RSSM: Why is RunSafe’s load-time function randomization better for control flow integrity than address space layout randomization?

Learn how to secure software and ensure control flow integrity with load-time function randomization as part of RunSafe’s state-of-the-art technology.

RunSafe’s Load-time Function Randomization for Control Flow Integrity and Secure Software Development

Each time your program or library loads, we redefine the game by meticulously randomizing the order and layout of all the code within that binary or library. Unlike conventional address-based layout randomization, our approach operates at an exceptionally high granularity, providing an extensive range of possible permutations that enhance security and ensure control flow integrity.

ASLR often involves moving an entire program as one large chunk, making it vulnerable to exploitation in the presence of even a single information leak. Our Secure Randomization (SR) takes a distinctive path, creating a formidable challenge for attackers attempting to reverse engineer the code’s memory layout. Even if there’s an information leak, deciphering the specific order of functions becomes a monumental task due to the vast number of possible permutations.

Consider the factorial of the number of functions in most programs—often exceeding 200. The result is an astronomical number of potential orderings, surpassing the number of atoms in the universe multiple times over. Our load-time function randomization offers unparalleled security, ensuring that leaked addresses don’t immediately translate into exploitable vulnerabilities and enhancing secure software development.

In complementing address space layout randomization, our functionality adds an extra layer of security. For systems already implementing ASLR, we seamlessly enhance your overall protection. If you lack ASLR, as evident in VxWorks 6.9, our randomization becomes an essential shield against potential threats.

Comparing our load-time function randomization to control flow integrity highlights another advantage—minimal performance overhead. During program loading, you’ll experience only a marginal increase in time, typically one to three additional milliseconds. Once in runtime, our technology operates without interfering, resulting in effectively 0% performance overhead. In contrast, control flow integrity implementations can typically range from 5% to 30% or higher, potentially compromising both performance and security.
The flexibility of our load-time function randomization extends to environments employing control flow integrity. We offer a complimentary solution that doesn’t compromise performance, making it an ideal choice for those prioritizing both security and efficiency. Make the switch to our RunSafe code and experience the benefits of secure and high-performance software that ensures control flow integrity.

How Much of Your Attack Surface Can You Reduce?

Get a free report in 5 mins

(No contract / no credit card needed)