Visible to the public A Survey of Return-Oriented Programming Attack, Defense and Its Benign Use

TitleA Survey of Return-Oriented Programming Attack, Defense and Its Benign Use
Publication TypeConference Paper
Year of Publication2018
AuthorsWang, Jingyuan, Xie, Peidai, Wang, Yongjun, Rong, Zelin
Conference Name2018 13th Asia Joint Conference on Information Security (AsiaJCIS)
ISBN Number978-1-5386-7380-5
KeywordsBenign Use of ROP, code integrity verification, code reuse attack, composability, computer security, Control Flow Integrity, defense mechanisms, extended ROP attack, frequency control, Human Behavior, human factors, Layout, operating system, operating systems (computers), OS, Programming, pubcrawl, Randomization, Registers, resilience, Resiliency, return-oriented programming, return-oriented programming attack, rop attacks, ROP Defense, Scalability, security mechanisms, security of data, Software, software watermarking, steganography, Watermarking

The return-oriented programming(ROP) attack has been a common access to exploit software vulnerabilities in the modern operating system(OS). An attacker can execute arbitrary code with the aid of ROP despite security mechanisms are involved in OS. In order to mitigate ROP attack, defense mechanisms are also drawn researchers' attention. Besides, research on the benign use of ROP become a hot spot in recent years, since ROP has a perfect resistance to static analysis, which can be adapted to hide some important code. The results in benign use also benefit from a low overhead on program size. The paper discusses the concepts of ROP attack as well as extended ROP attack in recent years. Corresponding defense mechanisms based on randomization, frequency, and control flow integrity are analyzed as well, besides, we also analyzed limitations in this defense mechanisms. Later, we discussed the benign use of ROP in steganography, code integrity verification, and software watermarking, which showed the significant promotion by adopting ROP. At the end of this paper, we looked into the development of ROP attack, the future of possible mitigation strategies and the potential for benign use.

Citation Keywang_survey_2018