SLeak: Automating address space layout derandomization

Christophe Hauser, Jayakrishna Menon, Yan Shoshitaishvili, Ruoyu Wang, Giovanni Vigna, Christopher Kruegel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

We present a novel approach to automatically recover information about the address space layout of remote processes in the presence of Address Space Layout Randomization (ASLR). Our system, dubbed Sleak, performs static analysis and symbolic execution of binary executable programs, and identifies program paths and input parameters leading to partial (i.e., only a few bits) or complete (i.e., the whole address) information disclosure vulnerabilities, revealing addresses of known objects of the target service or application. Sleak takes, as input, the binary executable program, and generates a symbolic expression for each program output that leaks information about the addresses of objects, such as stack variables, heap structures, or function pointers. By comparing these expressions with the concrete output of a remote process executing the same binary program image, our system is able to recover from a few bits to whole addresses of objects of the target application or service. Discovering the address of a single object in the target application is often enough to guess the layout of entire sections of the address space, which can be leveraged by attackers to bypass ASLR.

Original languageEnglish (US)
Title of host publicationProceedings - 35th Annual Computer Security Applications Conference, ACSAC 2019
PublisherAssociation for Computing Machinery
Pages190-202
Number of pages13
ISBN (Electronic)9781450376280
DOIs
StatePublished - Dec 9 2019
Event35th Annual Computer Security Applications Conference, ACSAC 2019 - San Juan, United States
Duration: Dec 9 2019Dec 13 2019

Publication series

NameACM International Conference Proceeding Series

Conference

Conference35th Annual Computer Security Applications Conference, ACSAC 2019
Country/TerritoryUnited States
CitySan Juan
Period12/9/1912/13/19

Keywords

  • Binary program analysis
  • Information leakage
  • Vulnerability discovery

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'SLeak: Automating address space layout derandomization'. Together they form a unique fingerprint.

Cite this