Skip to main content

Entry 3: Rerandomizing to beat cyberattacks

WannaCry Ransomware

Terms

ASLR- address space layout randomization: diversifying memory locations for an application
TASR- timely address space randomization: randomization occurring alongside input-output pairs

The Threat

Modern IT specialists are constantly on the defense against hackers and are often at a disadvantage due to the arsenal of tools at the disposal of their rivals. Hackers just need to find a single solution to crack into a network or a device, while the good guys have to anticipate and protect against a plethora of vulnerabilities. (1) It has been estimated that malware attacks cost companies an average of $2.5 million and that in the United States the average cyber crime costs companies $21.22 million. (2) With the prevalence and severity of such crimes on the rise, the job of defending against such attacks has also become a top priority for both public and private industry alike.

IT specialists have traditionally fallen back on a technique called randomization, specifically address space layout randomization (ASLR). ASLR diversifies the memory locations for an application each time the application is loaded into memory so that hackers are not able to create one 'hack-all' solution to defeat security measures. However, in response hackers have created information leakage attacks that will uncover randomization and open up applications to a modified attack.

The Solution

Instead of randomizing at set time intervals, TASR, or timely address space randomization, makes it harder for hackers to succeed by randomization whenever processing input and output. With this technique, hackers are not able to anticipate an exploitation window. Other advantages of TASR include compatibility with C language, backward compatibility with legacy systems, and no need for additional hardware. (1)

Relation to CMSC

As we've learned in CMSC 150, when an application is opened it is loaded into RAM where it takes a memory location, and then is run by the operating system. What randomization techniques do is change memory cells for the application running so that hackers aren't able to extract information leakage. To see different examples of address space, click this link.


References

(1) http://news.mit.edu/2016/foiling-cyber-attackers-rerandomization-1209

(2) https://www.securitymagazine.com/articles/88338-cyber-crime-costs-117-million-per-business-annually

Comments

  1. It sounds like it's such a simple solution to just randomize the location of the memory to avoid being hacked, it's crazy how places like Target still cannot retain their security and prevent major hacking. I wonder if it's more of an expense thing to protect user information or if it is just a lot harder than it sounds with a lot of cryptography and other encoding methods to protect information.

    ReplyDelete

Post a Comment

Popular posts from this blog

Entry 5 - Protecting Anonymity

Terminology TOR- "the onion router" or the idea of wrapping a communication in several layers of encryption Mixnet - series of servers that changes the order in which messages are sent and received before being delivered Staying under the radar Privacy comes in many different forms when we think of the internet. Most people are probably familiar with the idea of private accounts on social media, being able to restrict who sees what you post, and private browsing options on things like Google Chrome and Safari. The word privacy in these cases is a matter of personal comfort and a sense of security, but what if your actual safety depended on this privacy ? Would you trust Facebook, or your favorite web browser to safeguard your anonymity? Probably not. Countries around the world practicing internet censorship obviously don't support internet privacy and so anyone interested in skirting these censors has to find another, safer way to achieve privacy, or r...

Entry 1 - Defending the IoT

T he internet of things, or IoT, is getting a lot of attention with the exploding popularity of smart home devices and general connectedness of the world in general, but what exactly is it and how safe is it? What is IoT IoT can be summarized as the network of devices equipped with electronics, sensors, software and connectivity that allows them to send information to, and receive information from other IoT devices. The super popular Nest home thermostat for example, is on the IoT because it senses temperature in the home, adjusts settings on your A/C or heating units, and relays this information via the internet to your mobile device. Beyond the home it utilizes information on weather conditions and forecasts from weather stations in the area. Now example this small scale application of the IoT on an enormous scale. The thermostat is now controlling the heating and cooling in laboratories at the CDC. Any unwanted variation in temperature could have potentially disastrous ...

Entry 4 - Location, location, location...

The Anonymity of Location Services The advent of the cell phone and subsequently the smartphone has put a world of knowledge at our fingertips. Recipes, maps, music and much more are just a few clicks away, whenever we want them, wherever we want them. This is great for productivity and connectivity, but herein lies the danger to our privacy. Location services drive much of the functionality and enhance the user's experience on many of today's most popular apps, specifically social media applications. Apps encourage "checking in" and "tagging" people and locations attached to posts, and users often accept the risk of sharing their information because of " hyperbolic discounting" , where people focus on the immediate benefit and discount future risk. (3) Some users chose to disable location services, an option that should t heoretically make a user's location private, but recent studies show that this might be a false sense of security....