A principled approach for ROP defense

Rui Qiao; Mingwei Zhang; R. Sekar

doi:10.1145/2818000.2818021

A principled approach for ROP defense

Rui Qiao
, Mingwei Zhang
, R. Sekar

Computer Science

Stony Brook University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

17 Scopus citations

Abstract

Return-Oriented Programming (ROP) is an effective attack technique that can escape modern defenses such as DEP. ROP is based on repeated abuse of existing code snippets ending with return instructions (called gadgets), as compared to using injected code. Several defense mechanisms have been proposed to counter ROP by enforcing policies on the targets of return instructions, and/or their frequency. However, these policies have been repeatedly bypassed by more advanced ROP attacks. While stricter policies have the potential to thwart ROP, they lead to incompatibilities which discourage their deployment. In this work, we address this challenge by presenting a principled approach for ROP defense. Our experimental evaluation shows that our approach enforces a strong policy, while offering better compatibility and good performance.

Original language	English
Title of host publication	Proceedings - 31st Annual Computer Security Applications Conference, ACSAC 2015
Publisher	Association for Computing Machinery
Pages	101-110
Number of pages	10
ISBN (Electronic)	9781450336826
DOIs	https://doi.org/10.1145/2818000.2818021
State	Published - Dec 7 2015
Event	31st Annual Computer Security Applications Conference, ACSAC 2015 - Los Angeles, United States Duration: Dec 7 2015 → Dec 11 2015

Publication series

Name	ACM International Conference Proceeding Series
Volume	7-11-December-2015

Conference

Conference	31st Annual Computer Security Applications Conference, ACSAC 2015
Country/Territory	United States
City	Los Angeles
Period	12/7/15 → 12/11/15

Access to Document

10.1145/2818000.2818021

Cite this

@inproceedings{16266fff362e4da393ecfd13f94e8e24,

title = "A principled approach for ROP defense",

abstract = "Return-Oriented Programming (ROP) is an effective attack technique that can escape modern defenses such as DEP. ROP is based on repeated abuse of existing code snippets ending with return instructions (called gadgets), as compared to using injected code. Several defense mechanisms have been proposed to counter ROP by enforcing policies on the targets of return instructions, and/or their frequency. However, these policies have been repeatedly bypassed by more advanced ROP attacks. While stricter policies have the potential to thwart ROP, they lead to incompatibilities which discourage their deployment. In this work, we address this challenge by presenting a principled approach for ROP defense. Our experimental evaluation shows that our approach enforces a strong policy, while offering better compatibility and good performance.",

author = "Rui Qiao and Mingwei Zhang and R. Sekar",

note = "Publisher Copyright: {\textcopyright} 2015 ACM.; 31st Annual Computer Security Applications Conference, ACSAC 2015 ; Conference date: 07-12-2015 Through 11-12-2015",

year = "2015",

month = dec,

day = "7",

doi = "10.1145/2818000.2818021",

language = "English",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery",

pages = "101--110",

booktitle = "Proceedings - 31st Annual Computer Security Applications Conference, ACSAC 2015",

}

Qiao, R, Zhang, M & Sekar, R 2015, A principled approach for ROP defense. in Proceedings - 31st Annual Computer Security Applications Conference, ACSAC 2015. ACM International Conference Proceeding Series, vol. 7-11-December-2015, Association for Computing Machinery, pp. 101-110, 31st Annual Computer Security Applications Conference, ACSAC 2015, Los Angeles, United States, 12/7/15. https://doi.org/10.1145/2818000.2818021

A principled approach for ROP defense. / Qiao, Rui; Zhang, Mingwei; Sekar, R.
Proceedings - 31st Annual Computer Security Applications Conference, ACSAC 2015. Association for Computing Machinery, 2015. p. 101-110 (ACM International Conference Proceeding Series; Vol. 7-11-December-2015).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A principled approach for ROP defense

AU - Qiao, Rui

AU - Zhang, Mingwei

AU - Sekar, R.

PY - 2015/12/7

Y1 - 2015/12/7

N2 - Return-Oriented Programming (ROP) is an effective attack technique that can escape modern defenses such as DEP. ROP is based on repeated abuse of existing code snippets ending with return instructions (called gadgets), as compared to using injected code. Several defense mechanisms have been proposed to counter ROP by enforcing policies on the targets of return instructions, and/or their frequency. However, these policies have been repeatedly bypassed by more advanced ROP attacks. While stricter policies have the potential to thwart ROP, they lead to incompatibilities which discourage their deployment. In this work, we address this challenge by presenting a principled approach for ROP defense. Our experimental evaluation shows that our approach enforces a strong policy, while offering better compatibility and good performance.

AB - Return-Oriented Programming (ROP) is an effective attack technique that can escape modern defenses such as DEP. ROP is based on repeated abuse of existing code snippets ending with return instructions (called gadgets), as compared to using injected code. Several defense mechanisms have been proposed to counter ROP by enforcing policies on the targets of return instructions, and/or their frequency. However, these policies have been repeatedly bypassed by more advanced ROP attacks. While stricter policies have the potential to thwart ROP, they lead to incompatibilities which discourage their deployment. In this work, we address this challenge by presenting a principled approach for ROP defense. Our experimental evaluation shows that our approach enforces a strong policy, while offering better compatibility and good performance.

UR - https://www.scopus.com/pages/publications/84959336213

U2 - 10.1145/2818000.2818021

DO - 10.1145/2818000.2818021

M3 - Conference contribution

T3 - ACM International Conference Proceeding Series

SP - 101

EP - 110

BT - Proceedings - 31st Annual Computer Security Applications Conference, ACSAC 2015

PB - Association for Computing Machinery

T2 - 31st Annual Computer Security Applications Conference, ACSAC 2015

Y2 - 7 December 2015 through 11 December 2015

ER -

A principled approach for ROP defense

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this