Memory Management Techniques and Architectures

Segmentation

Memory is divided using segments, which are logical units in a process's virtual address space.

Pure Segmentation

Refers to managing memory solely through segments without paging.

Von Neumann Architecture

Characterised by the storage of both data and programs (instructions) in the same physical memory.

What architecture builds upon the Von Neumann structure?

Modified Harvard Architecture

In Modified Harvard Architecture, where are data and instructions initially stored?

In the same memory

What does Modified Harvard Architecture use for improved performance?

Separate caches and buses

Harvard Architecture

Features the separate storage of data and instructions in distinct memory locations.

Executable Space Protection (ESP)

A memory protection technique that works by marking parts of the memory address space as non-executable.

What is a buffer overflow?

A buffer overflow occurs when data exceeds a buffer's storage capacity.

What happens when an attempt is made to execute code in non-executable areas?

It will cause an exception, preventing malicious code from running.

What does ASLR stand for?

Address Space Layout Randomisation

What is the purpose of Address Space Layout Randomisation?

To reduce the likelihood of successful exploitation of buffer overflows.

What is a key requirement for the effectiveness of ASLR?

A suitable source of entropy (randomness)

What is another requirement for the effectiveness of ASLR?

A suitably large address space

What is the purpose of randomisation in ASLR?

To randomly arrange the address space positions of key parts of a process when it is loaded into memory.

Key Areas Randomised by ASLR

Typically includes the start of the executable, the base address space, the stack, the heap, and libraries.

NOP Ramps

Sequences of no-operation instructions that increase the chances of landing in executable code.

What is the basic concept of ASLR?

The memory layout of executable programs, libraries, and data structures in a process's address space is different each time it is loaded.

How does ASLR affect malicious code prediction?

ASLR makes it significantly harder for attackers to reliably predict the addresses where their injected malicious code will reside.

Return-to-libc Attacks

Attacks that involve jumping to existing code, which ASLR helps to mitigate by randomising memory addresses.

Software Implementation of ESP

ESP can be implemented in software (which may have a performance impact).

Hardware Implementation of ESP

ESP can be implemented more efficiently in hardware.

What does ESP stand for in the context of stack protection?

Extended Stack Protection

What do some versions of ESP protect?

The stack

What do other versions of ESP protect besides the stack?

Other memory regions