Selfrando is an alternative to ASLR memory randomization. At the start of June, the Tor Project released version 6.5a1 of the Tor Browser, but compared to previous releases, this one also included a “hardened” version.
According to a research paper published by nine researchers from the University of California, Irvine (UCI), this hardened version includes a new feature called Selfrando.
The researchers describe Selfrando as “an enhanced and practical load-time randomization technique.” In layman terms, Selfrando is a will prevent attacks aimed at deanonymizing Tor users.
In the past years, the FBI has been very active in developing or paying others to develop exploits to use against Tor users, in order to unmask their real identities.
There have been many notorious cases where Tor exploits have been used, such as the SilkRoad marketplace and the Playpen child pornography portal.
While the FBI is justified to hack Tor users to unmask low-lifes, nobody knows if these exploits have been used for other purposes. The secrecy that masks how these exploits have been developed and used by US officials is scaring privacy groups and the Tor Project itself.
In the past months, the Tor Project and the UCI researchers have collaborated to create Selfrando, an alternative to ASLR (Address Space Layout Randomization).
While ASLR takes code and shifts the memory location in which it runs, Selfrando works by taking each code function separately and randomizing the memory address at which it runs.
If the attacker cannot predict the memory position at which pieces of code execute, then he cannot trigger memory corruption bugs that usually allow them to run rogue code inside the Tor Browser.
Selfrando vs ASLR
“Binaries built with selfrando are all identical on-disk because the code layout is not randomized until it is loaded into main memory,” the researchers explain.
If randomizing code when loading it into memory sounds like a performance dip, it’s not. Researchers say benchmarks show that Tor Browsers with Selfrando (hardened versions) add less than 1% overhead to running times.
Another good news is that Selfrando also doesn’t need developers to make too many changes to existing code. “No changes to build tools or processes are required,” the researchers add. “In most cases, using selfrando is as easy as adding a new compiler and linker flags to your existing build scripts.”
For more information on the Selfrando project, check out the GitHub repo and the Selfrando: Securing the Tor Browser against De-anonymization Exploits research paper, set to be presented at the Privacy Enhancing Technologies Symposium next month.
Other projects are welcomed to integrate Selfrando in their code because the project has been open-sourced under the GNU Affero General Public License (AGPL).
Building and running applications without and with Selfrando enabled