A Sensitivity Analysis of Common Operating Systems to ROP Attacks

Marco Prandini, Marco Ramilli

2012

Abstract

Return Oriented Programming (ROP) is a well know technique used by attackers to build the last generation of stack-based attacks. ROP uses small code sequences (``gadgets'') to invoke code from the stack, but bypassing the NX bit security protection, allowing attackers to control the execution flow. This paper analyzes some widespread operating systems, profiling the gadgets that can readily be used, and deducing what kind of payloads they allow to build. Understanding which gadgets are usable from the attacker’s perspective is of great practical importance to devise countermeasures to the possible attacks.

References

  1. S. Bhatkar, D. C. DuVarney, and R. Sekar. Address obfuscation: an efficient approach to combat a board range of memory error exploits. In Proceedings of the 12th conference on USENIX Security Symposium - Volume 12, SSYM'03, pages 8-8, Berkeley, CA, USA, 2003. USENIX Association.
  2. E. Buchanan, R. Roemer, H. Shacham, and S. Savage. When good instructions go bad: generalizing return-oriented programming to risc. In Proceedings of the 15th ACM conference on Computer and communications security, CCS 7808, pages 27-38, New York, NY, USA, 2008. ACM.
  3. S. Checkoway, L. Davi, A. Dmitrienko, A.-R. Sadeghi, H. Shacham, and M. Winandy. Return-oriented programming without returns. In Proceedings of the 17th ACM conference on Computer and communications security, CCS 7810, pages 559-572, New York, NY, USA, 2010. ACM.
  4. P. Chen, H. Xiao, X. Shen, X. Yin, B. Mao, and L. Xie. Drop: Detecting return-oriented programming malicious code. In Prakash and Gupta [10], pages 163-177.
  5. T. Dullien, T. Kornau, and R.-P. Weinmann. A framework for automated architectureindependent gadget search. In Proceedings of the 4th USENIX conference on Offensive technologies, WOOT'10, pages 1-, Berkeley, CA, USA, 2010. USENIX Association.
  6. A. Francillon, D. Perito, and C. Castelluccia. Defending embedded systems against control flow attacks. In Proceedings of the first ACM workshop on Secure execution of untrusted code, SecuCode 7809, pages 19-26, New York, NY, USA, 2009. ACM.
  7. R. Hund, T. Holz, and F. C. Freiling. Return-oriented rootkits: bypassing kernel code integrity protection mechanisms. In Proceedings of the 18th conference on USENIX security symposium, SSYM'09, pages 383-398, Berkeley, CA, USA, 2009. USENIX Association.
  8. K. Lu, D. Zou, W. Wen, and D. Gao. derop: removing return-oriented programming from malware. In Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC 7811, pages 363-372, New York, NY, USA, 2011. ACM.
  9. K. Onarlioglu, L. Bilge, A. Lanzi, D. Balzarotti, and E. Kirda. G-free: defeating returnoriented programming through gadget-less binaries. In Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC 7810, pages 49-58, New York, NY, USA, 2010. ACM.
  10. A. Prakash and I. Gupta, editors. Information Systems Security, 5th International Conference, ICISS 2009, Kolkata, India, December 14-18, 2009, Proceedings, volume 5905 of Lecture Notes in Computer Science. Springer, 2009.
  11. H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh. On the effectiveness of address-space randomization. In Proceedings of the 11th ACM conference on Computer and communications security, CCS 7804, pages 298-307, New York, NY, USA, 2004. ACM.
  12. R. Strackx, Y. Younan, P. Philippaerts, F. Piessens, S. Lachmund, and T. Walter. Breaking the memory secrecy assumption. In Proceedings of the Second European Workshop on System Security, EUROSEC 7809, pages 1-8, New York, NY, USA, 2009. ACM.
  13. H. Xu and S. J. Chapin. Address-space layout randomization using code islands. J. Comput. Secur., 17(3):331-362, Aug. 2009.
Download


Paper Citation


in Harvard Style

Prandini M. and Ramilli M. (2012). A Sensitivity Analysis of Common Operating Systems to ROP Attacks . In Proceedings of the 9th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2012) ISBN 978-989-8565-15-0, pages 85-92. DOI: 10.5220/0004099300850092


in Bibtex Style

@conference{wosis12,
author={Marco Prandini and Marco Ramilli},
title={A Sensitivity Analysis of Common Operating Systems to ROP Attacks},
booktitle={Proceedings of the 9th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2012)},
year={2012},
pages={85-92},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004099300850092},
isbn={978-989-8565-15-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 9th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2012)
TI - A Sensitivity Analysis of Common Operating Systems to ROP Attacks
SN - 978-989-8565-15-0
AU - Prandini M.
AU - Ramilli M.
PY - 2012
SP - 85
EP - 92
DO - 10.5220/0004099300850092