The never ending war in the stack and the reincarnation of ROP attacks

05/25/2020
by   Ammari Nader, et al.
0

Return Oriented Programming (ROP) is a technique by which an attacker can induce arbitrary behavior inside a vulnerable program without injecting a malicious code. The continues failure of the currently deployed defenses against ROP has made it again one of the most powerful memory corruption attacks. ROP is also considered as one of the most flexible attacks, its level of flexibility, unlike other code reuse attacks, can reach the Turing completeness. Several efforts have been undertaken to study this threat and to propose better defense mechanisms (mitigation or prevention), yet the majority of them are not deeply reviewed nor officially implemented.Furthermore, similar studies show that the techniques proposed to prevent ROP-based exploits usually yield a high false-negative rate and a higher false-positive rate, not to mention the overhead that they introduce into the protected program. The first part of this research work aims at providing an in-depth analysis of the currently available anti-ROP solutions (deployed and proposed), focusing on inspecting their defense logic and summarizing their weaknesses and problems. The second part of this work aims at introducing our proposed Indicators Of Compromise (IOCs) that could be used to improve the detection rate of ROP attacks. The three suggested indicators could detect these attacks at run-time by checking the presence of some artifacts during the execution of the targeted program.

READ FULL TEXT

page 1

page 12

page 13

page 14

research
11/05/2021

A practical analysis of ROP attacks

Control Flow Hijacking attacks have posed a serious threat to the securi...
research
02/03/2023

DeTorrent: An Adversarial Padding-only Traffic Analysis Defense

While anonymity networks like Tor aim to protect the privacy of their us...
research
07/29/2018

ROPNN: Detection of ROP Payloads Using Deep Neural Networks

Return-oriented programming (ROP) is a code reuse attack that chains sho...
research
09/12/2019

Protecting the stack with PACed canaries

Stack canaries remain a widely deployed defense against memory corruptio...
research
09/08/2023

Penetrating Shields: A Systematic Analysis of Memory Corruption Mitigations in the Spectre Era

This paper provides the first systematic analysis of a synergistic threa...
research
03/12/2019

Detection of LDDoS Attacks Based on TCP Connection Parameters

Low-rate application layer distributed denial of service (LDDoS) attacks...
research
07/05/2020

Steroids for DOPed Applications: A Compiler for Automated Data-Oriented Programming

The wide-spread adoption of system defenses such as the randomization of...

Please sign up or login with your details

Forgot password? Click here to reset