@article{Yan2019, 
author = {Fei Yan and Kai Wang},
title = {Leakage Is Prohibited: Memory Protection Extensions Protected Address Space Randomization},
year = {2019},
journal = {Tsinghua Science and Technology},
volume = {24},
number = {5},
pages = {546-556},
keywords = {Address Space Layout Randomization (ASLR), Intel Memory Protection Extensions (MPX), code reuse attack},
url = {https://www.sciopen.com/article/10.26599/TST.2018.9010128},
doi = {10.26599/TST.2018.9010128},
abstract = {Code reuse attacks pose a severe threat to modern applications. These attacks reuse existing code segments of vulnerable applications as attack payloads and hijack the control flow of a victim application. With high code entropy and a relatively low performance overhead, Address Space Layout Randomization (ASLR) has become the most widely explored defense against code reuse attacks. However, a single memory disclosure vulnerability is able to compromise this defense. In this paper, we present Memory Protection Extensions (MPX)-assisted Address Space Layout Randomization (M-ASLR), a novel code-space randomization scheme. M-ASLR uses several characteristics of Intel MPX to restrict code pointers in memory. We have developed a fully functioning prototype of M-ALSR, and our evaluation results show that M-ASLR: (1) offers no interference with normal operation; (2) protects against buffer overflow attacks, code reuse attacks, and other sophisticated modern attacks; and (3) adds a very low performance overhead (3.3%) to C/C++ applications.}
}