Abstract

Return-Oriented Programming (ROP) is one of the most common software vulnerability exploitation techniques. Although many solutions have been proposed to defend against ROP attacks, they still have various drawbacks, such as requiring source code, increasing run-time overhead of the binary, and making the binary unstable. In this paper, we propose a method: using static analysis and binary patch techniques to defend against ROP attacks based on return instruction. It eliminates the parameter registers by adding extra instructions before the ret instruction, so that ROP attacks cannot chain short snippets of existing code to perform arbitrary command execution on the target binary. Evaluations on real software show that it can make the binary have the ability to defend against ROP attacks based on return instruction. In addition, evaluations on SPEC INT2006 benchmark show that it can eliminate 95.40% of the effective gadgets and only introduce 2% run-time overhead and 10.75% increase in size.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call