There Are Too Many Holes Being Found In ASLR/DEP Security

When people think of a battle, they always think about in terms of a winner and a loser. They think of war as a black and white object that you can hold and it will always be the same. That is not always the case. A battle can have many different outcomes. Sometimes when you think that you have lost, in reality you have won and the same goes for when you have won. Sometimes you think that you have won when in reality you have lost.

holes-in-ASLR

But sometimes in a battle, you are not fighting to win or lose; you are just fighting to stay in the game. There are times when you go to battle that you know that there is no way that you are going to win it. So you instead do your best and try to fight. And you want to keep the fight going as long as you can. So to do this you pretty much counter act every move that your opponent makes knowing that soon they will make another move to counter yours. Both sides keep on doing this and the battle never stops because it is always joined by new people.

This is what the computer security war is like. It is a battle that never stops because it is a war that is fought by too many people with big brains. There is always going to be someone who is smart that comes up with a way to beat the security system that you have in place no matter how good you think it is. It might not be beaten in that moment but somewhere down the road both the equipment being used and the people using the equipment are going to catch up to your security tool.

This is being seen now when it comes to the latest tools to help protect your operating system. The latest tools in the fight to stop parts of the memory, which were supposed to be exclusive from outside software, from being exploited and letting third party malware run wild. These tools are known as ASLR and DEP. In the rest of the article we will introduce you to these two new technologies and then talk about how black hat hackers are taking advantage of them. This is battle that is going to go on for a long time and now it is time for new security precautions to come on the scene.

What is ASLR?

The letters ASLR stand for Address Space Layout Randomization. This is an attempt to stop attackers from being able to guess where they are going to place their attack vectors at in the memory space. What it does is allow the operating system to mix up where the parts of the program are stored in memory.

This is useful because when a shell code attack happens, the attacker depends on knowing the address of where the malware is at in memory for execution purposes. We are not going to go into how you count memory address in this article but believe me, it can be complicated. So since the ASLR is operational, the attack cannot go according to plan. The only way that the attack now works is if the attacker gets lucky and guesses the right place in memory where the malware actually loaded. There are ways around this protection that we will talk about later.

The DEP attack

The letters DEP stand for Data Execution Prevention. This security measure stops pieces of malware from being able to execute in parts of the memory where it is walled off from. In every computer system there are parts of the memory that is needed for critical operations to be able to run. These parts of the memory are not supposed to be able to run any programs except for the ones that have special permissions from the operating system. There is malware out there that has found their way around such limitations. DEP is designed to stop this. It makes sure that all the areas that are mapped off to outside programs stay that way.

Ways around these limitations

The bad guys have found ways around these protections by using techniques such as ROP. ROP stands for Return Orientated Programming. It uses the stack of a program to be able to point to a portion of memory where malware is stored at. While this is one of the most effective ways of getting around the security techniques talked about earlier it is not the only way. There are new techniques that are being released all of the time.

There is no winning when it comes to the war of computer security. Each side is at a stalemate. Every time the good guys come up with a protection scheme the bad guys find a way to break it. This will keep going and going until all systems are completely closed off.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind

*