How to Make ASLR Win the Clone Wars: Runtime Re-Randomization

What did we do? RuntimeASLR 2 • We re-randomize the memory layout of the cloned (i.e., forked) processes at runtime Parent Child fork() code data code data In this talk, I will explain… • Why we need to re-randomize cloned processes? -To prevent clone-probing attacks • How to re-randomize them? -A semantic-preserving and runtime-based approach • What are the results? -Defeated clone-probing, e.g., Blind ROP attack -No performance overhead to cloned processes Background -ASLR • Address Space Layout Randomization (ASLR) -Mitigating code reuses attacks, privilege escalation, and information leaks RuntimeASLR 4 code data Run 1 code data Run 2 code data Run 3