The security researchers are specifically testing a new technique called “Selfrando” to protect the browser from the exploits of the hackers.
The Tor browser is used by millions of people worldwide as it helps individuals to browse the internet anonymously.
The identity of the user and the location from where the user logs in are masked.
Because of this anonymity, criminals have capitalized on the browser to conduct their activities.
For this reason, the FBI has made several attempts to hack the browser to trap the criminals hiding behind it.
Reports indicate that privacy activists are worried if the FBI is using Tor exploits for other purposes as well.
The Tor project has since gone on the defense and is trying to improve its security features.
The Selfrando Technique
The Tor project researchers are currently working closely with expert security researchers to recreate a toughened version of the Tor browser by incorporating brand new anti-hacking guards and a technique called Selfrando.
As a result of using the new technique, the anonymity of Tor users would be heightened considerably.
Security researchers at Darmstadt University and the University of Padua have published a new paper to this effect.
The Selfrando technique is designed to work against hackers’ common methods of using “code reuse” for attacks.
Malware is commonly designed to exploit memory leaks that reuse code libraries existing in the browser.
Mainly, a lot of the code is rearranged in the application memory to form the malware.
This is easier to accomplish than injecting malicious new code.
Many of the browsers have security features that randomize the location/placement of code libraries in their memory.
However, the security features are not designed to randomize the locations of the function code sets.
The Selfrando technique does just this and significantly improves the security aspects related to randomization of address space layouts (ASLR) currently used by browsers such as Tor, Firefox, etc.
Selfrando works by creating and allocating random address spaces for internal code that is hard to exploit.
There are other advantages to using the Selfrando technique such as an acceptable load time and negligible overheads during run time.
There are not many changes required to support and protect the Tor browser either.
Other techniques that have been tried recently have not fared so well on these aspects.
This new technique is going to be used in the toughened releases of the Tor browser that are forthcoming and soon, the Selfrando technique is likely to be incorporated as a feature in all regular builds of the browser.
This technique is currently undergoing field tests. However, it is interesting to note that some security experts have skeptical views.
Mike Hyponnen, a cyber-security expert, feels that whenever Tor attempts to beef up security aspects to protect the anonymity of its users, there will be a rise in the number of attempts by hackers to de-anonymize the users.
Whereas many of the newly-found techniques do not last for a long period, some researchers are still trying to patch up security loopholes in browsers like Tor that government agencies can hack into.