Return-Oriented Programming: Systems, Languages, and Applications

@article{Roemer2012ReturnOrientedPS,
  title={Return-Oriented Programming: Systems, Languages, and Applications},
  author={Ryan Roemer and Erik Buchanan and Hovav Shacham and Stefan Savage},
  journal={ACM Trans. Inf. Syst. Secur.},
  year={2012},
  volume={15},
  pages={2:1-2:34}
}
We introduce return-oriented programming, a technique by which an attacker can induce arbitrary behavior in a program whose control flow he has diverted, without injecting any code. A return-oriented program chains together short instruction sequences already present in a program’s address space, each of which ends in a “return” instruction. Return-oriented programming defeats the W⊕X protections recently deployed by Microsoft, Intel, and AMD; in this context, it can be seen as a… CONTINUE READING

Citations

Publications citing this paper.
SHOWING 1-10 OF 209 CITATIONS, ESTIMATED 96% COVERAGE

Fine-Grained Control-Flow Integrity for Kernel Software

  • 2016 IEEE European Symposium on Security and Privacy (EuroS&P)
  • 2016
VIEW 13 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

It's a TRaP: Table Randomization and Protection against Function-Reuse Attacks

  • ACM Conference on Computer and Communications Security
  • 2015
VIEW 22 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

Program Anomaly Detection Against Data-Oriented Attacks

VIEW 6 EXCERPTS
CITES BACKGROUND & RESULTS
HIGHLY INFLUENCED

A2C: Self Destructing Exploit Executions via Input Perturbation

VIEW 16 EXCERPTS
CITES BACKGROUND
HIGHLY INFLUENCED

FILTER CITATIONS BY YEAR

2010
2019

CITATION STATISTICS

  • 43 Highly Influenced Citations

  • Averaged 25 Citations per year over the last 3 years

References

Publications referenced by this paper.
SHOWING 1-8 OF 8 REFERENCES

Return-oriented programming without returns

  • ACM Conference on Computer and Communications Security
  • 2010
VIEW 4 EXCERPTS
HIGHLY INFLUENTIAL

StackGhost: Hardware Facilitated Stack Protection

  • USENIX Security Symposium
  • 2001
VIEW 3 EXCERPTS
HIGHLY INFLUENTIAL

Defeating Solaris/SPARC non-executable stack protection

J. MCDONALD
  • Bugtraq.
  • 1999
VIEW 6 EXCERPTS
HIGHLY INFLUENTIAL

StackGuard: Automatic detection and prevention of buffer-overflow attacks

C. COWAN, PU C., +6 authors Q. ZHANG
  • Proceedings of the USENIX Security Symposium. A. Rubin Ed., 63–78.
  • 1998
VIEW 5 EXCERPTS
HIGHLY INFLUENTIAL

Re: Older SPARC return-into-libc exploits

M. IVALDI
  • Penetration testing, SECLISTS. ORA.
  • 2007
VIEW 4 EXCERPTS
HIGHLY INFLUENTIAL

Developments in Cisco IOS forensics . CONFidence 2 . 0 . ( Presentation slides )

J. MCDONALD
  • 1999
VIEW 3 EXCERPTS
HIGHLY INFLUENTIAL

Similar Papers

Loading similar papers…