AI

Address space randomization for mobile devices

Abstract

Address Space Layout Randomization (ASLR) is a defensive technique supported by many desktop and server operating systems. While smartphone vendors wish to make it available on their platforms, there are technical challenges in implementing ASLR on these devices. Pre-linking, limited processing power and restrictive update processes make it dicult to use existing ASLR implementation strategies even on the latest generation of smartphones. In this paper we introduce retouching, a mechanism for executable ASLR that requires no kernel modi cations and is suitable for mobile devices. We have implemented ASLR for the Android operating system and evaluated its e ectiveness and performance. In addition, we introduce crash stack analysis, a technique that uses crash reports locally on the device, or in aggregate in the cloud to reliably detect attempts to brute-force ASLR protection. We expect that retouching and crash stack analysis will become standard techniques in mobile ASLR implementations.