Browse > Article
http://dx.doi.org/10.13089/JKIISC.2012.22.5.1069

A detection mechanism for Jump-Oriented Programming at binary level  

Kim, Ju-Hyuk (Dept. of Information Security, Hoseo University)
Lee, Yo-Ram (Dept. of Information Security, Hoseo University)
Oh, Soo-Hyun (Dept. of Information Security, Hoseo University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.22, no.5, 2012 , pp. 1069-1078 More about this Journal
Abstract
It is known that memory has been frequently a target threatening the computer system's security while attacks on the system utilizing the memory's weakness are actually increasing. Accordingly, various memory protection mechanisms have been studied on OS while new attack techniques bypassing the protection systems have been developed. Especially, buffer overflow attacks have been developed as attacks of Return to Library or Return-Oriented Programing and recently, a technique bypassing the countermeasure against Return-Oriented Programming proposed. Therefore, this paper is intended to suggest a detection mechanism at binary level by analyzing the procedure and features of Jump-Oriented Programming. In addition, we have implemented the proposed detection mechanism and experimented it may efficiently detect Jump-Oriented Programming attack.
Keywords
Memory Corruption; Stack Ovcerflow; Jump-Oriented Programming; Return-Oriented Programming;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Aleph. One, "Smashing The Stack For Fun And Profit," Phrack49, 1996.
2 Pax Project, "address space layout rando mization" http://pax.grsecurity.net/docs/aslr.txt, 2003.
3 Microsoft TechNet, "데이터 실행 방지, "http://technet.microsoft.com/ko-kr/lib rary/cc738483(WS.10).aspx.
4 C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton. "Stack-Guard:Automatic adaptive detection and prevention of bufferoverflow attacks," Proceedings of the 7th USENIX Security Conference, pp. 63-78, Jan 1998.
5 Arjan van de Ven, ""New security Enhancements in Red Hat Enterprise Linux v.3, update 3"," Red Hat, 2004.
6 Nergal, "The advanced return-into-lib(c) exploits (Pax case study), "http://www.phrack.org/issues.html?issue=58&id=4&mode=txt, Dec 2001.
7 H. Shacham, "The Geometry of Innocent Flesh on the Bone: Return-Into-Libc without Function Calls (on the x86)," Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 552-561, Oct 2007.
8 Piotr Bania, "Security Mitigations for Return-Oriented Programming Attacks," http://piotrbania.com/all/articles/pbania_rop_mitigations2010.pdf, 2010.
9 Kaan Onarlioglu, Leyla Bilge, Andrea Lanzi, Davide Balzarotti, and Engin Kirda, "G-Free : defeating return-oriented programming through gadget-less binaries," Proceedings of the ACSAC'10, Annual Computer Security Applications Conference, pp. 49-58, Dec 2010.
10 P. Chen, H. Xiao, X. Shen, X. Yin, B. Mao, and L. Xie, "Drop: Detecting returnoriented programming malicious code," Proceedings of the 5th International Conference on Information Systems Security, LNCS 5905, pp. 163-177, 2009.
11 Lucas Davi, Ahmad-Reza Sadeghi and Marcel Winandy, "ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks," HGI-TR-2010-001, Ruhr University Bochum, 2010.
12 S. Checkoway, L. Davi, A. Dmitrienko, A.-R. Sadeghi, H. Shacham, and M. Winandy, "Return-oriented programming without returns," Proceedings of the ACM Conference on Computer and Communications Security, pp. 559-572, 2010.
13 T. Bletsch, X. Jiang and V. Freeh, "Jump-Oriented Programming: A New Class of Code-Reuse Attack," TR-2010-8, North Carolina State University, 2010.
14 Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, GeoLowney, Steven Wallace, Vijay J. Reddi, and Kim Hazelwood, "Pin: Building customized program analysis tools with dynamic instrumentation," Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation, pp. 190-120, 2005.
15 Mehmet Kayaalp, "Example Jump-Oriented Programming Attack," http://cs.binghamton.edu/-mkayaalp/jop.html, 2012.