Mill Computing, Inc. › Forums › The Mill › Architecture › ASLR (security) › Reply To: ASLR (security)
It all comes down to the tradeoffs. The mill’s way of doing it has many advantages:
- Separation of concerns by splitting the PLB and TLB
- Allowing the TLB to be moved down the cache hierarchy, giving it the opportunity to be smarter, more complex, larger, slower, and cheaper without impacting performance.
- Unifying the entire cache hierarchy with the processor core.
- Freeing the only parallelizable part of the classic-TLB structure, i.e. protection, to be parallelized in the mill’s PLB.
- Making the PLB small, fast, and no longer a bottleneck.
- Allowing cache access to be fast and deterministic.
- Opening the opportunity to introduce real security primitives based on authorization and least-privilege instead of obfuscation.
(See the memory talk for these points.)
Insisting on ASLR throws all of that away including the significant performance benefit of removing that TLB chokepoint out of the hottest part of the memory highway: between the processor and L1. All for what boils down to a form of security through obscurity.
Make your secure services small, simple, with a low surface area and they will be much easier to keep secure, and avoid things like buffer overflows.