-
- Ryan Roemer
- University of California, San Diego
-
- Erik Buchanan
- University of California, San Diego
-
- Hovav Shacham
- University of California, San Diego
-
- Stefan Savage
- University of California, San Diego
書誌事項
- タイトル別名
-
- Systems, Languages, and Applications
抄録
<jats:p> We introduce <jats:italic>return-oriented programming</jats:italic> , a technique by which an attacker can induce arbitrary behavior in a program whose control flow he has diverted, without injecting any code. A return-oriented program chains together short instruction sequences already present in a program’s address space, each of which ends in a “return” instruction. </jats:p> <jats:p>Return-oriented programming defeats the W⊕X protections recently deployed by Microsoft, Intel, and AMD; in this context, it can be seen as a generalization of traditional return-into-libc attacks. But the threat is more general. Return-oriented programming is readily exploitable on multiple architectures and systems. It also bypasses an entire category of security measures---those that seek to prevent malicious computation by preventing the execution of malicious code.</jats:p> <jats:p>To demonstrate the wide applicability of return-oriented programming, we construct a Turing-complete set of building blocks called gadgets using the standard C libraries of two very different architectures: Linux/x86 and Solaris/SPARC. To demonstrate the power of return-oriented programming, we present a high-level, general-purpose language for describing return-oriented exploits and a compiler that translates it to gadgets.</jats:p>
収録刊行物
-
- ACM Transactions on Information and System Security
-
ACM Transactions on Information and System Security 15 (1), 1-34, 2012-03
Association for Computing Machinery (ACM)