[llvm-dev] [RFC] Pagerando: Page-granularity code randomization
David Chisnall via llvm-dev
llvm-dev at lists.llvm.org
Thu Oct 11 00:29:43 PDT 2018
On 11 Oct 2018, at 03:37, Stephen Crane via llvm-dev <llvm-dev at lists.llvm.org> wrote:
>
> Pagerando is an improvement over ASLR; it is certainly not intended as
> a replacement for CFI. Pagerando instead complements CFI as a defense
> in depth by making it harder to reliably exploit unconstrained (legacy
> code w/o CFI) and weakly-constrained (e.g. those that require many
> targets w/CFI) branches.
Perhaps I am missing something, but if the low 12 bits of an address are not modified between runs then, for the newer ROP attacks that perform partial pointer overwrites, this leaves you with 4 bits of useful entropy. If you try this attack on 100 devices then you will, on average, compromise at least 12 of them. That doesn’t sound like it gives very much security.
David
More information about the llvm-dev
mailing list