A practical approach for adaptive data structure layout randomization

Ping Chen, Jun Xu, Zhiqiang Lin, Dongyan Xu, Bing Mao, Peng Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

21 Scopus citations


Attackers often corrupt data structures to compromise software systems. As a countermeasure, data structure layout randomization has been proposed. Unfortunately, existing techniques require manual designation of randomize-able data structures without guaranteeing the correctness and keep the layout unchanged at runtime. We present a system, called SALADS, that automatically translates a program to a DSSR (Data Structure Self-Randomizing) program. At runtime, a DSSR program dynamically randomizes the layout of each security-sensitive data structure by itself autonomously. DSSR programs regularly re-randomize a data structure when it has been accessed several times after last randomization. More importantly, DSSR programs automatically determine the randomizability of instances and randomize each instance independently. We have implemented SALADS based on gcc-4.5.0 and generated DSSR user-level applications, OS kernels, and hypervisors. Our experiments show that the DSSR programs can defeat a wide range of attacks with reasonable performance overhead.

Original languageEnglish (US)
Title of host publicationComputer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings
EditorsPeter Y.A. Ryan, Günther Pernul, Edgar Weippl
PublisherSpringer Verlag
Number of pages21
ISBN (Print)9783319241739
StatePublished - 2015
Event20th European Symposium on Research in Computer Security, ESORICS 2015 - Vienna, Austria
Duration: Sep 21 2015Sep 25 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other20th European Symposium on Research in Computer Security, ESORICS 2015

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'A practical approach for adaptive data structure layout randomization'. Together they form a unique fingerprint.

Cite this