• About
  • Policies
  • What is openaccess
  • Library
  • Contact
Advanced search
      View Item 
      •   BUIR Home
      • Scholarly Publications
      • Faculty of Engineering
      • Department of Computer Engineering
      • View Item
      •   BUIR Home
      • Scholarly Publications
      • Faculty of Engineering
      • Department of Computer Engineering
      • View Item
      JavaScript is disabled for your browser. Some features of this site may not work without it.

      G-free: Defeating return-oriented programming through gadget-less binaries

      Thumbnail
      View / Download
      341.8 Kb
      Author
      Onarlıoğlu, Kaan
      Bilge, L.
      Lanzi, A.
      Balzarotti, D.
      Kirda, E.
      Date
      2010-12
      Source Title
      ACSAC '10 Proceedings of the 26th Annual Computer Security Applications Conference
      Publisher
      ACM
      Pages
      49 - 58
      Language
      English
      Type
      Conference Paper
      Item Usage Stats
      154
      views
      644
      downloads
      Abstract
      Despite the numerous prevention and protection mechanisms that have been introduced into modern operating systems, the exploitation of memory corruption vulnerabilities still represents a serious threat to the security of software systems and networks. A recent exploitation technique, called Return-Oriented Programming (ROP), has lately attracted a considerable attention from academia. Past research on the topic has mostly focused on refining the original attack technique, or on proposing partial solutions that target only particular variants of the attack. In this paper, we present G-Free, a compiler-based approach that represents the first practical solution against any possible form of ROP. Our solution is able to eliminate all unaligned free-branch instructions inside a binary executable, and to protect the aligned free-branch instructions to prevent them from being misused by an attacker. We developed a prototype based on our approach, and evaluated it by compiling GNU libc and a number of real-world applications. The results of the experiments show that our solution is able to prevent any form of return-oriented programming. © 2010 ACM.
      Keywords
      Return-oriented programming
      Return-to-libc
      ROP
      Branch instructions
      Exploitation techniques
      Memory corruption
      Operating systems
      Practical solutions
      Protection mechanisms
      Real-world application
      Software systems
      Computer operating systems
      Program compilers
      Security of data
      Security systems
      Computer applications
      Permalink
      http://hdl.handle.net/11693/28479
      Published Version (Please cite this version)
      https://doi.org/10.1145/1920261.1920269
      Collections
      • Department of Computer Engineering 1369
      Show full item record

      Browse

      All of BUIRCommunities & CollectionsTitlesAuthorsAdvisorsBy Issue DateKeywordsTypeDepartmentsThis CollectionTitlesAuthorsAdvisorsBy Issue DateKeywordsTypeDepartments

      My Account

      Login

      Statistics

      View Usage StatisticsView Google Analytics Statistics

      Bilkent University

      If you have trouble accessing this page and need to request an alternate format, contact the site administrator. Phone: (312) 290 1771
      Copyright © Bilkent University - Library IT

      Contact Us | Send Feedback | Off-Campus Access | Admin | Privacy