Full Program »
A Principled Approach for ROP Defense
technique that can escape modern defenses such as DEP.
ROP is based on repeated abuse of existing code snippets
ending with return instructions (called gadgets), as com-
pared to using injected code. Several defense mechanisms
have been proposed to counter ROP by enforcing policies
on the targets of return instructions, and/or their frequency.
However, these policies have been repeatedly bypassed by
more advanced ROP attacks. While stricter policies have
the potential to thwart ROP, they lead to incompatibili-
ties which discourage their deployment. In this work, we
address this challenge by presenting a principled approach
for ROP defense. Our experimental evaluation shows that
our approach enforces a strong policy, while offering better
compatibility and good performance.
Author(s):
Rui Qiao
Stony Brook University
United States
Mingwei Zhang
Stony Brook University
United States
R. Sekar
Stony Brook University
United States