G-free: Defeating return-oriented programming through gadget-less binaries
dc.citation.epage | 58 | en_US |
dc.citation.spage | 49 | en_US |
dc.contributor.author | Onarlıoğlu, Kaan | en_US |
dc.contributor.author | Bilge, L. | en_US |
dc.contributor.author | Lanzi, A. | en_US |
dc.contributor.author | Balzarotti, D. | en_US |
dc.contributor.author | Kirda, E. | en_US |
dc.coverage.spatial | Austin, Texas, USA | |
dc.date.accessioned | 2016-02-08T12:21:45Z | |
dc.date.available | 2016-02-08T12:21:45Z | |
dc.date.issued | 2010-12 | en_US |
dc.department | Department of Computer Engineering | en_US |
dc.description | Conference name: ACSAC '10 Proceedings of the 26th Annual Computer Security Applications Conference | |
dc.description | Date of Conference: 06-10 December, 2010 | |
dc.description.abstract | Despite the numerous prevention and protection mechanisms that have been introduced into modern operating systems, the exploitation of memory corruption vulnerabilities still represents a serious threat to the security of software systems and networks. A recent exploitation technique, called Return-Oriented Programming (ROP), has lately attracted a considerable attention from academia. Past research on the topic has mostly focused on refining the original attack technique, or on proposing partial solutions that target only particular variants of the attack. In this paper, we present G-Free, a compiler-based approach that represents the first practical solution against any possible form of ROP. Our solution is able to eliminate all unaligned free-branch instructions inside a binary executable, and to protect the aligned free-branch instructions to prevent them from being misused by an attacker. We developed a prototype based on our approach, and evaluated it by compiling GNU libc and a number of real-world applications. The results of the experiments show that our solution is able to prevent any form of return-oriented programming. © 2010 ACM. | en_US |
dc.description.provenance | Made available in DSpace on 2016-02-08T12:21:45Z (GMT). No. of bitstreams: 1 bilkent-research-paper.pdf: 70227 bytes, checksum: 26e812c6f5156f83f0e77b261a471b5a (MD5) Previous issue date: 2010 | en |
dc.identifier.doi | 10.1145/1920261.1920269 | en_US |
dc.identifier.uri | http://hdl.handle.net/11693/28479 | en_US |
dc.language.iso | English | en_US |
dc.publisher | ACM | en_US |
dc.relation.isversionof | https://doi.org/10.1145/1920261.1920269 | en_US |
dc.source.title | ACSAC '10 Proceedings of the 26th Annual Computer Security Applications Conference | en_US |
dc.subject | Return-oriented programming | en_US |
dc.subject | Return-to-libc | en_US |
dc.subject | ROP | en_US |
dc.subject | Branch instructions | en_US |
dc.subject | Exploitation techniques | en_US |
dc.subject | Memory corruption | en_US |
dc.subject | Operating systems | en_US |
dc.subject | Practical solutions | en_US |
dc.subject | Protection mechanisms | en_US |
dc.subject | Real-world application | en_US |
dc.subject | Software systems | en_US |
dc.subject | Computer operating systems | en_US |
dc.subject | Program compilers | en_US |
dc.subject | Security of data | en_US |
dc.subject | Security systems | en_US |
dc.subject | Computer applications | en_US |
dc.title | G-free: Defeating return-oriented programming through gadget-less binaries | en_US |
dc.type | Conference Paper | en_US |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- G-free Defeating return-oriented programming through gadget-less binaries.pdf
- Size:
- 341.77 KB
- Format:
- Adobe Portable Document Format
- Description:
- Full printable version