Smashing the Gadgets: Hindering Return-Oriented Programming Using In-Place Code Randomization

Provided by: Columbia University
Topic: Security
Format: PDF
The wide adoption of non-executable page protections in recent versions of popular operating systems has given rise to attacks that employ Return-Oriented Programming (ROP) to achieve arbitrary code execution without the injection of any code. Existing defenses against ROP exploits either require source code or symbolic debugging information, or impose a significant runtime overhead, which limits their applicability for the protection of third-party applications. In this paper, the authors present in-place code randomization, a practical mitigation technique against ROP attacks that can be applied directly on third-party software.

Find By Topic