Oreo: Protecting ASLR Against Microarchitectural Attacks
Shixin Song
Network and Distributed System Security (NDSS) Symposium 2025 · Day 1 · System-Level Security
Address Space Layout Randomization (ASLR) is a cornerstone software security mechanism, widely deployed across modern operating systems like Linux, Windows, and macOS. Its primary objective is to randomize the memory locations of key program components, such as executables, libraries, heaps, and stacks, thereby making it significantly harder for attackers to predict the addresses of sensitive code or data. This unpredictability acts as a crucial barrier against common exploitation techniques, particularly code reuse attacks like Return-Oriented Programming (ROP), which rely on knowing the precise memory locations of gadgets.
AI review
Oreo is legitimate systems security research attacking a real, well-documented problem — kernel ASLR being 'comprehensively compromised' per Project Zero — with a novel architectural primitive rather than another software patch over a hardware wound. The mask memory layer concept is clean, the Spectre dilemma is identified and honestly addressed rather than swept under the rug, and 0.11% CPI overhead on SPEC is a number that matters to anyone who's watched good mitigations die on the performance altar.