Sciweavers

CCS
2008
ACM

When good instructions go bad: generalizing return-oriented programming to RISC

14 years 3 months ago
When good instructions go bad: generalizing return-oriented programming to RISC
This paper reconsiders the threat posed by Shacham's "return-oriented programming" -- a technique by which WX-style hardware protections are evaded via carefully crafted stack frames that divert control flow into the middle of existing variable-length x86 instructions -- creating short new instructions streams that then return. We believe this attack is both more general and a greater threat than the author appreciated. In fact, the vulnerability is not limited to the x86 architecture or any particular operating system, is readily exploitable, and bypasses an entire category of malware protections. In this paper we demonstrate general return-oriented programming on the SPARC, a fixed instruction length RISC architecture with structured control flow. We construct a Turing-complete library of code gadgets using snippets of the Solaris libc, a general purpose programming language, and a compiler for constructing return-oriented exploits. Finally, we argue that the threat p...
Erik Buchanan, Ryan Roemer, Hovav Shacham, Stefan
Added 12 Oct 2010
Updated 12 Oct 2010
Type Conference
Year 2008
Where CCS
Authors Erik Buchanan, Ryan Roemer, Hovav Shacham, Stefan Savage
Comments (0)