Inference of peak density of indirect branches to detect ROP attacks

8 years 7 months ago

Download homepages.dcc.ufmg.br

A program subject to a Return-Oriented Programming (ROP) attack usually presents an execution trace with a high frequency of indirect branches. From this observation, several researchers have proposed to monitor the density of these instructions to detect ROP attacks. These techniques use universal thresholds: the density of indirect branches that characterizes an attack is the same for every application. This paper shows that universal thresholds are easy to circumvent. As an alternative, we introduce an inter-procedural semi-context-sensitive static code analysis that estimates the maximum density of indirect branches possible for a program. This analysis determines detection thresholds for each application; thus, making it more difﬁcult for attackers to compromise programs via ROP. We have used an implementation of our technique in LLVM to ﬁnd speciﬁc thresholds for the programs in SPEC CPU2006. By comparing these thresholds against actual execution traces of corresponding pr...

Mateus Tymburibá, Rubens E. A. Moreira, Fer

Real-time Traffic

CGO 2016 | Software Engineering |

claim paper

Post Info
More Details (n/a)

Added	31 Mar 2016
Updated	31 Mar 2016
Type	Journal
Year	2016
Where	CGO
Authors	Mateus Tymburibá, Rubens E. A. Moreira, Fernando Magno Quintão Pereira

Comments (0)

Sciweavers

Inference of peak density of indirect branches to detect ROP attacks

CGO 2016 | Software Engineering |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers