Skip to content
Vol. 1 · Ed. 2026
CyberGlossary
Entry № 075

ASLR

Reviewed byCybersecurity entrepreneur & security researcher

What is ASLR?

ASLRAddress Space Layout Randomization randomizes the memory locations of code, stacks, heaps, and libraries so attackers cannot reliably predict target addresses for exploits.


ASLR is a defensive mitigation that randomizes the base addresses of key process regions — the executable, shared libraries, heap, stack, and mmap area — each time a program runs. It was pioneered by the PaX project in 2001, merged into the mainline Linux kernel in 2005 (2.6.12), and now ships in Windows (since Vista), macOS, iOS, and Android. By making layout unpredictable, ASLR forces an attacker to first leak an address before mounting code-reuse attacks such as ROP or ret2libc.

Its strength depends on entropy: 32-bit systems expose only ~8–16 bits, small enough that Shacham's 2004 study brute-forced forking Apache workers in minutes, whereas 64-bit Linux offers 28+ bits of mmap entropy. Coverage matters just as much — one non-PIE library, or a binary run with an unlimited stack (ADDR_NO_RANDOMIZE, hardened via CVE-2016-3672), leaves a fixed anchor. In 2014, Marco-Gisbert and Ripoll's offset2lib attack showed GNU/Linux mapped the PIE executable adjacent to its libraries, so a single leaked application address de-randomized every library at a constant offset — defeating full ASLR, NX, and stack canaries in under a second. The fix separated the executable base from mmap_base.

ASLR is never standalone: pair it with DEP/NX, stack canaries, and Control-Flow Integrity, and remember that any reliable info-leak primitive collapses it entirely.

flowchart TD
  E[exec / program load] --> R{ASLR enabled?}
  R -->|No| F[Fixed, predictable addresses]
  R -->|Yes| RND[Randomize base of stack, heap, mmap, PIE, libs]
  RND --> ENT{Enough entropy & full coverage?}
  ENT -->|No| BF[Brute force / non-PIE anchor]
  ENT -->|Yes| LEAK{Attacker has an info leak?}
  LEAK -->|Yes| BYP[Recompute real addresses e.g. offset2lib]
  LEAK -->|No| BLOCK[ROP / ret2libc unreliable]
  F --> EXP[Exploit succeeds]
  BF --> EXP
  BYP --> EXP

Examples

  1. 01

    Linux randomizing the stack, heap, and PIE binary base on every exec.

  2. 02

    Windows ASLR rebasing kernel32.dll and ntdll.dll on each boot.

Frequently asked questions

What is ASLR?

Address Space Layout Randomization randomizes the memory locations of code, stacks, heaps, and libraries so attackers cannot reliably predict target addresses for exploits. It belongs to the Application Security category of cybersecurity.

What does ASLR mean?

Address Space Layout Randomization randomizes the memory locations of code, stacks, heaps, and libraries so attackers cannot reliably predict target addresses for exploits.

How do you defend against ASLR?

Defences for ASLR typically combine technical controls and operational practices, as detailed in the full definition above.

What are other names for ASLR?

Common alternative names include: Address Space Layout Randomization, PIE.

Related terms

See also