can ASLR tech help to build a hard template VM for Qubes?
https://securityetalii.es/2013/02/03/how-effective-is-aslr-on-linux-systems/
checksec.sh:
How important it is that all libs and executables are PIE-compiled?
Are 100% of the TVM PIE compliant?
Will ASLR-NG mitigate the ASLR-weaknesses?
The rerandomization should be fast enough or be able to detect some brute-force attacks.
There are other exploit-strategies, which sould be taken into account, so that the TVM is hard enough to resist the contact with the web (ebanking) - or the QAchitecture is adressing all of them?
Heap-Spraying?
Egg-Hunting?
ROP?
DEP?
SEHOP?
SafeSEZ?
Stack Cockies?
SEH overflows?
stack overflows?
or others?
It looks that there are many methods around to inject shellcode in some way...
https://www.corelan.be/index.php/2013/02/19/deps-precise-heap-spray-on-firefox-and-ie10/
Kind Regards
here is an interessting concept, in some way they reach the RAM randomization by one central DLL (for Windows Plattforms only), but it works direct on the fly for all apps and libs!!!
http://www.morphisec.com/how-it-works/
Wow, not bad!
This will be much more robust.
And in parallel they keep the honypot, to run the law enforcement procedures against intruders.
Here are some critical view to ASLR:
http://blog.morphisec.com/aslr-what-it-is-and-what-it-isnt/
But for sure, the randomization will need a good non-deterministic random generator and a fast random update sequence (in Seconds) because 4 GB are quite endless...
Would it makes sense to implement a similar fast not-deterministic randomization
tech into the Qubes to overcome some standard template vulnerabilities, with smart countermeasurements?
Kind Regards
Tails is also using ASLR security tech now...
https://fossbytes.com/tails-2-6-secure-linux-os-snowden-updated-tor-and-kernel/
Kind Regards