Address space layout randomization (ASLR) is a computer security technique which involves randomly arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, in a process's address space.
This is the description from Wikipedia.
Is it fair to estimate effectiveness of ASLR in two different OS by estimating the "randomness" of the po开发者_开发问答sitions of the key data areas?
Are there any other measurable factors by which we can compare ASLR effectiveness? Any tips on how to proceed?
I can think of several parameters that ASLR can implement in different degrees.
The variance of address randomization
The spatial "stickiness" of this randomization - how long do the address remain fixed
The temporal "stickiness" of this randomization - in how many objects e.g. processes does the address stay the same
The performance penalty during exe load
The runtime performance penality
The degree to which it break legacy coding practices (how ever bad they maybe)
It reliance on hardware features (memory protection, virtual memory)
The "wastage" of virtual address space
A requirement for recompilation of kernel or lack there of
A requirement for recompilation of other system support modules
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论