G-free: Defeating return-oriented programming through gadget-less binaries

dc.citation.epage58en_US
dc.citation.spage49en_US
dc.contributor.authorOnarlıoğlu, Kaanen_US
dc.contributor.authorBilge, L.en_US
dc.contributor.authorLanzi, A.en_US
dc.contributor.authorBalzarotti, D.en_US
dc.contributor.authorKirda, E.en_US
dc.coverage.spatialAustin, Texas, USA
dc.date.accessioned2016-02-08T12:21:45Z
dc.date.available2016-02-08T12:21:45Z
dc.date.issued2010-12en_US
dc.departmentDepartment of Computer Engineeringen_US
dc.descriptionConference name: ACSAC '10 Proceedings of the 26th Annual Computer Security Applications Conference
dc.descriptionDate of Conference: 06-10 December, 2010
dc.description.abstractDespite the numerous prevention and protection mechanisms that have been introduced into modern operating systems, the exploitation of memory corruption vulnerabilities still represents a serious threat to the security of software systems and networks. A recent exploitation technique, called Return-Oriented Programming (ROP), has lately attracted a considerable attention from academia. Past research on the topic has mostly focused on refining the original attack technique, or on proposing partial solutions that target only particular variants of the attack. In this paper, we present G-Free, a compiler-based approach that represents the first practical solution against any possible form of ROP. Our solution is able to eliminate all unaligned free-branch instructions inside a binary executable, and to protect the aligned free-branch instructions to prevent them from being misused by an attacker. We developed a prototype based on our approach, and evaluated it by compiling GNU libc and a number of real-world applications. The results of the experiments show that our solution is able to prevent any form of return-oriented programming. © 2010 ACM.en_US
dc.description.provenanceMade available in DSpace on 2016-02-08T12:21:45Z (GMT). No. of bitstreams: 1 bilkent-research-paper.pdf: 70227 bytes, checksum: 26e812c6f5156f83f0e77b261a471b5a (MD5) Previous issue date: 2010en
dc.identifier.doi10.1145/1920261.1920269en_US
dc.identifier.urihttp://hdl.handle.net/11693/28479en_US
dc.language.isoEnglishen_US
dc.publisherACMen_US
dc.relation.isversionofhttps://doi.org/10.1145/1920261.1920269en_US
dc.source.titleACSAC '10 Proceedings of the 26th Annual Computer Security Applications Conferenceen_US
dc.subjectReturn-oriented programmingen_US
dc.subjectReturn-to-libcen_US
dc.subjectROPen_US
dc.subjectBranch instructionsen_US
dc.subjectExploitation techniquesen_US
dc.subjectMemory corruptionen_US
dc.subjectOperating systemsen_US
dc.subjectPractical solutionsen_US
dc.subjectProtection mechanismsen_US
dc.subjectReal-world applicationen_US
dc.subjectSoftware systemsen_US
dc.subjectComputer operating systemsen_US
dc.subjectProgram compilersen_US
dc.subjectSecurity of dataen_US
dc.subjectSecurity systemsen_US
dc.subjectComputer applicationsen_US
dc.titleG-free: Defeating return-oriented programming through gadget-less binariesen_US
dc.typeConference Paperen_US

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
G-free Defeating return-oriented programming through gadget-less binaries.pdf
Size:
341.77 KB
Format:
Adobe Portable Document Format
Description:
Full printable version