The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.06 - Nov.-Dec. (2012 vol.10)
pp: 84-87
Marco Prandini , University of Bologna, Italy
Marco Ramilli , University of Bologna, Italy
ABSTRACT
Attackers able to compromise the memory of a target machine can change its behavior and usually gain complete control over it. Despite the ingenious prevention and protection mechanisms that have been implemented in modern operating systems, memory corruption attacks still account for a big share of the security breaches afflicting software systems. This article describes a growing attack trend that uses return-oriented programming (ROP) techniques to bypass the most common memory protection systems.
INDEX TERMS
Operating systems, Programming, Computer crime, Computer security, Buffer overflows, operating systems, buffer overflows, attack, ROP, return-oriented programming
CITATION
Marco Prandini, Marco Ramilli, "Return-Oriented Programming", IEEE Security & Privacy, vol.10, no. 6, pp. 84-87, Nov.-Dec. 2012, doi:10.1109/MSP.2012.152
REFERENCES
1. E. Buchanan et al., “When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC,” , Proc. 15th ACM Conf. Computer and Communications Security (CCS 08), ACM, 2008, pp. 27–38.
2. H. Shacham, “The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86),” Proc. 14th ACM Conf. Computer and Communications Security (CCS 07), ACM, 2007, pp. 552–561.
3. J. Jiang et al., “Hypercrop: A Hypervisor-Based Countermeasure for Return Oriented Programming,” Proc. 13th Int'l Conf. Information and Communications Security (ICICS 11), Springer-Verlag, 2011, pp. 360–373.
4. S. Checkoway et al., “ReturnOriented Programming without Returns,” Proc. 17th ACM Conf. Computer and Communications Security (CCS 10), ACM, 2010, pp. 559–572.
5. M. Polychronakis and A.D. Keromytis, “ROP Payload Detection Using Speculative Code Execution,” Proc. 6th Int'l Conf. Malicious and Unwanted Software (Malware 11), IEEE, 2011, pp. 58–65.
6. K. Onarlioglu et al., “G-Free: Defeating Return-Oriented Programming through Gadget-Less Binaries,” Proc. 26th Ann. Computer Security Applications Conf. (ACSAC 10), ACM, 2010, pp. 49–58.
5 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool