Defending against Return-Oriented Programming attacks based on return instruction using static analysis and binary patch techniques

Abstract

Return-Oriented Programming (ROP) is one of the most common software vulnerability exploitation techniques. Although many solutions have been proposed to defend against ROP attacks, they still have various drawbacks, such as requiring source code, increasing run-time overhead of the binary, and making the binary unstable. In this paper, we propose a method: using static analysis and binary patch techniques to defend against ROP attacks based on return instruction. It eliminates the parameter registers by adding extra instructions before the ret instruction, so that ROP attacks cannot chain short snippets of existing code to perform arbitrary command execution on the target binary. Evaluations on real software show that it can make the binary have the ability to defend against ROP attacks based on return instruction. In addition, evaluations on SPEC INT2006 benchmark show that it can eliminate 95.40% of the effective gadgets and only introduce 2% run-time overhead and 10.75% increase in size.