Joe, I just be missing something, how are the Mill and ASLR at odds? Making sure that they aren’t is the thrust of my question; I was curious if anything in the Mill prohibits it. Ivan and I’s discussion on its merits aside I still was left with the impression that it could be done if it was OS policy. I don’t see how placing each process/service/library/stack (different implementations take the randomization to different lengths) at a random offset means throwing away the PLB/TLB separation. I figured ASLR would be complementary, with the Mill’s resistance to stack exploits preventing most buffer overflow vulnerabilities and ASLR mopping up what was left.
Furthur, characterizing ASLR as security by obscurity is like saying that encryption is security by obscurity because you have to keep your private key secret. ASLR is about per machine per bootup randomization of critical locations, not a secret backdoor put in by the Mill’s designers. We can measure the number of bits of security against brute force provided by ASLR precisely, and in fact you can see an example of this analysis on its Wikipedia page.