TU Darmstadt / ULB / TUbiblio

ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks

Davi, Lucas ; Sadeghi, Ahmad-Reza ; Winandy, Marcel (2011)
ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks.
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Modern runtime attacks increasingly make use of the powerful return-oriented programming (ROP) attack techniques and principles such as recent attacks on Apple iPhone and Acrobat products to name some. These attacks even work under the presence of modern memory protection mechanisms such as data execution prevention (DEP). In this paper, we present our tool, ROPdefender, that dynamically detects conventional ROP attacks (that are based on return instructions). In contrast to existing solutions, ROPdefender can be immediately deployed by end-users, since it does not rely on side information (e.g., source code or debugging information) which are rarely provided in practice. Currently, our tool adds a runtime overhead of 2x which is comparable to similar instrumentation-based tools.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2011
Autor(en): Davi, Lucas ; Sadeghi, Ahmad-Reza ; Winandy, Marcel
Art des Eintrags: Bibliographie
Titel: ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks
Sprache: Deutsch
Publikationsjahr: März 2011
Buchtitel: 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011)
Zugehörige Links:
Kurzbeschreibung (Abstract):

Modern runtime attacks increasingly make use of the powerful return-oriented programming (ROP) attack techniques and principles such as recent attacks on Apple iPhone and Acrobat products to name some. These attacks even work under the presence of modern memory protection mechanisms such as data execution prevention (DEP). In this paper, we present our tool, ROPdefender, that dynamically detects conventional ROP attacks (that are based on return instructions). In contrast to existing solutions, ROPdefender can be immediately deployed by end-users, since it does not rely on side information (e.g., source code or debugging information) which are rarely provided in practice. Currently, our tool adds a runtime overhead of 2x which is comparable to similar instrumentation-based tools.

Freie Schlagworte: Secure Things
ID-Nummer: TUD-CS-2011-0051
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Systemsicherheit
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Hinterlegungsdatum: 07 Aug 2016 22:57
Letzte Änderung: 03 Jun 2018 21:31
PPN:
Zugehörige Links:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen