Survey of return-oriented programming defense mechanisms
نویسندگان
چکیده
منابع مشابه
Survey of return-oriented programming defense mechanisms
A prominent software security violation-buffer overflow attack has taken various forms and poses serious threats until today. One such vulnerability is return-oriented programming attack. An return-oriented programming attack circumvents the dynamic execution prevention, which is employed in modern operating systems to prevent execution of data segments, and attempts to execute unintended instr...
متن کاملA Survey on Return-Oriented Programming
The focus of this research is studying Return-Oriented Programming (ROP), which is a technique for exploiting software vulnerabilities. The reasons and motivations behind proposing ROP, the mechanism of working, automation tools, detection and prevention methods and new advances in ROP attacks are some of the important topics covered in this report.
متن کاملDefending against Return-Oriented Programming
Defending against Return-Oriented Programming
متن کاملEscape From Return-Oriented Programming: Return-oriented Programming without Returns (on the x86)
We show that on the x86 it is possible to mount a return-oriented programming attack without using any return instructions. Our new attack instead makes use of certain instruction sequences that behave like a return; we show that these sequences occur with sufficient frequency in large Linux libraries to allow creation of a Turing-complete gadget set. Because it does not make use of return inst...
متن کاملReturn-Oriented Programming without Returns on ARM
In this paper we present a novel and general memory-related attack method on ARM-based computing platforms. Our attack deploys the principles of return-oriented programming (ROP), however, in contrast to conventional ROP, it exploits jumps instead of returns, and hence it can not be detected by return address checkers. Although a similar attack has been recently proposed for Intel x86, it was u...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Security and Communication Networks
سال: 2015
ISSN: 1939-0114
DOI: 10.1002/sec.1406