[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content
Springer Nature Link
Log in

An Online Approach to Defeating Return-Oriented-Programming Attacks

  • Conference paper
  • First Online:
Cyberspace Safety and Security (CSS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10581))

Included in the following conference series:

Abstract

Return-oriented programming (ROP) attacks become very popular in recent years, as these attacks can bypass traditional defense mechanisms such as data execution prevention (DEP) effectively. Previous solutions suffer from limitations in that: (1) Some methods need to modify the target programs; (2) Some methods introduce considerable performance cost; (3) Almost all methods could not provide an online protection for the target processes. In this paper, we present OnDrop, an on-the-fly ROP protection system by using the OS internal facilities. Our system is compatible with the existing programs, and its protection layer can be added on demand. The experiments show that OnDrop can detect ROP attacks effectively with a little performance overhead.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 35.99
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 44.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Yao, X., Han, X., Du, X., Zhou, X.: A lightweight multicast authentication mechanism for small scale IoT applications. IEEE Sens. J. 13, 3693–3701 (2013)

    Article  Google Scholar 

  2. Metasploit (2014). http://www.metasploit.com/

  3. Shacham, H.: The geometry of innocent flesh on the bone. In: ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA, pp. 552–561, October 2007

    Google Scholar 

  4. Luk, C.K., Cohn, R., Muth, R., Patil, H., Klauser, A., Lowney, G., Wallace, S., Reddi, V.J., Hazelwood, K.: Pin: building customized program analysis tools with dynamic instrumentation. In: Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), vol. 40(6), pp. 190–200 (2005)

    Google Scholar 

  5. Intel corp. intel 64 and ia-32 architectures software developer’s manuals (2014). http://www.intel.com/Assets/PDF/manual/253669.pdf

  6. Longld. payload already inside: Data resue for ROP exploits (2010). https://media.blackhat.com/bh-us-10/whitepapers/Le/BlackHat-USA-2010-Le-Paper-Payload-already-inside-data-reuse-for-ROP-exploits-wp.pdf

  7. The exploit database (2014). http://www.exploit-db.com/

  8. Davi, L., Sadeghi, A.R., Winandy, M.: Ropdefender: a detection tool to defend against return-oriented programming attacks. In: ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011, Hong Kong, China, pp. 40–51, March 2011. doi:10.1145/1966913.1966920

  9. Chen, P., Xiao, H., Shen, X., Yin, X., Mao, B., Xie, L.: DROP: detecting return-oriented programming malicious code. In: Prakash, A., Sen Gupta, I. (eds.) ICISS 2009. LNCS, vol. 5905, pp. 163–177. Springer, Heidelberg (2009). doi:10.1007/978-3-642-10772-6_13

    Chapter  Google Scholar 

  10. Han, H., Mao, B., Xie, L.: Dynamic runtime detection system for return-oriented programming attack. Comput. Eng. 38(4), 122–125 (2012)

    Google Scholar 

  11. Abadi, M., Budiu, M., Erlingsson, I., Ligatti, J.: Control-flow integrity. In: ACM Conference on Computer and Communications Security, CCS 2005, Alexandria, VA, USA, pp. 340–353, November 2005. doi:10.1145/1102120.1102165

  12. Bletsch, T., Jiang, X., Freeh, V.: Mitigating code-reuse attacks with control-flow locking. In: Twenty-Seventh Computer Security Applications Conference, ACSAC 2011, Orlando, FL, USA, pp. 353–362, 5–9 December 2011. doi:10.1145/2076732.2076783

  13. Onarlioglu, K., Bilge, L., Lanzi, A., Balzarotti, D., Kirda, E.: G-free: defeating return-oriented programming through gadget-less binaries. In: Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC), pp. 49–58 (2010)

    Google Scholar 

  14. Zhang, C., Wei, T., Chen, Z., Duan, L., Szekeres, L., Mccamant, S., Song, D., Zou, W.: Practical control flow integrity and randomization for binary executables. In: 34th IEEE Symposium on Security & Privacy, Oakland, pp. 559–573 (2013). doi:10.1109/sp.2013.44

  15. Zhang, M., Sekar, R.: Control flow integrity for cots binaries. In: USENIX Conference on Security, pp. 337–352 (2013). doi:10.1145/2818000.2818016

  16. Bhatkar, S., Sekar, R., Duvarney, D.C.: Efficient techniques for comprehensive protection from memory error exploits. In: Proceedings of the 14th USENIX Security Symposium, p. 17 (2005)

    Google Scholar 

  17. Wartell, R., Mohan, V., Hamlen, K.W., Lin, Z.: Binary stirring: self-randomizing instruction addresses of legacy x86 binary code. In: Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS), pp. 157–168 (2012). doi:10.1145/2382196.2382216

  18. Barrantes, E.G., Ackley, D.H., Palmer, T.S., Stefanovic, D., Zovi, D.D.: Randomized instruction set emulation to disrupt binary code injection attacks. In: ACM Conference on Computer and Communications Security, CCS 2003, Washington, DC, USA, pp. 281–289, October 2003

    Google Scholar 

  19. Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: ACM Conference on Computer and Communications Security, pp. 272–280 (2003)

    Google Scholar 

  20. Backes, M., Rnberger, S.: Oxymoron: making fine-grained memory randomization practical by allowing code sharing. In: Proceedings of the 23rd USENIX Security Symposium, pp. 433–447 (2014)

    Google Scholar 

  21. Oikonomopoulos, A., Athanasopoulos, E., Bos, H., Giuffrida, C.: Poking holes in information hiding. In: Proceedings of the 25th USENIX Security Symposium (2016)

    Google Scholar 

  22. Xia, Y., Liu, Y., Chen, H., Zang, B.: Cfimon: detecting violation of control flow integrity using performance counters. In: Proceedings of the 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 1–12 (2012). doi:10.1109/dsn.2012.6263958

  23. Pappas, V., Polychronakis, M., Keromytis, A.D.: Transparent ROP exploit mitigation using indirect branch tracing. In: Proceedings of the 22nd USENIX Security Symposium, pp. 447–462 (2013)

    Google Scholar 

  24. Cheng, Y., Zhou, Z., Yu, M., Ding, X., Deng, R.H.: Ropecker: a generic and practical approach for defending against rop attacks. In: Proceedings of the 21st Annual Network and Distributed System Security Symposium (NDSS) (2014). doi:10.14722/ndss.2014.23156

  25. Jia, X., Wang, R., Jiang, J., Zhang, S., Liu, P.: Defending return-oriented programming based on virtualization techniques. Secur. Commun. Netw. (SCN) 6(10), 1236–1249 (2013)

    Google Scholar 

  26. Yutao, L., Peitao, S., Xinran, W., Haibo, C., Binyu, Z., Haibing, G.: Transparent and efficient CFI enforcement with intel processor trace. In: IEEE Symposium on High Performance Computer Architecture (2017). doi:10.1109/hpca.2017.18

Download references

Acknowledgments

This work was supported in part by National Natural Science Foundation of China (NSFC) under Grant No. 61602035, the National Key Research and Development Program of China under Grant No. 2016YFB0800700, the Open Found of Key Laboratory of Network Assessment Technology, Institute of Information Engineering, Chinese Academy of Sciences.

Author information

Authors and Affiliations

  1. Beijing Key Laboratory of Software Security Engineering Technique, Beijing Institute of Technology, Beijing, 100081, China

    Donghai Tian, Li Zhan, Changzhen Hu & Jingfeng Xue

  2. Key Laboratory of Network Assessment Technology, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China

    Donghai Tian & Xiaoqi Jia

Authors
  1. Donghai Tian
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiaoqi Jia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Li Zhan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Changzhen Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jingfeng Xue
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Donghai Tian .

Editor information

Editors and Affiliations

  1. Deakin University , Geelong, China

    Sheng Wen

  2. Fujian Normal University, Fuzhou Shi, China

    Wei Wu

  3. University of Salerno, Fisciano, Italy

    Aniello Castiglione

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Tian, D., Jia, X., Zhan, L., Hu, C., Xue, J. (2017). An Online Approach to Defeating Return-Oriented-Programming Attacks. In: Wen, S., Wu, W., Castiglione, A. (eds) Cyberspace Safety and Security. CSS 2017. Lecture Notes in Computer Science(), vol 10581. Springer, Cham. https://doi.org/10.1007/978-3-319-69471-9_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-69471-9_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-69470-2

  • Online ISBN: 978-3-319-69471-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation