Search Results

Documents authored by Burrow, Ryan


Document
DART: A Real-Time Address-Randomization Defense with Predictable Timing

Authors: Patrick Dobranowski, Owen Rice, Ryan Burrow, Nathan Burow, and Bryan C. Ward

Published in: LIPIcs, Volume 375, 38th European Conference on Real-Time Systems (ECRTS 2026)


Abstract
Embedded and real-time systems are increasingly connected and deployed in safety and mission-critical environments, making them a persistent target for attacks capable of compromising industrial control systems and other embedded devices. At the same time, these devices often have strict real-time requirements that require predictable worst-case performance. However, many strong and widely deployed software-security defenses are designed and evaluated with respect to average-case performance, a more important metric in enterprise systems. The worst-case performance of such defenses is not well understood and indeed such defenses are less commonly deployed in embedded systems. In particular, one class of commonly deployed defenses in enterprise systems is code randomization, which protects a system by altering the layout of the virtual address space so that attackers cannot easily target specific parts of a vulnerable application, but randomization is often seen as fundamentally counter to real-time predictability. This paper presents DART, a real-time address randomization defense with page-level randomization. DART randomizes code in the virtual address space at page-level granularity under placement constraints that move cache behavior from a runtime OS-allocator property to a statically encoded binary property, allowing for timing analysis. An analysis of DART’s timing behavior on a real-time testbed demonstrates how the design makes layout-induced timing variance bounded and characterizable across the space of layouts produced, supporting predictable execution-time analysis. The resulting layout search space is then analyzed, and a closed-form expression for the randomization entropy induced by DART is derived. Evaluation results across TACLeBench binaries show increased combinatorial entropy with modest numbers of virtual memory pages per cache color, providing a suitable defense that outperforms traditional virtual-memory protections for attacks such as partial-pointer overwriting or more broadly control-flow hijacking.

Cite as

Patrick Dobranowski, Owen Rice, Ryan Burrow, Nathan Burow, and Bryan C. Ward. DART: A Real-Time Address-Randomization Defense with Predictable Timing. In 38th European Conference on Real-Time Systems (ECRTS 2026). Leibniz International Proceedings in Informatics (LIPIcs), Volume 375, pp. 10:1-10:26, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2026)


Copy BibTex To Clipboard

@InProceedings{dobranowski_et_al:LIPIcs.ECRTS.2026.10,
  author =	{Dobranowski, Patrick and Rice, Owen and Burrow, Ryan and Burow, Nathan and Ward, Bryan C.},
  title =	{{DART: A Real-Time Address-Randomization Defense with Predictable Timing}},
  booktitle =	{38th European Conference on Real-Time Systems (ECRTS 2026)},
  pages =	{10:1--10:26},
  series =	{Leibniz International Proceedings in Informatics (LIPIcs)},
  ISBN =	{978-3-95977-429-1},
  ISSN =	{1868-8969},
  year =	{2026},
  volume =	{375},
  editor =	{Kritikakou, Angeliki},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/LIPIcs.ECRTS.2026.10},
  URN =		{urn:nbn:de:0030-drops-266021},
  doi =		{10.4230/LIPIcs.ECRTS.2026.10},
  annote =	{Keywords: real-time systems, address-space layout randomization, code randomization, worst-case execution time, cache coloring, embedded systems security}
}
Document
Artifact
DART: A Real-Time Address-Randomization Defense with Predictable Timing (Artifact)

Authors: Patrick Dobranowski, Owen Rice, Ryan Burrow, Nathan Burow, and Bryan C. Ward

Published in: DARTS, Volume 12, Issue 2, Special Issue of the 38th European Conference on Real-Time Systems (ECRTS 2026)


Abstract
This artifact accompanies the ECRTS 2026 paper on DART, a real-time address-randomization defense that randomizes the placement of basic blocks in the virtual address space at page-level granularity while preserving the cache-line behavior of the original binary, thereby keeping a binary’s instruction-cache timing analyzable across all valid randomizations. The artifact contains the full DART toolchain (a patched clang/LLVM 9 compiler, a modified gold linker, the prander randomizer, and a post-link ELF rewriter), distributed as a patch over the upstream Compiler-assisted Code Randomization (CCR) framework. It further contains a patched Linux 5.4.0 kernel whose loader honors DART’s color-aware program headers, the TACLeBench-derived benchmark sources used in the paper, and the experiment drivers and plotting scripts that produce the timing results reported in Section 5 of the companion paper. All components are publicly released so that the community can inspect, reuse, and extend the implementation underlying the paper’s claims.

Cite as

Patrick Dobranowski, Owen Rice, Ryan Burrow, Nathan Burow, and Bryan C. Ward. DART: A Real-Time Address-Randomization Defense with Predictable Timing (Artifact). In Special Issue of the 38th European Conference on Real-Time Systems (ECRTS 2026). Dagstuhl Artifacts Series (DARTS), Volume 12, Issue 2, pp. 8:1-8:4, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2026)


Copy BibTex To Clipboard

@Article{dobranowski_et_al:DARTS.12.2.8,
  author =	{Dobranowski, Patrick and Rice, Owen and Burrow, Ryan and Burow, Nathan and Ward, Bryan C.},
  title =	{{DART: A Real-Time Address-Randomization Defense with Predictable Timing (Artifact)}},
  pages =	{8:1--8:4},
  journal =	{Dagstuhl Artifacts Series},
  ISSN =	{2509-8195},
  year =	{2026},
  volume =	{12},
  number =	{2},
  editor =	{Dobranowski, Patrick and Rice, Owen and Burrow, Ryan and Burow, Nathan and Ward, Bryan C.},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DARTS.12.2.8},
  URN =		{urn:nbn:de:0030-drops-266252},
  doi =		{10.4230/DARTS.12.2.8},
  annote =	{Keywords: real-time systems, code randomization, ASLR, WCET, cache analysis, software diversity}
}
Any Issues?
X

Feedback on the Current Page

CAPTCHA

Thanks for your feedback!

Feedback submitted to Dagstuhl Publishing

Could not send message

Please try again later or send an E-mail