1. 4

  2. 2

    At the pace of the deployment of low-resources devices. It is great to see effort to add security on embedded devices. I also learned about ASLR. Thanks fro!

    1. 2

      It is good to see a paper that:

      1. makes an analysis of the real-world situation
      2. actually makes sense of the situation
      3. proposes an alternative
      4. implements the alternative for real
      1. 2

        I’m underwhelmed by the “C” approach to security based on crashing as fast and as hard as possible. ASLR, DEP, guards, canaries, pointer tagging, all start with an assumption that the program can’t guarantee memory safety in the first place.

        1. 1

          It looks particularly true with C, but I’d extend this to: It’s good not /only/ rely on the absence of breaches.

          I think of it like using SSH without authentication and null encryption for the local network. Regardless how strong the routers are, I’d still keep key-based authentication.

          That being said, “we still need good routers” : if we can avoid “memory bugs”, then good!

      2. 2

        In more detail, the Linux and PaX (FreeBSD, HardenedGentoo and others use the PaX ASLR approximation) ASLR designs rely on the same core ideas, in that they define four partial-VM areas: (1) stack, (2) libraries/mmaps, (3) executable and (4) heap.

        FreeBSD’s implementation:

        1. Is disabled by default.
        2. Is ASR, not ASLR (ASR does not use deltas, whereas ASLR does).
        3. Is incomplete, and therefore cannot be relied upon in academia.
        4. Building applications as PIEs in FreeBSD is disabled by default.
        5. They incorrectly list FreeBSD in the PaX list–it’s HardenedBSD (a derivative of FreeBSD that aims to provide the BSD community with a clean-room reimplementation of the publicly-documented bits of the PaX/grsecurity patchset) that uses the PaX model. As mentioned previously, FreeBSD is working on their own ASR implementation.
        1. 2

          I noticed this mistake as well but I knew you or someone else here would be able to clear up any confusion around that. I’m curious to know your thoughts on the rest of the paper once you have time to read it.

          1. 2

            I’ve added it to my “thorough reading” list. Problem is, that list is growing exponentially and hopelessly. I think I have enough in my list to last me a few years now. ;)