Exploitation Techniques for Data-oriented Attacks with Existing and Potential Defense Approaches

Data-oriented attacks manipulate non-control data to alter a program’s benign behavior without violating its control-flow integrity. It has been shown that such can cause significant damage even in the presence of defense mechanisms. However, these threats have not adequately addressed. In this survey article, we first map data-oriented exploits, including Data-Oriented Programming (DOP) and Block-Oriented (BOP) attacks, their assumptions/requirements attack capabilities. Then, compare known defenses against terms approach, detection capabilities, overhead, compatibility. is generally believed control flows may be useful for security. (especially DOP attacks) generate side effects on behaviors multiple dimensions (i.e., incompatible branch frequency anomalies). We also characterize anomalies caused by attacks. end, discuss challenges building deployable open research questions.