Securely Sharing Randomized Code That Flies

Address space layout randomization was a great role model, being light-weight defense technique that could prevent early return-oriented programming attacks. Simple yet effective, address quickly widely adopted. Conversely, today only trickle of techniques arebeing integrated or adopted mainstream. As code reuse attacks have evolved in complexity, defenses strived to keep up. However, do so, many had take unfavorable tradeoffs like using background threads protecting subset sensitive code. In reality, these were unavoidable steps necessary improve the strength state art. this article, we present Mardu , an on-demand system-wide runtime re-randomization capable scalable protection application as well shared library most forgone. We achieve sharing with diversification by implementing reactive and rather than continuous one-time diversification. Enabling further removes redundant computation tracking patching, along memory overheads required prior techniques. its baseline state, transformations needed for security hardening incur reasonable performance overhead 5.5% on SPEC minimal degradation 4.4% NGINX, demonstrating applicability both compute-intensive real-world applications. Even when under attack, adds from less 1% up 15% depending size complexity.