ASLR: What It Is and How It Protects You
As hackers and cybercriminals become more sophisticated, so does the security designed to protect against them.
Computer-security specialists are constantly working on new ways to protect against malware and other types of security problems. One technique in use since 2001 is called address space layout randomization.
What is address space layout randomization?
Address space layout randomization (ASLR) is a way to strengthen a computer's security by increasing the number of areas where system files and programs are loaded into running memory, which is a popular target of hackers.
Instead of focusing on fixing a computer's known software vulnerabilities, ASLR makes those vulnerabilities harder to exploit by making them harder to find.
Specifically, ASLR protects against buffer-overflow attacks by randomizing the memory layout of a running program.
Before the use of ASLR, files and applications loaded themselves into predictable places in the running memory, also known as the computer's RAM, making them easy targets for attackers.
Now, when trying to attack computers that use ASLR, hackers and cybercriminals have to guess exactly the right positions — technically speaking, address spaces — of all of the files or programs they are trying to exploit.
In addition to making running software difficult to find, ASLR also often crashes applications that cybercriminals are trying to attack.
The effectiveness of ASLR is directly related to the amount of bits used in the randomization process. When using ASLR, a 64-bit system, which has many more random possibilities, will be more secure than a 32-bit system.
In most cases, ASLR works in tandem with data execution prevention (DEP), which prevents certain aspects of a computer's memory from being accessed.
While either technique can be used on its own, when combined they provide the strongest line of defense.
What uses ASLR?
ASLR was first developed in 2001 as a security patch for Linux systems, but wasn't widely used until 2007, when it was partly built into the Microsoft Windows Vista operating system.
Due to the implementation, malware that was effective on Windows XP systems had just a 1 in 256 chance of working on Vista. The use of ASLR has been expanded in Windows 7 and Windows 8.
Apple began using partial implementations of ASLR in with Mac OS X 10.5 Leopard, and has gradually increased its usage with each new version of OS X.
As of 2011, Apple iOS and Google Android mobile devices also use ASLR.