Defending return‐oriented programming based on virtualization techniques. Issue 10 (30th January 2013)
- Record Type:
- Journal Article
- Title:
- Defending return‐oriented programming based on virtualization techniques. Issue 10 (30th January 2013)
- Main Title:
- Defending return‐oriented programming based on virtualization techniques
- Authors:
- Jia, Xiaoqi
Wang, Rui
Jiang, Jun
Zhang, Shengzhi
Liu, Peng - Abstract:
- ABSTRACT: Over the past few years, return‐oriented programming (ROP) has drawn great attention of both academia and industry. Because of its Turing completeness, ROP reuses short instruction sequences already present in the victim program's address space to perform arbitrary computation. Hence, it can successfully bypass state‐of‐the‐art code integrity check mechanisms. In this paper, we look into using virtualization technologies to defeat return‐oriented programming. We design and implement HyperCropII, a virtualization‐based automatic runtime approach to defend such attacks. ROP attackers extract short instruction sequences ending in ret called "gadgets" and craft stack content to "chain" these gadgets together. We observe that a key characteristic of ROP is to fill the stack with plenty of addresses that are within the range of the program's libraries. Accordingly, we inspect the content of the stack to see if a potential ROP attack exists and quarantine the damages for further security purposes. We have implemented a proof‐of‐concept system based on the open source Xen hypervisor. The evaluation results exhibit that our solution is effective and efficient. Copyright © 2013 John Wiley & Sons, Ltd. Abstract : We propose a hypervisor‐based on‐the‐fly approach to defend return‐oriented programming attacks. This approach is transparent to the protected system and does not rely on the operating system kernel's correctness. We implement a proof‐of‐concept system based on theABSTRACT: Over the past few years, return‐oriented programming (ROP) has drawn great attention of both academia and industry. Because of its Turing completeness, ROP reuses short instruction sequences already present in the victim program's address space to perform arbitrary computation. Hence, it can successfully bypass state‐of‐the‐art code integrity check mechanisms. In this paper, we look into using virtualization technologies to defeat return‐oriented programming. We design and implement HyperCropII, a virtualization‐based automatic runtime approach to defend such attacks. ROP attackers extract short instruction sequences ending in ret called "gadgets" and craft stack content to "chain" these gadgets together. We observe that a key characteristic of ROP is to fill the stack with plenty of addresses that are within the range of the program's libraries. Accordingly, we inspect the content of the stack to see if a potential ROP attack exists and quarantine the damages for further security purposes. We have implemented a proof‐of‐concept system based on the open source Xen hypervisor. The evaluation results exhibit that our solution is effective and efficient. Copyright © 2013 John Wiley & Sons, Ltd. Abstract : We propose a hypervisor‐based on‐the‐fly approach to defend return‐oriented programming attacks. This approach is transparent to the protected system and does not rely on the operating system kernel's correctness. We implement a proof‐of‐concept system based on the open source Xen hypervisor. Our evaluation shows that this system is effective and efficient. … (more)
- Is Part Of:
- Security and communication networks. Volume 6:Issue 10(2013:Oct.)
- Journal:
- Security and communication networks
- Issue:
- Volume 6:Issue 10(2013:Oct.)
- Issue Display:
- Volume 6, Issue 10 (2013)
- Year:
- 2013
- Volume:
- 6
- Issue:
- 10
- Issue Sort Value:
- 2013-0006-0010-0000
- Page Start:
- 1236
- Page End:
- 1249
- Publication Date:
- 2013-01-30
- Subjects:
- return‐oriented programming -- hypervisor‐based security -- hardware‐assisted virtualization
Computer networks -- Security measures -- Periodicals
Computer security -- Periodicals
Cryptography -- Periodicals
005.805 - Journal URLs:
- http://onlinelibrary.wiley.com/journal/10.1002/(ISSN)1939-0122 ↗
https://www.hindawi.com/journals/scn/ ↗
http://onlinelibrary.wiley.com/ ↗ - DOI:
- 10.1002/sec.693 ↗
- Languages:
- English
- ISSNs:
- 1939-0114
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD Digital store
- Ingest File:
- 11445.xml