Affiliation:
1. University of California, San Diego
Abstract
We introduce
return-oriented programming
, a technique by which an attacker can induce arbitrary behavior in a program whose control flow he has diverted, without injecting any code. A return-oriented program chains together short instruction sequences already present in a program’s address space, each of which ends in a “return” instruction.
Return-oriented programming defeats the W⊕X protections recently deployed by Microsoft, Intel, and AMD; in this context, it can be seen as a generalization of traditional return-into-libc attacks. But the threat is more general. Return-oriented programming is readily exploitable on multiple architectures and systems. It also bypasses an entire category of security measures---those that seek to prevent malicious computation by preventing the execution of malicious code.
To demonstrate the wide applicability of return-oriented programming, we construct a Turing-complete set of building blocks called gadgets using the standard C libraries of two very different architectures: Linux/x86 and Solaris/SPARC. To demonstrate the power of return-oriented programming, we present a high-level, general-purpose language for describing return-oriented exploits and a compiler that translates it to gadgets.
Funder
Division of Computer and Network Systems
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,General Computer Science
Reference66 articles.
1. Control-flow integrity principles, implementations, and applications
2. Smashing the stack for fun and profit;Aleph One;Phrack Mag.,1996
3. Once upon a free();Anonymous;Phrack Mag.,2001
4. Randomized instruction set emulation
Cited by
295 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. HeisenTrojans: They Are Not There Until They Are Triggered;2023 Asian Hardware Oriented Security and Trust Symposium (AsianHOST);2023-12-13
2. Input-Driven Dynamic Program Debloating for Code-Reuse Attack Mitigation;Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering;2023-11-30
3. DSLR–: A low-overhead data structure layout randomization for defending data-oriented programming;Journal of Computer Security;2023-11-24
4. Improving Security Tasks Using Compiler Provenance Information Recovered At the Binary-Level;Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security;2023-11-15
5. SAFTE: A self-injection based anti-fuzzing technique;Computers and Electrical Engineering;2023-11