ROP Defense Using Trie Graph for System Security

Abstract

Most intrusion detection systems (IDS)/intrusion prevention systems (IPS) cannot defend the attacks from a return-oriented program (ROP) that applies code reusing and exploiting techniques without the need for code injection. Malicious attackers chain a short sequence as a gadget and execute this gadget as an arbitrary (Turing-complete) behavior in the target program. Lots of ROP defense tools have been developed with satisfactory performance and low costs overhead, but malicious attackers can evade ROP tools. Therefore, it needs security researchers to continually improve existing ROP defense tools because the defense ability of target devices such as smartphones is weak, and such devices are being increasingly targeted. The contribution in this paper is to propose an ROP defense method that has provided a better performance of defense against ROP attacks than existing ROP defense tools.