An online approach to defeating ROP attacks∗

Donghai Tian; Xiaoqi Jia; Zhaolong Zhang; Li Zhan; Changzhen Hu; Jingfeng Xue

doi:10.1002/cpe.4775

An online approach to defeating ROP attacks^∗

Donghai Tian^*, Xiaoqi Jia, Zhaolong Zhang, Li Zhan, Changzhen Hu, Jingfeng Xue

^*此作品的通讯作者

科研成果: 期刊稿件 › 文章 › 同行评审

摘要

Return-Oriented Programming (ROP) attacks become very popular in recent years as these attacks can bypass traditional defense mechanisms such as data execution prevention (DEP) effectively. Previous solutions suffer from limitations in that: 1) some methods need to modify the target programs; 2) some methods introduce considerable performance cost; 3) some methods rely on the special hardware; and 4), most of existing methods could not provide an online protection for the target processes. In this paper, we present OnRop, an on-the-fly ROP attack protection system by using the commodity hardware features and OS internal facilities. Our system is compatible with the existing programs, and its protection layer can be added on demand. The experiments show that OnRop can detect ROP attacks effectively with moderate performance cost.

源语言	英语
文章编号	e4775
期刊	Concurrency Computation Practice and Experience
卷	31
期	22
DOI	https://doi.org/10.1002/cpe.4775
出版状态	已出版 - 25 11月 2019

访问文件

10.1002/cpe.4775

其它文件与链接

链接到 Scopus 的出版物

引用此

Tian, D., Jia, X., Zhang, Z., Zhan, L., Hu, C., & Xue, J. (2019). An online approach to defeating ROP attacks^∗ Concurrency Computation Practice and Experience, 31(22), 文章 e4775. https://doi.org/10.1002/cpe.4775

@article{3f8a8e8bfb384ac3a00fe15c48103f48,

title = "An online approach to defeating ROP attacks∗ ",

abstract = "Return-Oriented Programming (ROP) attacks become very popular in recent years as these attacks can bypass traditional defense mechanisms such as data execution prevention (DEP) effectively. Previous solutions suffer from limitations in that: 1) some methods need to modify the target programs; 2) some methods introduce considerable performance cost; 3) some methods rely on the special hardware; and 4), most of existing methods could not provide an online protection for the target processes. In this paper, we present OnRop, an on-the-fly ROP attack protection system by using the commodity hardware features and OS internal facilities. Our system is compatible with the existing programs, and its protection layer can be added on demand. The experiments show that OnRop can detect ROP attacks effectively with moderate performance cost.",

keywords = "on-the-fly, protection, return-oriented programming",

author = "Donghai Tian and Xiaoqi Jia and Zhaolong Zhang and Li Zhan and Changzhen Hu and Jingfeng Xue",

note = "Publisher Copyright: {\textcopyright} 2018 John Wiley & Sons, Ltd.",

year = "2019",

month = nov,

day = "25",

doi = "10.1002/cpe.4775",

language = "English",

volume = "31",

journal = "Concurrency Computation Practice and Experience",

issn = "1532-0626",

publisher = "John Wiley and Sons Ltd",

number = "22",

}

TY - JOUR

T1 - An online approach to defeating ROP attacks∗

AU - Tian, Donghai

AU - Jia, Xiaoqi

AU - Zhang, Zhaolong

AU - Zhan, Li

AU - Hu, Changzhen

AU - Xue, Jingfeng

PY - 2019/11/25

Y1 - 2019/11/25

N2 - Return-Oriented Programming (ROP) attacks become very popular in recent years as these attacks can bypass traditional defense mechanisms such as data execution prevention (DEP) effectively. Previous solutions suffer from limitations in that: 1) some methods need to modify the target programs; 2) some methods introduce considerable performance cost; 3) some methods rely on the special hardware; and 4), most of existing methods could not provide an online protection for the target processes. In this paper, we present OnRop, an on-the-fly ROP attack protection system by using the commodity hardware features and OS internal facilities. Our system is compatible with the existing programs, and its protection layer can be added on demand. The experiments show that OnRop can detect ROP attacks effectively with moderate performance cost.

AB - Return-Oriented Programming (ROP) attacks become very popular in recent years as these attacks can bypass traditional defense mechanisms such as data execution prevention (DEP) effectively. Previous solutions suffer from limitations in that: 1) some methods need to modify the target programs; 2) some methods introduce considerable performance cost; 3) some methods rely on the special hardware; and 4), most of existing methods could not provide an online protection for the target processes. In this paper, we present OnRop, an on-the-fly ROP attack protection system by using the commodity hardware features and OS internal facilities. Our system is compatible with the existing programs, and its protection layer can be added on demand. The experiments show that OnRop can detect ROP attacks effectively with moderate performance cost.

KW - on-the-fly

KW - protection

KW - return-oriented programming

UR - http://www.scopus.com/inward/record.url?scp=85073693568&partnerID=8YFLogxK

U2 - 10.1002/cpe.4775

DO - 10.1002/cpe.4775

M3 - Article

AN - SCOPUS:85073693568

SN - 1532-0626

VL - 31

JO - Concurrency Computation Practice and Experience

JF - Concurrency Computation Practice and Experience

IS - 22

M1 - e4775

ER -

An online approach to defeating ROP attacks∗

摘要

访问文件

其它文件与链接

指纹

引用此

An online approach to defeating ROP attacks^∗