Abstract
Code reuse attacks such as Return-Oriented Programming (ROP) and Jump-Oriented Programming (JOP) are the prevalent attack techniques which reuse code snippets named gadget in vulnerable applications and hijack control flow to achieve malicious behaviors. Existing defense techniques for code reuse attacks attempt to prevent illegal control flow transition or make locating gadgets a hard work. However, decades of the arms race proved the ability to detect and prevent advanced attacks is still outdated. In this paper, we propose HoneyGadget, a deception based approach for detecting code reuse attacks. HoneyGadget works by inserting honey gadgets into the application as decoys and keep track of their addresses once the application is loaded. During the execution phase, HoneyGadget traces the execution records using Last Branch Record (LBR), compares the LBR records with the maintained address list, and alarms code reuse attacks if some records match. HoneyGadget not only prevents code reuse attacks, but also provides LBR records for researchers to analyze patterns of these attacks. We have developed a fully functioning prototype of HoneyGadget. Our evaluation results show that HoneyGadget can capture code reuse attacks effectively and only incurs a modest performance overhead.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
