For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Improvement and Weakness of Zero-Sum Defender against Return-Oriented Programming Attacks
Donghoon LEE Jaewook JUNG Younsung CHOI Dongho WON
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences
Publication Date: 2016/12/01
Online ISSN: 1745-1337
Type of Manuscript: LETTER
Category: Cryptography and Information Security
return-oriented programming, exploit code, malware defense, software security,
Full Text: PDF(828.6KB)>>
Return-oriented programming (ROP) attacks, which have been increasing in number recently, are an exploitation technique that can bypass non-executable page protection methods by using codes that exist within benign programs or modules. There have been many studies on defense against ROP attacks, but most of them have high overhead or high time complexity in terms of the detection of gadgets. In this letter, we suggest an ROP defense technique which is fast, space-efficient, and of lower detection time complexity; it uses a compiler-based approach. The most recent ROP defense technique is a compiler-based zero-sum defender suggested by Kim et al., achieving very low overhead. However, it still did not solve the issue of time complexity regarding detection. Our technique performs a specific computation to identify gadgets at the resetting position immediately before and after a return instruction. This method can efficiently identify a series of gadgets performed without calls and defend against them. In our experiment, the performance overhead was 1.62% and the file size overhead was 4.60%; our proposed technique achieved O(1) in terms of time complexity while having almost the same overhead as the zero-sum defender.