[3 times read this as "weekly virtualized memory management scheme". Head scratcher that one...] On Wed, Mar 06, 2019 at 03:22:10PM -0800, Ryan Carboni wrote:

This is a simple suggestion for a weakly virtualized memory management scheme.

Heap allocation for arrays that change in size use a variable width block to choose the position of the memory page that the object is allocated to.

Vtables could be nested to reduce risk of ASLR defeat.

This is vulnerable to fragmentation for obvious reasons, so it should be limited to objects that are either multiple pages in size or are being modified in size by untrusted code.

This would add some factorial complexity over that of ASLR.

"Security" here I guess is domain isolation - Linux and $typical_desktop_os have relatively poor domain isolation. Marginal-improvement randomization schemes are at best temporary marginal improvement, perceived as low hanging fruit, and often adding longer term [runtime | code maintenance | etc] overhead without any real breakthrough. Microkernels, perhaps in the guise of VMM/ hypervisor with primary responsibility of the important bits of your computer. Then one must isolate tasks, so the MSO/LibreOffice jpeg trampoline macro won't give access to the internet, or the latest browser PDF viewer vuln won't give access to all memory, etc. Isolation. Isolation of activities, and the resources those activities require use of to operate "normally". This also requires hardware that is at least capable of providing the required isolation(s). [function | syscall | resource | device/hw ] attack surface Good luck,