and University of California, Riverside, prented a paper called . The paper details a way to attack the Branch Target Buffer (BTB). The BTB is part of the processor that speeds up if statements by predicting the outcome. Using the authors’ method, it is possible to determine locations of known branch instructions in a running program. The attack in question was performed on a Linux machine with an Intel Haswell processor (first relead in 2013), but could likely be applied to any modern operating system and processor.
上周⼆,来⾃纽约州⽴⼤学宾厄姆顿分校和加州⼤学河滨分校的研究⼈员发表了⼀篇名为“ 。 本⽂详细介绍了⼀种攻击分⽀⽬标缓冲区(BTB)的⽅法。 BTB是处理器的⼀部分,它通过预测结果来加速if语句。 使⽤作者的⽅法,可以确定正在运⾏的程序中已知分⽀指令的位置。 有问题的攻击是在装有Intel Haswell处理器(于2013年⾸次发布)的Linux计算机上进⾏的,但很可能会应⽤于任何现代操作系统和处理器。
甘愿造句
That said, you shouldn’t necessarily despair. The paper offered a few ways that hardware and operating system developers can mitigate this threat. Newer, fine-grain ASLR techniques would require more effort from the attacker, and increasing the amount of entropy (randomness) can make the Jump Over attack infeasible. Most likely, newer operating systems and processors will be immune to this attack.
押司是什么官
就是说,您不必⼀定感到绝望。 该⽂件提供了⼏种⽅法,可以使硬件和操作系统开发⼈员减轻这种威胁。 较新的细粒度ASLR技术将需要攻击者付出更多的努⼒,并且增加熵(随机性)的数量会使“越过攻击”变得不可⾏。 最有可能的是,更新的操作系统和处理器将不受此攻击的影响。
So what is left for you to do? The Jump Over bypass is new, and hasn’t yet been spotted in the wild. When attackers
exploit it, the flaw will increa the potential damage an attacker can cau on your device. This level of access isn’t unprecedented; Microsoft and Apple only implemented ASLR in their operating systems relead 2007 and later. Even if
this style of attack becomes commonplace, you won’t be any wor off than you were back in the days of Windows XP.
那么,什么是留给你做什么? 跳过跳过是新的,尚未被发现。 当攻击者利⽤它时,该缺陷将增加攻击者可能对您的设备造成的潜在损害。这种访问级别并⾮前所未有。 Microsoft和Apple仅在2007年及以后发布的操作系统中实现了ASLR。 即使这种攻击⽅式变得司空见惯,也不会⽐Windows XP时的情况更糟。
Keep in mind that attackers still have to get their code on your device to do any harm. This flaw does not provide them with any additional ways to infect you. As always, you should . U antivirus, stay away from sketchy websites and programs,
and keep your software up to date. By following the steps and keeping malicious actors off your computer, you’ll be as safe as you’ve ever been.
请记住,攻击者仍然必须在您的设备上获取其代码才能造成任何伤害。 此缺陷不会为他们提供任何其他⽅式来感染您。 与往常⼀样,您应该 。 使⽤防病毒软件,远离粗略的⽹站和程序,并使软件保持最新。 通过执⾏以下步骤并使恶意⾏为者远离计算机,您将像以往⼀样安全。
淑女玩鸟Image Credit: /Flickr
图⽚来源: / Flickr
aslr