English
Related papers

Related papers: Security Mitigations for Return-Oriented Programmi…

200 papers

Return Oriented programming was surfaced first a decade ago, and was built to overcome the buffer exploit defense mechanisms like ASLR, DEP (or W^ X) by method of reusing the system code in the form of gadgets which are stitched together to…

Cryptography and Security · Computer Science 2017-06-28 Sunil Kumar Sathyanarayan , Dr. Makan Pourzandi , Katayoun Aliyari

Return Oriented Programming (ROP) is a technique by which an attacker can induce arbitrary behavior inside a vulnerable program without injecting a malicious code. The continues failure of the currently deployed defenses against ROP has…

Cryptography and Security · Computer Science 2020-05-26 Ammari Nader , Joan Calvet , Jose M. Fernandez

With the discovery of new exploit techniques, novel protection mechanisms are needed as well. Mitigations like DEP (Data Execution Prevention) or ASLR (Address Space Layout Randomization) created a significantly more difficult environment…

Cryptography and Security · Computer Science 2011-11-10 Piotr Bania

Defense techniques such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) were the early role models preventing primitive code injection and return-oriented programming (ROP) attacks. Notably, these techniques…

Cryptography and Security · Computer Science 2019-09-23 Christopher Jelesnianski , Jinwoo Yom , Changwoo Min , Yeongjin Jang

This paper provides the first analysis on the feasibility of Return-Oriented Programming (ROP) on RISC-V, a new instruction set architecture targeting embedded systems. We show the existence of a new class of gadgets, using several Linear…

Cryptography and Security · Computer Science 2021-03-16 Georges-Axel Jaloyan , Konstantinos Markantonakis , Raja Naeem Akram , David Robin , Keith Mayes , David Naccache

Return-Oriented Programming (ROP) is a typical attack technique that exploits return addresses to abuse existing code repeatedly. Most of the current return address protecting mechanisms (also known as the Backward-Edge Control-Flow…

Cryptography and Security · Computer Science 2020-07-16 Jinfeng Li , Liwei Chen , Qizhen Xu , Linan Tian , Gang Shi , Kai Chen , Dan Meng

Return-Oriented Programming (ROP) is a software exploit for system compromise. By chaining short instruction sequences from existing code pieces, ROP can bypass static code-integrity checking approaches and non-executable page protections.…

Cryptography and Security · Computer Science 2016-09-12 Xueyang Wang , Jerry Backer

Control-flow attacks, usually achieved by exploiting a buffer-overflow vulnerability, have been a serious threat to system security for over fifteen years. Researchers have answered the threat with various mitigation techniques, but…

Cryptography and Security · Computer Science 2015-04-10 Andreas Follner , Eric Bodden

This paper shows how the Xtensa architecture can be attacked with Return-Oriented-Programming (ROP). The presented techniques include possibilities for both supported Application Binary Interfaces (ABIs). Especially for the windowed ABI a…

Cryptography and Security · Computer Science 2022-01-19 Kai Lehniger , Marcin J. Aftowicz , Peter Langendörfer , Zoya Dyka

While address space layout randomization (ASLR) has been extensively studied for user-space programs, the corresponding OS kernel's KASLR support remains very limited, making the kernel vulnerable to just-in-time (JIT) return-oriented…

Operating Systems · Computer Science 2022-01-21 Ruslan Nikolaev , Hassan Nadeem , Cathlyn Stone , Binoy Ravindran

Software obfuscation plays a crucial role in protecting intellectual property in software from reverse engineering attempts. While some obfuscation techniques originate from the obfuscation-reverse engineering arms race, others stem from…

Cryptography and Security · Computer Science 2023-04-05 Giulio De Pasquale , Fukutomo Nakanishi , Daniele Ferla , Lorenzo Cavallaro

Memory safety is a cornerstone of secure and robust software systems, as it prevents a wide range of vulnerabilities and exploitation techniques. Among these, we focus on Return-Oriented Programming (ROP). ROP works as such: the attacker…

Cryptography and Security · Computer Science 2023-11-03 Federico Cassano , Charles Bershatsky , Jacob Ginesin , Sasha Bashenko

In this paper, we introduce a formal notion of partial compliance, called Attack-resistance, of a computer program running together with a defense mechanism w.r.t a non-exploitability specification. In our setting, a program may contain…

Cryptography and Security · Computer Science 2015-06-15 Vijay Ganesh , Sebastian Banescu , Martín Ochoa

Address Space Layout Randomization (ASLR) is a crucial defense mechanism employed by modern operating systems to mitigate exploitation by randomizing processes' memory layouts. However, the stark reality is that real-world implementations…

Cryptography and Security · Computer Science 2024-08-30 Lorenzo Binosi , Gregorio Barzasi , Michele Carminati , Stefano Zanero , Mario Polino

Control Flow Hijacking attacks have posed a serious threat to the security of applications for a long time where an attacker can damage the control Flow Integrity of the program and execute arbitrary code. These attacks can be performed by…

Cryptography and Security · Computer Science 2021-11-08 Ayush Bansal , Debadatta Mishra

Data-oriented attacks manipulate non-control data to alter a program's benign behavior without violating its control-flow integrity. It has been shown that such attacks can cause significant damage even in the presence of control-flow…

Cryptography and Security · Computer Science 2019-03-26 Long Cheng , Hans Liljestrand , Thomas Nyman , Yu Tsung Lee , Danfeng Yao , Trent Jaeger , N. Asokan

Address Space Layout Randomization (ASLR) is one of the most prominently deployed mitigations against memory corruption attacks. ASLR randomly shuffles program virtual addresses to prevent attackers from knowing the location of program…

Cryptography and Security · Computer Science 2024-12-11 Shixin Song , Joseph Zhang , Mengjia Yan

The distributed nature of local differential privacy (LDP) invites data poisoning attacks and poses unforeseen threats to the underlying LDP-supported applications. In this paper, we propose a comprehensive mitigation framework for popular…

Cryptography and Security · Computer Science 2025-06-18 Xiaolin Li , Ninghui Li , Boyang Wang , Wenhai Sun

Largely known for attack scenarios, code reuse techniques at a closer look reveal properties that are appealing also for program obfuscation. We explore the popular return-oriented programming paradigm under this light, transforming program…

Cryptography and Security · Computer Science 2021-08-12 Pietro Borrello , Emilio Coppa , Daniele Cono D'Elia

Deep reinforcement learning (DRL) policies are vulnerable to unauthorized replication attacks, where an adversary exploits imitation learning to reproduce target policies from observed behavior. In this paper, we propose Constrained…

Machine Learning · Computer Science 2021-10-01 Nancirose Piazza , Vahid Behzadan
‹ Prev 1 2 3 10 Next ›