What does ASLR(address space layout randomiztion) do?

Question

I read that it is a security measure to protect against common attacks. The idea is that it keeps randomizing the virtual memory space which I believe will require periodic updates to the page table and the TLB? Am I correct?

My other question is, does it, at all, randomize the physical location of pages in the physical memory? Because I have been looking into the behavior of the physical memory under and without ASLR and the behavior is different.

Answer 1

ASLR is a security feature that's supposed to randomise the virtual address space of a program on each run. It doesn't hot-swap the virtual address space of a program while it's running (that would be a disaster).

The operating system will usually have to make periodic updates to the page table simply as part of scheduling. Whether ASLR is enabled is largely irrelevant to page table updates.

As to your other question, the layout of physical memory is essentially random whether you have ASLR enabled or not under Linux. Pages get swapped in and out of memory very often and, furthermore, the physical memory layout can quickly become fragmented. The only semi-predictable parts of physical memory would probably be memory reserved for DMA.

I'm still unsure how you managed to "look into the behaviour of physical memory" and conclude that the behaviour is significantly different between ASLR enabled and not.