Abstract
Return Oriented Programming (ROP) chains attack has been widely used to bypass Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) protection. However, the generation technology for ROP chains is still in a state of manual coding. While, current techniques for automatically generating ROP chains are still insufficiently researched and have few successful applications. On the other hand, the existing methods are based on using Intermediate Language (IL) which is in order to translate the semantics of original instructions for symbolic execution, and then fill in a predefined gadget arrangement to automatically construct a gadget list. This kind of methods may bring following problems: (1) when converting semantics of original to IL, there is a large amount of overhead time, critical instructions may be discarded; (2) the process of populating a predetermined gadget arrangement is inflexible and may fail to construct ROP chains due to address mismatching. In this paper, we propose the Automatic ROP chains Generation (ARG) which is the first fully automatic ROP chains generation tool without using IL. Tested with data from 6 open-source international Capture The Flag (CTF) competitions and 3 Common Vulnerabilities & Exposures (CVE)s, this technology successfully generated ROP chains for all of them. According to the obtained results, our technique can automatically create ROP payloads and reduce up to 80% of ROP exploit payloads. It takes only 3-5 seconds to exploit successfully, compared to manual analysis for at least 60 minutes, as well as it can effectively bypass both Write XOR Execute (W⊕X) and ASLR.
Highlights
Exploit is one of the most common ways to attack the computer system
The results indicated that Data-Oriented Programming (DOP) is Turing-complete, can execute the arbitrary function, and can be used to bypass both Write XOR Execute (W⊕X) and Address Space Layout Randomization (ASLR)
We show the performance by 6 open-source international Capture The Flag (CTF) projects and 3 Q’s experimental data (CVE)
Summary
Exploit is one of the most common ways to attack the computer system. How to find and analyze the vulnerabilities quickly is the key problem of exploit. Traditional exploit is mainly generated manually, which requires comprehensive system underlying knowledge, including knowledge about file system, assembly language, operating system, processor architecture, etc., and in-depth, careful studies and analysis of the attacking principles of exploit. In this way can we achieve the purpose of the attack. With the emergence of defense technologies such as W⊕X [1] and ASLR [2] which make control-flow hijacks difficult to exploit, attackers turn to execute elaborately chosen machine instruction sequences that are already. This approach allows an attacker to perform arbitrary operations on a machine which deployed defenses. In 2007, Shacham et al [3] proposed a new code reuse technology named Return-Oriented Programming (ROP)
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
