Skip to main content
SpringerLink
Log in

A Survey of Code Reuse Attack and Defense

  • Conference paper
  • First Online:
Advances in Intelligent, Interactive Systems and Applications (IISA 2018)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 885))

  • 1465 Accesses

Abstract

Code reuse attack is a devastating way of attack. It has great threat and can bypass many kinds of existing security measures and become the mainstream attack mode of attackers. For this reason, research in the field of code reuse attacks is also increasing. This paper briefly describes the origin of code reuse attacks, the way to attack the implementation, systematically summarizes the existing defense mechanisms and evaluates these defense mechanisms. The basic reasons for the code reuse attack are briefly analyzed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Common Weakness Enumeration—Top Software Vulnerabilities. http://cwe.mitre.org/top25/index.html

  2. Nergal, : The advanced return-into-lib(c) exploits: PaX case study. Phrack Mag. 11, 4–14 (2001)

    Google Scholar 

  3. Designer, S.: Getting around non-executable stack (and fix) (1997). http://seclists.org/bugtraq/1997/Aug/63

  4. Libsafe (2002) http://www.lst.de/~okir/blackhats/node17.html

  5. Shacham, H.: The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In: ACM SIGSAC Conference on Computer and Communications Security CCS (2007)

    Google Scholar 

  6. Roemer, R., Buchanan, E., Shacham, H., Savage, S.: Return-oriented programming: systems, languages, and applications. ACM Trans. Inf. Syst. Secur. 15, 2 (2012)

    Article  Google Scholar 

  7. Buchanan, E., Roemer, R., Shacham, H., Savage, S.: When good instructions go bad: generalizing returnoriented programming to RISC. In: ACM SIGSAC Conference on Computer and Communications Security CCS (2008)

    Google Scholar 

  8. Francillon, A., Castelluccia, C.: Code injection attacks on harvard-architecture devices. In: ACM SIGSAC Conference on Computer and Communications Security CCS (2008)

    Google Scholar 

  9. Iozzo, V., Miller, C.: Fun and games with Mac OS X and iPhone payloads. Black Hat Europe (2009)

    Google Scholar 

  10. Kornau, T.: Return oriented programming for the ARM architecture. Master’s thesis, Ruhr-University Bochum (2009)

    Google Scholar 

  11. Lindner, F.: Cisco IOS router exploitation. Black Hat USA (2009)

    Google Scholar 

  12. Francillon, A., Perito, D., Castelluccia, C.: Defending embedded systems against control flow attacks. In: 1st ACM WORKSHOP on Secure Execution of Untrusted Code, SecuCode 2009 (2009)

    Google Scholar 

  13. Davi, L., Sadeghi, A.R., Winandy, M.: ROPdefender: a detection tool to defend against return-oriented programing attacks. Technical Report TR-2010-001 (2010)

    Google Scholar 

  14. Chen, P., Xiao, H., Shen, X., et al.: DROP: detecting return oriented programming mallicious code. In: The Proceedings of the International Conference on Information Systems Security ICISS (2009)

    Google Scholar 

  15. Davi, L., Sadeghi, A.R., Winandy, M.: Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks. In: The Proceedings of the 2009 ACM Workshop on Scalable Trusted Computing, ACM STC (2009)

    Google Scholar 

  16. Checkoway, S., Davi, L., Dmitrienko, A., et al.: Return-oriented programming without returns. In: ACM SIGSAC Conference on Computer and Communications Security CCS (2010)

    Google Scholar 

  17. Bletsch, T.K., Jiang, X., Freeh, V.W., Liang, Z.: Jump-oriented programming: a new class of code-reuse attack. In: 6th ACM Symposium on Information, computer and communications Security ASIACCS (2011)

    Google Scholar 

  18. Snow, K.Z., Monrose, F., Davi, L., Dmitrienko, A., Liebchen, C., Sadeghi, A.R.: Just-in-time code reuse: on the effectiveness of fine-grained address space layout randomization. In: 34th IEEE symposium on security and privacy S&P (2013)

    Google Scholar 

  19. Carlini, N., Wagner, D.: ROP is still dangerous: breaking modern defenses. In: 23rd USENIX Security Symposium (2014)

    Google Scholar 

  20. Davi, L., Liebchen, C., Sadeghi, A.R., Snow, K.Z., Monrose, F.: Isomeron: code randomization resilient to (just-in-time) return-oriented programming. In: 22nd annual network and distributed system security symposium, NDSS (2015)

    Google Scholar 

  21. Schuster, F., Tendyck, T., Liebchen, C., Davi, L., Sadeghi, A.R., Holz, T.: Counterfeit object-oriented programming: on the difficulty of preventing code reuse attacks in C++ applications. In: 36th IEEE Symposium on Security and Privacy, S&P (2015)

    Google Scholar 

  22. PAX TEAM: PaX Address Space Layout Randomization (ASLR). http://pax.grsecurity.net/docs/aslr.txt

  23. Liu, L., Han, J., Gao, D., Jing, J., Zha, D.: Launching return-oriented programming attacks against randomized relocatable executables. In: IEEE International Conference on Trust, Security and Privacy in Computing and Communications, IEEE TrustCom (2011)

    Google Scholar 

  24. Shacham, H., Jin Goh, E., Modadugu, N., Pfaff, B., Boneh, D.: On the effectiveness of addressspace randomization. In: ACM SIGSAC Conference on Computer and Communications Security CCS (2004)

    Google Scholar 

  25. Serna, F.J.: The info leak era on software exploitation. Black Hat USA (2012)

    Google Scholar 

  26. Sotirov, A., Dowd, M.: Bypassing browser memory protections in Windows Vista (2008). http://www.phreedom.org/research/bypassing-browser-memory-protections/bypassing-browser-memory-protections.pdf

  27. Kil, C., Jun, J., Bookholt, C., Xu, J., Ning, P.: Address space layout permutation (ASLP): towards fine-grained randomization of commodity software. In: 22nd Annual Computer Security Applications Conference ACSAC (2006)

    Google Scholar 

  28. Pappas, V., Polychronakis, M., Keromytis, A.D.: Smashing the gadgets: hindering return-oriented programming using in-place code randomization. In: 33rd IEEE Symposium on Security and Privacy S&P (2012)

    Google Scholar 

  29. Hiser, J.D., Nguyen-Tuong, A., Co, M., Hall, M., Davidson, J.W.: ILR: Where’d my gadgets go? In: 33rd IEEE Symposium on Security and Privacy S&P (2012)

    Google Scholar 

  30. Wartell, R., Mohan, V., Hamlen, K.W., Lin, Z.: Binary stirring: self-randomizing instruction addresses of legacy x86 binary code. In: ACM SIGSAC Conference on Computer and Communications Security CCS (2012)

    Google Scholar 

  31. Giuffrida, C., Kuijsten, A., Tanenbaum, A.S.: Enhanced operating system security through efficient and fine-grained address space randomization. In: 21st USENIX Security Symposium (2012)

    Google Scholar 

  32. Backes, M., Nurnberger, S.: Oxymoron: making fine-grained memory randomization practical by allowing code sharing. In: 23rd USENIX Security Symposium (2014)

    Google Scholar 

  33. Crane, S., Liebchen, C., Homescu, A., Davi, L., et al.: Readactor: practical code randomization resilient to memory disclosure. In: 36th IEEE Symposium on Security and Privacy S&P (2015)

    Google Scholar 

  34. Lu, K., Song, C., Lee, B., Chung, S.P., Kim, T., Lee, W.: ASLR-Guard: stopping address space leakage for code reuse attacks. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (2015)

    Google Scholar 

  35. Liu, Y., Zhou, T., Chen, K., Chen, H., Xia, Y.: Thwarting memory disclosure with efficient hypervisor-enforced intra-domain isolation. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (2015)

    Google Scholar 

  36. Davi, L., Liebchen, C., Sadeghi, A.-R., Snow, K.Z., Monrose, F.: Isomeron: code randomization resilient to (just-in-time) return-oriented programming. In: Proceedings of the 22nd Network and Distributed Systems Security Sym (NDSS) (2015)

    Google Scholar 

  37. Bigelow, D., Hobson, T., Rudd, R., Streilein, W., Okhravi, H.: Timely rerandomization for mitigating memory disclosures. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (2015)

    Google Scholar 

  38. Tang, A., Sethumadhavan, S., Stolfo, S.: Heisenbyte: thwarting memory disclosure attacks using destructive code reads. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (2015)

    Google Scholar 

  39. Wartell, R., Zhou, Y., Hamlen, K.W., Kantarcioglu, M., Thuraisingham, B.: Differentiating code from data in x86 binaries. In: Machine Learning and Knowledge Discovery in Databases, pp. 522–536. Springer (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ZhangJiaKou Electric Power Co., Ltd., Zhangjiakou, 075000, China

    Bingbing Luo, Yimin Yang, Changhe Zhang, Yi Wang & Baoying Zhang

Authors
  1. Bingbing Luo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yimin Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Changhe Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yi Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Baoying Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bingbing Luo .

Editor information

Editors and Affiliations

  1. Department de Ciències de la Computació, Universitat Politècnica de Catalunya, Barcelona, Spain

    Fatos Xhafa

  2. Department of Computer Science and Engineering, Faculty of Engineering and Technology, SOA University, Bhubaneswar, Odisha, India

    Srikanta Patnaik

  3. Department of Business Systems and Analytics, La Salle University, Philadelphia, PA, USA

    Madjid Tavana

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Luo, B., Yang, Y., Zhang, C., Wang, Y., Zhang, B. (2019). A Survey of Code Reuse Attack and Defense. In: Xhafa, F., Patnaik, S., Tavana, M. (eds) Advances in Intelligent, Interactive Systems and Applications. IISA 2018. Advances in Intelligent Systems and Computing, vol 885. Springer, Cham. https://doi.org/10.1007/978-3-030-02804-6_102

Download citation

Publish with us

Policies and ethics

Search

Navigation