Timely Address Space Randomization (TASR)

Organization: MIT Lincoln Laboratory
Year: 2016

Timely Address Space Randomization (TASR) protects against the exploitation of software vulnerabilities by preventing attackers from using information leaks to hijack program control.

The homogeneity and uniformity of software applications have traditionally created an advantage for cyber attackers. These attackers can develop a single exploit against a software application and use it to compromise millions of instances of that application because all instances look alike internally. This problem is often referred to as the “software monoculture.” To counter this threat, modern operating systems have adopted randomization techniques, such as Address Space Layout Randomization (ASLR), that diversify the memory locations used by each instance of the application at the point at which the application is loaded into memory. ASLR is currently deployed in most modern operating systems including Linux, Windows, Mac OS, Android and iOS. TASR is the first technology that mitigates the impact of information leakage attacks regardless of their type and the underlying vulnerability contributing to their rise. TASR works by re-randomizing the layout (locations of contents) in memory on the fly while the application is running.