Return-Oriented Programming: Systems, Languages, and Applications

The authors introduce return-oriented programming, a technique by which an attacker can induce arbitrary behavior in a program whose control flow he has diverted - without injecting any code. A return-oriented program chains together short instruction sequences already present in a program's address space, each of which ends in a "Return" instruction. Return-oriented programming is readily exploitable on multiple architectures and systems, and bypasses an entire category of security measures: those that seek to prevent malicious computation by preventing the execution of malicious code.

Provided by: Association for Computing Machinery Topic: Security Date Added: Jul 2011 Format: PDF

Find By Topic