Return-oriented programming

Created
Created
2024 May 22 7:49
Editor
Creator
Creator
Seonglae ChoSeonglae Cho
Edited
Edited
2024 Jun 13 15:16

ROP

A class of
Code Reuse Attack
  • Works by overwriting stack with multiple return addresses
  • Chain multiple short pieces of existing code (called ROP gadgets)
    • Each ROP gadget ends with the return (ret) instruction
실행 불가능한 메모리와 코드 사이 보안 방어가 존재하는 경우에 공격자가 코드를 실행할 수 있게 하는 컴퓨터 보안 취약점 공격
For binaries of a reasonably large size (think about shared library code) which guarantees amble number of ROP gadgets making to achieve Turing completeness, the attacker can basically compute anything.
We can generalize this attack to indirect control flow transfer instruction.
ROP Notion

ACM CCS 2007

By shifting the reading position, the attacker can interpret the bytes as completely different instructions, potentially exploiting the system.
Original instructions:
If an attacker starts reading one byte later, they get:
 
 
 
 
 

Recommendations