When you usually think about security on the computer, you tend to think of software first. As an end user that is mostly what you experience when a security failure happens on your system. At least that is what you think that you see. Most people do not understand what is going on under the hood of the computer that they use every day. They do not realize that along with the software that they use on the system, there are computations going on underneath the surface as well. And if you want to be able to secure that system that you are using, you better hope that the people who made it also had security on the mind when they were dealing with parts of the system that was outside of the user space.
There are a lot of techniques that are out now that are well known to help make your system run safer. It has taken the vendors who create the systems a while to get on board with some of these techniques but it is slowly happening. One technique that is starting to come into wide usage is the ASLR technique. The letters ASLR stand for Address Space Layout Randomization. This is a very useful technique for when you are dealing with how certain sensitive parts of the kernel deal with being laid out in memory.
In the past when an attacker had a clever attack that they were trying to use on your system, they could use the memory addresses of well known components that were installed in almost every computer system. For example most systems have a copy of the C library already installed. Well since an attacker knew that most systems already had that particular library installed, that was a known memory address that they could exploit. And the C library was not the only one. Depending on what system you were on, there were a lot of libraries and software that would stay consistent when it came to what memory address that they were occupying.
So now that most mainstream systems have added protection such as ASLR that type of attack was no longer a problem right? Wrong. In recent years the computers that we use have changed. We are using what would have been considered supercomputers only ten years ago. Now we are in a multi core era where we are dealing with systems that have a lot of power to them. But not only are we dealing with more cores, we are dealing with additional CPUs. But these CPUS go by a different name. They are known as GPUs and they are used for the processing of the graphics that you see on your computers and on your mobile phones.
Recently these GPUs have been under attack as well. They are used just like CPUs are and even though they are supposed to be only used for graphics; they can be used for other parts of the system as well. They are attractive to the bad guys because they are able to process numbers faster than the normal CPU on your computer can. There are a lot of attacks that you can pull off with that kind of power. So to prevent attacks from happening to the GPU, they have initialized ASLR on it as well. So now you are starting to see a lot of GPU’s on the market advertise that they have ASLR capabilities.
A step like this was needed by the graphics card industry. You need to shut down any back door that you can when it comes to black hat hackers.