Please use this identifier to cite or link to this item:
|Title:||Jump-oriented programming: A new class of code-reuse attack|
|Source:||Bletsch, T.,Jiang, X.,Freeh, V.W.,Liang, Z. (2011). Jump-oriented programming: A new class of code-reuse attack. Proceedings of the 6th International Symposium on Information, Computer and Communications Security, ASIACCS 2011 : 30-40. ScholarBank@NUS Repository. https://doi.org/10.1145/1966913.1966919|
|Abstract:||Return-oriented programming is an effective code-reuse attack in which short code sequences ending in a ret instruction are found within existing binaries and executed in arbitrary order by taking control of the stack. This allows for Turing-complete behavior in the target program without the need for injecting attack code, thus significantly negating current code injection defense efforts (e.g., W⊕X). On the other hand, its inherent characteristics, such as the reliance on the stack and the consecutive execution of returnoriented gadgets, have prompted a variety of defenses to detect or prevent it from happening. In this paper, we introduce a new class of code-reuse attack, called jump-oriented programming. This new attack eliminates the reliance on the stack and ret instructions (including ret-like instructions such as pop+jmp) seen in return-oriented programming without sacrificing expressive power. This attack still builds and chains functional gadgets, each performing certain primitive operations, except these gadgets end in an indirect branch rather than ret. Without the convenience of using ret to unify them, the attack relies on a dispatcher gadget to dispatch and execute the functional gadgets. We have successfully identified the availability of these jump-oriented gadgets in the GNU libc library. Our experience with an example shellcode attack demonstrates the practicality and effectiveness of this technique. Copyright 2011 ACM.|
|Source Title:||Proceedings of the 6th International Symposium on Information, Computer and Communications Security, ASIACCS 2011|
|Appears in Collections:||Staff Publications|
Show full item record
Files in This Item:
There are no files associated with this item.
checked on Dec 13, 2017
checked on Dec 9, 2017
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.