Sciweavers

ACSAC
2010
IEEE

G-Free: defeating return-oriented programming through gadget-less binaries

13 years 10 months ago
G-Free: defeating return-oriented programming through gadget-less binaries
Despite the numerous prevention and protection mechanisms that have been introduced into modern operating systems, the exploitation of memory corruption vulnerabilities still represents a serious threat to the security of software systems and networks. A recent exploitation technique, called Return-Oriented Programming (ROP), has lately attracted a considerable attention from academia. Past research on the topic has mostly focused on refining the original attack technique, or on proposing partial solutions that target only particular variants of the attack. In this paper, we present G-Free, a compiler-based approach that represents the first practical solution against any possible form of ROP. Our solution is able to eliminate all unaligned free-branch instructions inside a binary executable, and to protect the aligned free-branch instructions to prevent them from being misused by an attacker. We developed a prototype based on our approach, and evaluated it by compiling GNU libc and a...
Kaan Onarlioglu, Leyla Bilge, Andrea Lanzi, Davide
Added 10 Feb 2011
Updated 10 Feb 2011
Type Journal
Year 2010
Where ACSAC
Authors Kaan Onarlioglu, Leyla Bilge, Andrea Lanzi, Davide Balzarotti, Engin Kirda
Comments (0)