Oreo: Protecting ASLR Against Microarchitectural Attacks (Extended Version)

TL;DR

Oreo is a novel software-hardware co-design that enhances ASLR security by removing secret bits from virtual addresses before translation, effectively preventing microarchitectural side-channel attacks with minimal performance overhead.

Contribution

We introduce Oreo, a new memory mapping interface and hardware-assisted mitigation that significantly improves ASLR's resistance to microarchitectural attacks.

Findings

Oreo effectively prevents side-channel leaks of ASLR secrets.

Oreo incurs low performance overhead in Linux environments.

Prototyped on gem5, Oreo demonstrates practical security improvements.

Abstract

Address Space Layout Randomization (ASLR) is one of the most prominently deployed mitigations against memory corruption attacks. ASLR randomly shuffles program virtual addresses to prevent attackers from knowing the location of program contents in memory. Microarchitectural side channels have been shown to defeat ASLR through various hardware mechanisms. We systematically analyze existing microarchitectural attacks and identify multiple leakage paths. Given the vast attack surface exposed by ASLR, it is challenging to effectively prevent leaking the ASLR secret against microarchitectural attacks. Motivated by this, we present Oreo, a software-hardware co-design mitigation that strengthens ASLR against these attacks. Oreo uses a new memory mapping interface to remove secret randomized bits in virtual addresses before translating them to their corresponding physical addresses. This extra step hides randomized virtual addresses from microarchitecture structures, preventing side channels from leaking ASLR secrets. Oreo is transparent to user programs and incurs low overhead. We prototyped and evaluated our design on Linux using the hardware simulator gem5.