Return-Oriented Programming
Top Cited Papers
- 1 March 2012
- journal article
- research article
- Published by Association for Computing Machinery (ACM) in ACM Transactions on Information and System Security
- Vol. 15 (1), 1-34
- https://doi.org/10.1145/2133375.2133377
Abstract
We introduce return-oriented programming , a technique by which an attacker can induce arbitrary behavior in a program whose control flow he has diverted, without injecting any code. A return-oriented program chains together short instruction sequences already present in a program’s address space, each of which ends in a “return” instruction. Return-oriented programming defeats the W⊕X protections recently deployed by Microsoft, Intel, and AMD; in this context, it can be seen as a generalization of traditional return-into-libc attacks. But the threat is more general. Return-oriented programming is readily exploitable on multiple architectures and systems. It also bypasses an entire category of security measures---those that seek to prevent malicious computation by preventing the execution of malicious code. To demonstrate the wide applicability of return-oriented programming, we construct a Turing-complete set of building blocks called gadgets using the standard C libraries of two very different architectures: Linux/x86 and Solaris/SPARC. To demonstrate the power of return-oriented programming, we present a high-level, general-purpose language for describing return-oriented exploits and a compiler that translates it to gadgets.Keywords
Funding Information
- Division of Computer and Network Systems (CNS-0433668CNS-0831532)
This publication has 13 references indexed in Scilit:
- ROPdefenderPublished by Association for Computing Machinery (ACM) ,2011
- Return-oriented programming without returnsPublished by Association for Computing Machinery (ACM) ,2010
- Defeating return-oriented rootkits with " Return-Less " kernelsPublished by Association for Computing Machinery (ACM) ,2010
- Dynamic integrity measurement and attestationPublished by Association for Computing Machinery (ACM) ,2009
- Defending embedded systems against control flow attacksPublished by Association for Computing Machinery (ACM) ,2009
- Control-flow integrity principles, implementations, and applicationsACM Transactions on Information and System Security, 2009
- DROP: Detecting Return-Oriented Programming Malicious CodeLecture Notes in Computer Science, 2009
- Code injection attacks on harvard-architecture devicesPublished by Association for Computing Machinery (ACM) ,2008
- When good instructions go badPublished by Association for Computing Machinery (ACM) ,2008
- Randomized instruction set emulationACM Transactions on Information and System Security, 2005