HyperCrop: A Hypervisor-Based Countermeasure for Return Oriented Programming
نویسندگان
چکیده
Return oriented programming (ROP) has recently caught great attention of both academia and industry. It reuses existing binary code instead of injecting its own code and is able to perform arbitrary computation due to its Turing-completeness. Hence, It can successfully bypass state-of-the-art code integrity mechanisms such as NICKLE and SecVisor. In this paper, we present HyperCrop, a hypervisor-based approach to counter such attacks. Since ROP attackers extract short instruction sequences ending in ret called “gadgets” and craft stack content to “chain” these gadgets together, our method recognizes that the key characteristics of ROP is to fill the stack with plenty of addresses that are within the range of libraries (e.g. libc). Accordingly, we inspect the content of the stack to see if a potential ROP attack exists. We have implemented a proof-of-concept system based on the open source Xen hypervisor. The evaluation results exhibit that our solution is effective and efficient.
منابع مشابه
Return to Where? You Can’t Exploit What You Can’t Find
So far, no countermeasure has been able to fully prevent sophisticated exploitation techniques such as return-oriented programming (ROP). Recent control-flow integrity (CFI) defenses from Google and Microsoft can be bypassed by constructing a ROP payload that adheres to the control-flow constraints or by exploiting implementation flaws to bypass the control-flow checks. Microsoft’s EMET has les...
متن کاملRodosVisor - an Object-Oriented and Customizable Hypervisor: The CPU Virtualization
RodosVisor is an object-oriented and bare-metal virtual machine monitor (VMM) or hypervisor designed for the aerospace industry, mainly to provide time and spatial separation to the NetworkCentric core avionics machine, Montenegro and Dittrich (2009). The NetworkCentric core avionics machine consists of several harmonized components working together to implement dependable computing in a simple...
متن کاملDwarf Frankenstein is still in your memory: tiny code reuse attacks
Code reuse attacks such as return oriented programming and jump oriented programming are the most popular exploitation methods among attackers. A large number of practical and non-practical defenses are proposed that differ in their overhead, the source code requirement, detection rate and implementation dependencies. However, a usual aspect among these methods is consideration of the common be...
متن کاملAn enhanced reliability-oriented workforce planning model for process industry using combined fuzzy goal programming and differential evolution approach
This paper draws on the “human reliability” concept as a structure for gaining insight into the maintenance workforce assessment in a process industry. Human reliability hinges on developing the reliability of humans to a threshold that guides the maintenance workforce to execute accurate decisions within the limits of resources and time allocations. This concept offers a worthwhile point of de...
متن کاملInvestigation the impact of US Unilateral Withdraw from JCPOA on the Market Return of Export-Oriented Companies listed on Tehran Stock Exchange by Emphasis on herding Behavior (semi-parametric approach)
Today, export-oriented companies are very important. These companies need a lot of investment to expand their activities, which is one of the best ways to finance the stock market and since market return is one of the factors influencing people's decisions to direct their capital to this market return. Therefore, the analysis of factors affecting this market return is importants and hence the m...
متن کامل