Beasty Memories

Abstract

Code reuse attacks such as return-oriented programming (ROP) are predominant attack techniques that are extensively used to exploit vulnerabilities in modern software programs. ROP maliciously combines short instruction sequences (gadgets) residing in shared libraries and the application's executable to bypass data execution prevention (DEP) and launch targeted exploits. ROP attacks apply to many processor architectures from Intel x86 [1] to tiny embedded systems [2]. As a consequence, a variety of defenses have been proposed over the last few years - most prominently code randomization (ASLR) and control-flow integrity (CFI). Particularly, constructing practical CFI schemes has become a hot topic of research recently. In this talk, we present the evolution of return-oriented programming (ROP) attacks and defenses. We first give an overview of ROP attacks and techniques. Second, we investigate the security of software diversity based approaches such as finegrained code randomization [3]. Third, we dive deeper and focus on control-flow integrity (CFI) and show how to bypass all recent (coarse-grained) CFI solutions, including Microsoft's defense tool EMET [4]. Finally, we discuss new research directions to mitigate code reuse attacks, including our current work on hardware-assisted fine-grained control-flow integrity [5]. Part of this research [3-5] was conducted in collaboration with A. Dmitrienko, D. Lehmann, C. Liebchen, P. Koeberl, F. Monrose, and K. Z. Snow