English
Related papers

Related papers: SIGDROP: Signature-based ROP Detection using Hardw…

200 papers

Return Oriented Programming (ROP) is a technique by which an attacker can induce arbitrary behavior inside a vulnerable program without injecting a malicious code. The continues failure of the currently deployed defenses against ROP has…

Cryptography and Security · Computer Science 2020-05-26 Ammari Nader , Joan Calvet , Jose M. Fernandez

Control-flow attacks, usually achieved by exploiting a buffer-overflow vulnerability, have been a serious threat to system security for over fifteen years. Researchers have answered the threat with various mitigation techniques, but…

Cryptography and Security · Computer Science 2015-04-10 Andreas Follner , Eric Bodden

Return-oriented programming (ROP) is a code reuse attack that chains short snippets of existing code to perform arbitrary operations on target machines. Existing detection methods against ROP exhibit unsatisfactory detection accuracy and/or…

Cryptography and Security · Computer Science 2024-02-14 Xusheng Li , Zhisheng Hu , Haizhou Wang , Yiwei Fu , Ping Chen , Minghui Zhu , Peng Liu

Return-Oriented Programming (ROP) is a typical attack technique that exploits return addresses to abuse existing code repeatedly. Most of the current return address protecting mechanisms (also known as the Backward-Edge Control-Flow…

Cryptography and Security · Computer Science 2020-07-16 Jinfeng Li , Liwei Chen , Qizhen Xu , Linan Tian , Gang Shi , Kai Chen , Dan Meng

With the discovery of new exploit techniques, new protection mechanisms are needed as well. Mitigations like DEP (Data Execution Prevention) or ASLR (Address Space Layout Randomization) created a significantly more difficult environment for…

Cryptography and Security · Computer Science 2010-08-25 Piotr Bania

This paper provides the first analysis on the feasibility of Return-Oriented Programming (ROP) on RISC-V, a new instruction set architecture targeting embedded systems. We show the existence of a new class of gadgets, using several Linear…

Cryptography and Security · Computer Science 2021-03-16 Georges-Axel Jaloyan , Konstantinos Markantonakis , Raja Naeem Akram , David Robin , Keith Mayes , David Naccache

Memory safety is a cornerstone of secure and robust software systems, as it prevents a wide range of vulnerabilities and exploitation techniques. Among these, we focus on Return-Oriented Programming (ROP). ROP works as such: the attacker…

Cryptography and Security · Computer Science 2023-11-03 Federico Cassano , Charles Bershatsky , Jacob Ginesin , Sasha Bashenko

Recently, code reuse attacks (CRAs), such as return-oriented programming (ROP) and jump-oriented programming (JOP), have emerged as a new class of ingenious security threatens. Attackers can utilize CRAs to hijack the control flow of…

Cryptography and Security · Computer Science 2018-09-20 Jiliang Zhang , Binhang Qi , Gang Qu

Widespread use of memory unsafe programming languages (e.g., C and C++) leaves many systems vulnerable to memory corruption attacks. A variety of defenses have been proposed to mitigate attacks that exploit memory errors to hijack the…

Cryptography and Security · Computer Science 2018-03-13 Thomas Nyman , Ghada Dessouky , Shaza Zeitouni , Aaro Lehikoinen , Andrew Paverd , N. Asokan , Ahmad-Reza Sadeghi

Just-in-time return-oriented programming (JIT-ROP) allows one to dynamically discover instruction pages and launch code reuse attacks, effectively bypassing most fine-grained address space layout randomization (ASLR) protection. However,…

Cryptography and Security · Computer Science 2020-06-16 Salman Ahmed , Ya Xiao , Gang Tan , Kevin Snow , Fabian Monrose , Danfeng , Yao

Control Flow Hijacking attacks have posed a serious threat to the security of applications for a long time where an attacker can damage the control Flow Integrity of the program and execute arbitrary code. These attacks can be performed by…

Cryptography and Security · Computer Science 2021-11-08 Ayush Bansal , Debadatta Mishra

Software obfuscation plays a crucial role in protecting intellectual property in software from reverse engineering attempts. While some obfuscation techniques originate from the obfuscation-reverse engineering arms race, others stem from…

Cryptography and Security · Computer Science 2023-04-05 Giulio De Pasquale , Fukutomo Nakanishi , Daniele Ferla , Lorenzo Cavallaro

Nowadays, exploits often rely on a code-reuse approach. Short pieces of code called gadgets are chained together to execute some payload. Code-reuse attacks can exploit vulnerabilities in the presence of operating system protection that…

Cryptography and Security · Computer Science 2022-03-23 Alexey Nurmukhametov , Alexey Vishnyakov , Vlada Logunova , Shamil Kurmangaleev

Cyber attacks and malware are now more prevalent than ever and the trend is ever upward. There have been several approaches to attack detection including resident software applications at the root or user level, e.g., virus detection, and…

Cryptography and Security · Computer Science 2018-07-31 James Christopher Foreman

Just-in-time return-oriented programming (JIT-ROP) is a powerful memory corruption attack that bypasses various forms of code randomization. Execute-only memory (XOM) can potentially prevent these attacks, but requires source code. In…

Cryptography and Security · Computer Science 2020-07-08 Jannik Pewny , Philipp Koppe , Lucas Davi , Thorsten Holz

RISC-V is an open-source hardware ISA based on the RISC design principles, and has been the subject of some novel ROP mitigation technique proposals due to its open-source nature. However, very little work has actually evaluated whether…

Cryptography and Security · Computer Science 2020-07-31 Garrett Gu , Hovav Shacham

System auditing is a crucial technique for detecting APT attacks. However, attackers may try to compromise the system auditing frameworks to conceal their malicious activities. In this paper, we present a comprehensive and systematic study…

Cryptography and Security · Computer Science 2023-08-01 Peng Jiang , Ruizhe Huang , Ding Li , Yao Guo , Xiangqun Chen , Jianhai Luan , Yuxin Ren , Xinwei Hu

Since its inception, Rowhammer exploits have rapidly evolved into increasingly sophisticated threats compromising data integrity and the control flow integrity of victim processes. Nevertheless, it remains a challenge for an attacker to…

Cryptography and Security · Computer Science 2025-05-06 Andrew Adiletta , M. Caner Tol , Kemal Derya , Berk Sunar , Saad Islam

We present a kernel-level infrastructure that allows system-wide detection of malicious applications attempting to exploit cache-based side-channel attacks to break the process confinement enforced by standard operating systems. This…

Cryptography and Security · Computer Science 2024-02-22 Stefano Carnà , Serena Ferracci , Francesco Quaglia , Alessandro Pellegrini

Among many prevailing malware, crypto-ransomware poses a significant threat as it financially extorts affected users by creating denial of access via unauthorized encryption of their documents as well as holding their documents hostage and…

Cryptography and Security · Computer Science 2020-11-25 Nitin Pundir , Mark Tehranipoor , Fahim Rahman
‹ Prev 1 2 3 10 Next ›