Return-Oriented Programming: Systems, Languages, and Applications

Free registration required

Executive Summary

The authors introduce return-oriented programming, a technique by which an attacker can induce arbitrary behavior in a program whose control flow he has diverted - without injecting any code. A return-oriented program chains together short instruction sequences already present in a program's address space, each of which ends in a "Return" instruction. Return-oriented programming is readily exploitable on multiple architectures and systems, and bypasses an entire category of security measures: those that seek to prevent malicious computation by preventing the execution of malicious code.

  • Format: PDF
  • Size: 616.26 KB