Predictable Paths: Novel ASLR Bypass Methods and Mitigations
Address Space Layout Randomization (ASLR) is a widely adopted mitigation designed to protect systems against memory corruption attacks by randomizing memory addresses of critical regions; however, its effectiveness is limited by inherent design flaws and platform-specific vulnerabilities. This paper...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/11030573/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850219126277013504 |
|---|---|
| author | Bramwell Brizendine Bhaskar P. Rimal |
| author_facet | Bramwell Brizendine Bhaskar P. Rimal |
| author_sort | Bramwell Brizendine |
| collection | DOAJ |
| description | Address Space Layout Randomization (ASLR) is a widely adopted mitigation designed to protect systems against memory corruption attacks by randomizing memory addresses of critical regions; however, its effectiveness is limited by inherent design flaws and platform-specific vulnerabilities. This paper introduces a novel methodology for bypassing ASLR on modern, 64-bit Windows systems, focusing on High Entropy ASLR. By using Return-Oriented Programming (ROP) and exploiting predictable internal Windows structures such as the Process Environment Block (PEB) and module lists, the paper demonstrates how base addresses from three system DLLs can be disclosed reliably on virtually all modern Windows systems. These techniques negate ASLR’s protections and allow the attack surface for ROP to be expanded, to include Kernel32.dll, Kernelbase.dll, and NTDLL.dll. This research provides nine original bypass approaches, each validated across Windows versions from 7 to 11, each one working without error in our tests. These findings demonstrate weaknesses in current ASLR implementations in Windows. These ASLR bypasses demonstrate the need for stronger mitigations, such as hardened internal data structure layouts and access control enhancements. Exploit mitigation can be improved and advanced by the future defenses that stem from this research. |
| format | Article |
| id | doaj-art-401f36a182f84a6ea848d2bf6e1ebf7a |
| institution | OA Journals |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-401f36a182f84a6ea848d2bf6e1ebf7a2025-08-20T02:07:28ZengIEEEIEEE Access2169-35362025-01-011310278410280210.1109/ACCESS.2025.357860211030573Predictable Paths: Novel ASLR Bypass Methods and MitigationsBramwell Brizendine0https://orcid.org/0000-0003-0320-9208Bhaskar P. Rimal1https://orcid.org/0000-0001-7680-9293Department of Computer Science, The University of Alabama in Huntsville, Huntsville, AL, USADepartment of Computer Science, University of Idaho, Moscow, ID, USAAddress Space Layout Randomization (ASLR) is a widely adopted mitigation designed to protect systems against memory corruption attacks by randomizing memory addresses of critical regions; however, its effectiveness is limited by inherent design flaws and platform-specific vulnerabilities. This paper introduces a novel methodology for bypassing ASLR on modern, 64-bit Windows systems, focusing on High Entropy ASLR. By using Return-Oriented Programming (ROP) and exploiting predictable internal Windows structures such as the Process Environment Block (PEB) and module lists, the paper demonstrates how base addresses from three system DLLs can be disclosed reliably on virtually all modern Windows systems. These techniques negate ASLR’s protections and allow the attack surface for ROP to be expanded, to include Kernel32.dll, Kernelbase.dll, and NTDLL.dll. This research provides nine original bypass approaches, each validated across Windows versions from 7 to 11, each one working without error in our tests. These findings demonstrate weaknesses in current ASLR implementations in Windows. These ASLR bypasses demonstrate the need for stronger mitigations, such as hardened internal data structure layouts and access control enhancements. Exploit mitigation can be improved and advanced by the future defenses that stem from this research.https://ieeexplore.ieee.org/document/11030573/Address space layout randomization (ASLR)code-reuse attacksexploit mitigationhigh entropy ASLRreturn-oriented programming (ROP)return-to-libc attacks |
| spellingShingle | Bramwell Brizendine Bhaskar P. Rimal Predictable Paths: Novel ASLR Bypass Methods and Mitigations IEEE Access Address space layout randomization (ASLR) code-reuse attacks exploit mitigation high entropy ASLR return-oriented programming (ROP) return-to-libc attacks |
| title | Predictable Paths: Novel ASLR Bypass Methods and Mitigations |
| title_full | Predictable Paths: Novel ASLR Bypass Methods and Mitigations |
| title_fullStr | Predictable Paths: Novel ASLR Bypass Methods and Mitigations |
| title_full_unstemmed | Predictable Paths: Novel ASLR Bypass Methods and Mitigations |
| title_short | Predictable Paths: Novel ASLR Bypass Methods and Mitigations |
| title_sort | predictable paths novel aslr bypass methods and mitigations |
| topic | Address space layout randomization (ASLR) code-reuse attacks exploit mitigation high entropy ASLR return-oriented programming (ROP) return-to-libc attacks |
| url | https://ieeexplore.ieee.org/document/11030573/ |
| work_keys_str_mv | AT bramwellbrizendine predictablepathsnovelaslrbypassmethodsandmitigations AT bhaskarprimal predictablepathsnovelaslrbypassmethodsandmitigations |