A Survey of Research on Runtime Rerandomization under Memory Disclosure

Abstract

In current software environments, code injection attacks have been better defended. But it also forced attackers to use the code already exist in memory to construct code-reuse attack, making code-reuse attack become the focal point of the new round of offensive and defensive games. As an important defense against attacks based on address space layout, code randomization technology effectively defends code-reuse attack by randomizing memory address space. The ASLR proposed by the Pax team is now used by most operating systems. However, due to memory disclosure, the security premise of code randomization has been broken. Therefore, in order to effectively defend against code-reuse attack, the current code randomization technology needs to improve the ability to resist memory disclosure. This paper mainly discusses the current randomization scheme in the context of memory disclosure and summarizes the future development direction of current code randomization technology.