An online approach to defeating ROP attacks∗

Donghai Tian; Xiaoqi Jia; Zhaolong Zhang; Li Zhan; Changzhen Hu; Jingfeng Xue

doi:10.1002/cpe.4775

An online approach to defeating ROP attacks^∗

Donghai Tian^*, Xiaoqi Jia, Zhaolong Zhang, Li Zhan, Changzhen Hu, Jingfeng Xue

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

Abstract

Return-Oriented Programming (ROP) attacks become very popular in recent years as these attacks can bypass traditional defense mechanisms such as data execution prevention (DEP) effectively. Previous solutions suffer from limitations in that: 1) some methods need to modify the target programs; 2) some methods introduce considerable performance cost; 3) some methods rely on the special hardware; and 4), most of existing methods could not provide an online protection for the target processes. In this paper, we present OnRop, an on-the-fly ROP attack protection system by using the commodity hardware features and OS internal facilities. Our system is compatible with the existing programs, and its protection layer can be added on demand. The experiments show that OnRop can detect ROP attacks effectively with moderate performance cost.

Original language	English
Article number	e4775
Journal	Concurrency Computation Practice and Experience
Volume	31
Issue number	22
DOIs	https://doi.org/10.1002/cpe.4775
Publication status	Published - 25 Nov 2019

Keywords

on-the-fly
protection
return-oriented programming

Access to Document

10.1002/cpe.4775

Cite this

Tian, D., Jia, X., Zhang, Z., Zhan, L., Hu, C., & Xue, J. (2019). An online approach to defeating ROP attacks^∗ Concurrency Computation Practice and Experience, 31(22), Article e4775. https://doi.org/10.1002/cpe.4775

@article{3f8a8e8bfb384ac3a00fe15c48103f48,

title = "An online approach to defeating ROP attacks∗ ",

abstract = "Return-Oriented Programming (ROP) attacks become very popular in recent years as these attacks can bypass traditional defense mechanisms such as data execution prevention (DEP) effectively. Previous solutions suffer from limitations in that: 1) some methods need to modify the target programs; 2) some methods introduce considerable performance cost; 3) some methods rely on the special hardware; and 4), most of existing methods could not provide an online protection for the target processes. In this paper, we present OnRop, an on-the-fly ROP attack protection system by using the commodity hardware features and OS internal facilities. Our system is compatible with the existing programs, and its protection layer can be added on demand. The experiments show that OnRop can detect ROP attacks effectively with moderate performance cost.",

keywords = "on-the-fly, protection, return-oriented programming",

author = "Donghai Tian and Xiaoqi Jia and Zhaolong Zhang and Li Zhan and Changzhen Hu and Jingfeng Xue",

note = "Publisher Copyright: {\textcopyright} 2018 John Wiley & Sons, Ltd.",

year = "2019",

month = nov,

day = "25",

doi = "10.1002/cpe.4775",

language = "English",

volume = "31",

journal = "Concurrency Computation Practice and Experience",

issn = "1532-0626",

publisher = "John Wiley and Sons Ltd",

number = "22",

}

TY - JOUR

T1 - An online approach to defeating ROP attacks∗

AU - Tian, Donghai

AU - Jia, Xiaoqi

AU - Zhang, Zhaolong

AU - Zhan, Li

AU - Hu, Changzhen

AU - Xue, Jingfeng

PY - 2019/11/25

Y1 - 2019/11/25

N2 - Return-Oriented Programming (ROP) attacks become very popular in recent years as these attacks can bypass traditional defense mechanisms such as data execution prevention (DEP) effectively. Previous solutions suffer from limitations in that: 1) some methods need to modify the target programs; 2) some methods introduce considerable performance cost; 3) some methods rely on the special hardware; and 4), most of existing methods could not provide an online protection for the target processes. In this paper, we present OnRop, an on-the-fly ROP attack protection system by using the commodity hardware features and OS internal facilities. Our system is compatible with the existing programs, and its protection layer can be added on demand. The experiments show that OnRop can detect ROP attacks effectively with moderate performance cost.

AB - Return-Oriented Programming (ROP) attacks become very popular in recent years as these attacks can bypass traditional defense mechanisms such as data execution prevention (DEP) effectively. Previous solutions suffer from limitations in that: 1) some methods need to modify the target programs; 2) some methods introduce considerable performance cost; 3) some methods rely on the special hardware; and 4), most of existing methods could not provide an online protection for the target processes. In this paper, we present OnRop, an on-the-fly ROP attack protection system by using the commodity hardware features and OS internal facilities. Our system is compatible with the existing programs, and its protection layer can be added on demand. The experiments show that OnRop can detect ROP attacks effectively with moderate performance cost.

KW - on-the-fly

KW - protection

KW - return-oriented programming

UR - http://www.scopus.com/inward/record.url?scp=85073693568&partnerID=8YFLogxK

U2 - 10.1002/cpe.4775

DO - 10.1002/cpe.4775

M3 - Article

AN - SCOPUS:85073693568

SN - 1532-0626

VL - 31

JO - Concurrency Computation Practice and Experience

JF - Concurrency Computation Practice and Experience

IS - 22

M1 - e4775

ER -

An online approach to defeating ROP attacks^∗

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this