G-Free: defeating return-oriented programming through gadget-less binaries

Asia-Pacific Computer Systems Architecture Conference Pub Date : 2010-12-06 DOI:10.1145/1920261.1920269

Kaan Onarlioglu, Leyla Bilge, A. Lanzi, D. Balzarotti, E. Kirda

{"title":"G-Free: defeating return-oriented programming through gadget-less binaries","authors":"Kaan Onarlioglu, Leyla Bilge, A. Lanzi, D. Balzarotti, E. Kirda","doi":"10.1145/1920261.1920269","DOIUrl":null,"url":null,"abstract":"Despite the numerous prevention and protection mechanisms that have been introduced into modern operating systems, the exploitation of memory corruption vulnerabilities still represents a serious threat to the security of software systems and networks. A recent exploitation technique, called Return-Oriented Programming (ROP), has lately attracted a considerable attention from academia. Past research on the topic has mostly focused on refining the original attack technique, or on proposing partial solutions that target only particular variants of the attack.\n In this paper, we present G-Free, a compiler-based approach that represents the first practical solution against any possible form of ROP. Our solution is able to eliminate all unaligned free-branch instructions inside a binary executable, and to protect the aligned free-branch instructions to prevent them from being misused by an attacker. We developed a prototype based on our approach, and evaluated it by compiling GNU libc and a number of real-world applications. The results of the experiments show that our solution is able to prevent any form of return-oriented programming.","PeriodicalId":397003,"journal":{"name":"Asia-Pacific Computer Systems Architecture Conference","volume":"71 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"281","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Asia-Pacific Computer Systems Architecture Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1920261.1920269","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 281

Abstract

Despite the numerous prevention and protection mechanisms that have been introduced into modern operating systems, the exploitation of memory corruption vulnerabilities still represents a serious threat to the security of software systems and networks. A recent exploitation technique, called Return-Oriented Programming (ROP), has lately attracted a considerable attention from academia. Past research on the topic has mostly focused on refining the original attack technique, or on proposing partial solutions that target only particular variants of the attack. In this paper, we present G-Free, a compiler-based approach that represents the first practical solution against any possible form of ROP. Our solution is able to eliminate all unaligned free-branch instructions inside a binary executable, and to protect the aligned free-branch instructions to prevent them from being misused by an attacker. We developed a prototype based on our approach, and evaluated it by compiling GNU libc and a number of real-world applications. The results of the experiments show that our solution is able to prevent any form of return-oriented programming.

查看原文本刊更多论文

G-Free:通过无小工具的二进制文件击败面向返回的编程

尽管在现代操作系统中引入了许多预防和保护机制，但是利用内存损坏漏洞仍然是对软件系统和网络安全的严重威胁。最近，一种被称为面向回报的编程(ROP)的开发技术引起了学术界的广泛关注。过去对该主题的研究主要集中在改进原始攻击技术，或者提出仅针对特定攻击变体的部分解决方案。在本文中，我们提出了G-Free，一种基于编译器的方法，它代表了针对任何可能形式的ROP的第一个实用解决方案。我们的解决方案能够消除二进制可执行文件中所有未对齐的自由分支指令，并保护对齐的自由分支指令，防止它们被攻击者滥用。我们基于我们的方法开发了一个原型，并通过编译GNU libc和许多实际应用程序来评估它。实验结果表明，我们的解决方案能够防止任何形式的面向返回的编程。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Asia-Pacific Computer Systems Architecture Conference

自引率

0.00%

发文量