A Survey of Code Reuse Attack and Defense

Code reuse attack is a devastating way of attack. It has great threat and can bypass many kinds of existing security measures and become the mainstream attack mode of attackers. For this reason, research in the field of code reuse attacks is also increasing. This paper briefly describes the origin of code reuse attacks, the way to attack the implementation, systematically summarizes the existing defense mechanisms and evaluates these defense mechanisms. The basic reasons for the code reuse attack are briefly analyzed.

[1]  Per Larsen,et al.  Readactor: Practical Code Randomization Resilient to Memory Disclosure , 2015, 2015 IEEE Symposium on Security and Privacy.

[2]  Lucas Davi,et al.  ROPdefender: a detection tool to defend against return-oriented programming attacks , 2011, ASIACCS '11.

[3]  Bing Mao,et al.  DROP: Detecting Return-Oriented Programming Malicious Code , 2009, ICISS.

[4]  Zhenkai Liang,et al.  Jump-oriented programming: a new class of code-reuse attack , 2011, ASIACCS '11.

[5]  Hovav Shacham,et al.  Return-oriented programming without returns , 2010, CCS '10.

[6]  Michael Backes,et al.  Oxymoron: Making Fine-Grained Memory Randomization Practical by Allowing Code Sharing , 2014, USENIX Security Symposium.

[7]  Claude Castelluccia,et al.  Defending embedded systems against control flow attacks , 2009, SecuCode '09.

[8]  Yutao Liu,et al.  Thwarting Memory Disclosure with Efficient Hypervisor-enforced Intra-domain Isolation , 2015, CCS.

[9]  Ahmad-Reza Sadeghi,et al.  Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks , 2009, STC '09.

[10]  William W. Streilein,et al.  Timely Rerandomization for Mitigating Memory Disclosures , 2015, CCS.

[11]  Hovav Shacham,et al.  The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86) , 2007, CCS '07.

[12]  Ahmad-Reza Sadeghi,et al.  Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization , 2013, 2013 IEEE Symposium on Security and Privacy.

[13]  Hovav Shacham,et al.  Return-Oriented Programming: Systems, Languages, and Applications , 2012, TSEC.

[14]  Kevin W. Hamlen,et al.  Binary stirring: self-randomizing instruction addresses of legacy x86 binary code , 2012, CCS.

[15]  Wenke Lee,et al.  ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks , 2015, CCS.

[16]  Hovav Shacham,et al.  When good instructions go bad: generalizing return-oriented programming to RISC , 2008, CCS.

[17]  Cristiano Giuffrida,et al.  Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization , 2012, USENIX Security Symposium.

[18]  Hovav Shacham,et al.  On the effectiveness of address-space randomization , 2004, CCS '04.

[19]  Salvatore J. Stolfo,et al.  Heisenbyte: Thwarting Memory Disclosure Attacks using Destructive Code Reads , 2015, CCS.

[20]  Ahmad-Reza Sadeghi,et al.  Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications , 2015, 2015 IEEE Symposium on Security and Privacy.

[21]  David A. Wagner,et al.  ROP is Still Dangerous: Breaking Modern Defenses , 2014, USENIX Security Symposium.

[22]  Claude Castelluccia,et al.  Code injection attacks on harvard-architecture devices , 2008, CCS.

[23]  Bhavani M. Thuraisingham,et al.  Differentiating Code from Data in x86 Binaries , 2011, ECML/PKDD.

[24]  Peng Ning,et al.  Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[25]  Debin Gao,et al.  Launching Return-Oriented Programming Attacks against Randomized Relocatable Executables , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[26]  Ahmad-Reza Sadeghi,et al.  Isomeron: Code Randomization Resilient to (Just-In-Time) Return-Oriented Programming , 2015, NDSS.

[27]  Jack W. Davidson,et al.  ILR: Where'd My Gadgets Go? , 2012, 2012 IEEE Symposium on Security and Privacy.

[28]  Angelos D. Keromytis,et al.  Smashing the Gadgets: Hindering Return-Oriented Programming Using In-place Code Randomization , 2012, 2012 IEEE Symposium on Security and Privacy.