Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Pin: building customized program analysis tools with dynamic instrumentation
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Proceedings of the 12th ACM conference on Computer and communications security
Valgrind: a framework for heavyweight dynamic binary instrumentation
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)
Proceedings of the 14th ACM conference on Computer and communications security
Code injection attacks on harvard-architecture devices
Proceedings of the 15th ACM conference on Computer and communications security
When good instructions go bad: generalizing return-oriented programming to RISC
Proceedings of the 15th ACM conference on Computer and communications security
Defending embedded systems against control flow attacks
Proceedings of the first ACM workshop on Secure execution of untrusted code
Proceedings of the 2009 ACM workshop on Scalable trusted computing
DROP: Detecting Return-Oriented Programming Malicious Code
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
SigFree: A Signature-Free Buffer Overflow Attack Blocker
IEEE Transactions on Dependable and Secure Computing
Defeating return-oriented rootkits with "Return-Less" kernels
Proceedings of the 5th European conference on Computer systems
Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
EVT/WOTE'09 Proceedings of the 2009 conference on Electronic voting technology/workshop on trustworthy elections
Return-oriented programming without returns
Proceedings of the 17th ACM conference on Computer and communications security
ROPdefender: a detection tool to defend against return-oriented programming attacks
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Proceedings of the 2013 workshop on New security paradigms workshop
Hi-index | 0.00 |
Return-Oriented Programming (ROP) is a code-reuse technique which helps the attacker construct malicious code by using the instruction snippets in existing libraries/executables. Such technique makes the ROP program contain no malicious instructions. Moreover, in recent research, Return-Oriented Programming without returns has been proposed, which can be used to mount an attack without any independent return instructions, therefore, ROP malicious code circumvents the existing defenses which are based on the assumption that the ROP malicious code should use the ret without corresponding call. In this paper, we found the intrinsic feature of the ROP shellcode, and proposed an efficient method which can detect the ROP malicious code (including the one without returns). Preliminary experimental results show that our method can efficiently detect ROP malicious code and have no false positives and negatives.