Portal de Periódicos da CAPES

An Online Approach to Defeating Return-Oriented-Programming Attacks

2017; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-319-69471-9_18

1611-3349

Donghai Tian, Xiaoqi Jia, Li Zhan, Changzhen Hu, Jingfeng Xue,

Network Security and Intrusion Detection

Return-oriented programming (ROP) attacks become very popular in recent years, as these attacks can bypass traditional defense mechanisms such as data execution prevention (DEP) effectively. Previous solutions suffer from limitations in that: (1) Some methods need to modify the target programs; (2) Some methods introduce considerable performance cost; (3) Almost all methods could not provide an online protection for the target processes. In this paper, we present OnDrop, an on-the-fly ROP protection system by using the OS internal facilities. Our system is compatible with the existing programs, and its protection layer can be added on demand. The experiments show that OnDrop can detect ROP attacks effectively with a little performance overhead.