Also nice is Tsukasa Oi's pictorial representation of Android's ASLR implementation.
http://twitter.com/a4lg/status/225638179619864577 pic: http://twitpic.com/a921fm/full -- Nick On Sat, Jul 21, 2012 at 11:28 AM, Jeffrey Walton <[email protected]> wrote: > I think Oberheide reiterated a lot of what Nick posted earlier, and > added a few talking points. Since the subject was "Exploit > Mitigations," topics such as app encyption were not discussed. > > https://blog.duosecurity.com/2012/07/exploit-mitigations-in-android-jelly-bean-4-1/ > > It’s been a few months since our analysis of the new ASLR support in > Android ICS 4.0. Given that ICS 4.0 is old news now with the recent > release of Jelly Bean 4.1, I thought it was about time to give an > update on the ASLR capabilities as well as cover some of the other > improvements in exploit mitigations present in Jelly Bean. > As a quick recap of the current state of ASLR in Android ICS: > > "For the uninitiated, ASLR randomizes where various areas of memory > (eg. stack, heap, libs, etc) are mapped in the address space of a > process. Combined with complementary mitigation techniques such as > non-executable memory protection (NX, XN, DEP, W^X, whatever you want > to call it), ASLR makes the exploitation of traditional memory > corruption vulnerabilities probabilistically difficult..." > > Unfortunately, the ASLR support in Android 4.0 did not live up to > expectations and is largely ineffective for mitigating real-world > attacks, due to the lack of randomization of the executable and linker > memory regions. It also would be beneficial to randomize the heap/brk > by setting kernel.randomize_va_space=2. > So, things weren’t in great shape. Despite those deficiencies, Android > has stepped its game up mitigation-wise in the new Jelly Bean release. > Read on for the full details! > ... > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- Nick Kralevich | Android Security | [email protected] | 650.214.4037 -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
