Abstract
Code reuse attack is a devastating way of attack. It has great threat and can bypass many kinds of existing security measures and become the mainstream attack mode of attackers. For this reason, research in the field of code reuse attacks is also increasing. This paper briefly describes the origin of code reuse attacks, the way to attack the implementation, systematically summarizes the existing defense mechanisms and evaluates these defense mechanisms. The basic reasons for the code reuse attack are briefly analyzed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Common Weakness Enumeration—Top Software Vulnerabilities. http://cwe.mitre.org/top25/index.html
Nergal, : The advanced return-into-lib(c) exploits: PaX case study. Phrack Mag. 11, 4–14 (2001)
Designer, S.: Getting around non-executable stack (and fix) (1997). http://seclists.org/bugtraq/1997/Aug/63
Libsafe (2002) http://www.lst.de/~okir/blackhats/node17.html
Shacham, H.: The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In: ACM SIGSAC Conference on Computer and Communications Security CCS (2007)
Roemer, R., Buchanan, E., Shacham, H., Savage, S.: Return-oriented programming: systems, languages, and applications. ACM Trans. Inf. Syst. Secur. 15, 2 (2012)
Buchanan, E., Roemer, R., Shacham, H., Savage, S.: When good instructions go bad: generalizing returnoriented programming to RISC. In: ACM SIGSAC Conference on Computer and Communications Security CCS (2008)
Francillon, A., Castelluccia, C.: Code injection attacks on harvard-architecture devices. In: ACM SIGSAC Conference on Computer and Communications Security CCS (2008)
Iozzo, V., Miller, C.: Fun and games with Mac OS X and iPhone payloads. Black Hat Europe (2009)
Kornau, T.: Return oriented programming for the ARM architecture. Master’s thesis, Ruhr-University Bochum (2009)
Lindner, F.: Cisco IOS router exploitation. Black Hat USA (2009)
Francillon, A., Perito, D., Castelluccia, C.: Defending embedded systems against control flow attacks. In: 1st ACM WORKSHOP on Secure Execution of Untrusted Code, SecuCode 2009 (2009)
Davi, L., Sadeghi, A.R., Winandy, M.: ROPdefender: a detection tool to defend against return-oriented programing attacks. Technical Report TR-2010-001 (2010)
Chen, P., Xiao, H., Shen, X., et al.: DROP: detecting return oriented programming mallicious code. In: The Proceedings of the International Conference on Information Systems Security ICISS (2009)
Davi, L., Sadeghi, A.R., Winandy, M.: Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks. In: The Proceedings of the 2009 ACM Workshop on Scalable Trusted Computing, ACM STC (2009)
Checkoway, S., Davi, L., Dmitrienko, A., et al.: Return-oriented programming without returns. In: ACM SIGSAC Conference on Computer and Communications Security CCS (2010)
Bletsch, T.K., Jiang, X., Freeh, V.W., Liang, Z.: Jump-oriented programming: a new class of code-reuse attack. In: 6th ACM Symposium on Information, computer and communications Security ASIACCS (2011)
Snow, K.Z., Monrose, F., Davi, L., Dmitrienko, A., Liebchen, C., Sadeghi, A.R.: Just-in-time code reuse: on the effectiveness of fine-grained address space layout randomization. In: 34th IEEE symposium on security and privacy S&P (2013)
Carlini, N., Wagner, D.: ROP is still dangerous: breaking modern defenses. In: 23rd USENIX Security Symposium (2014)
Davi, L., Liebchen, C., Sadeghi, A.R., Snow, K.Z., Monrose, F.: Isomeron: code randomization resilient to (just-in-time) return-oriented programming. In: 22nd annual network and distributed system security symposium, NDSS (2015)
Schuster, F., Tendyck, T., Liebchen, C., Davi, L., Sadeghi, A.R., Holz, T.: Counterfeit object-oriented programming: on the difficulty of preventing code reuse attacks in C++ applications. In: 36th IEEE Symposium on Security and Privacy, S&P (2015)
PAX TEAM: PaX Address Space Layout Randomization (ASLR). http://pax.grsecurity.net/docs/aslr.txt
Liu, L., Han, J., Gao, D., Jing, J., Zha, D.: Launching return-oriented programming attacks against randomized relocatable executables. In: IEEE International Conference on Trust, Security and Privacy in Computing and Communications, IEEE TrustCom (2011)
Shacham, H., Jin Goh, E., Modadugu, N., Pfaff, B., Boneh, D.: On the effectiveness of addressspace randomization. In: ACM SIGSAC Conference on Computer and Communications Security CCS (2004)
Serna, F.J.: The info leak era on software exploitation. Black Hat USA (2012)
Sotirov, A., Dowd, M.: Bypassing browser memory protections in Windows Vista (2008). http://www.phreedom.org/research/bypassing-browser-memory-protections/bypassing-browser-memory-protections.pdf
Kil, C., Jun, J., Bookholt, C., Xu, J., Ning, P.: Address space layout permutation (ASLP): towards fine-grained randomization of commodity software. In: 22nd Annual Computer Security Applications Conference ACSAC (2006)
Pappas, V., Polychronakis, M., Keromytis, A.D.: Smashing the gadgets: hindering return-oriented programming using in-place code randomization. In: 33rd IEEE Symposium on Security and Privacy S&P (2012)
Hiser, J.D., Nguyen-Tuong, A., Co, M., Hall, M., Davidson, J.W.: ILR: Where’d my gadgets go? In: 33rd IEEE Symposium on Security and Privacy S&P (2012)
Wartell, R., Mohan, V., Hamlen, K.W., Lin, Z.: Binary stirring: self-randomizing instruction addresses of legacy x86 binary code. In: ACM SIGSAC Conference on Computer and Communications Security CCS (2012)
Giuffrida, C., Kuijsten, A., Tanenbaum, A.S.: Enhanced operating system security through efficient and fine-grained address space randomization. In: 21st USENIX Security Symposium (2012)
Backes, M., Nurnberger, S.: Oxymoron: making fine-grained memory randomization practical by allowing code sharing. In: 23rd USENIX Security Symposium (2014)
Crane, S., Liebchen, C., Homescu, A., Davi, L., et al.: Readactor: practical code randomization resilient to memory disclosure. In: 36th IEEE Symposium on Security and Privacy S&P (2015)
Lu, K., Song, C., Lee, B., Chung, S.P., Kim, T., Lee, W.: ASLR-Guard: stopping address space leakage for code reuse attacks. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (2015)
Liu, Y., Zhou, T., Chen, K., Chen, H., Xia, Y.: Thwarting memory disclosure with efficient hypervisor-enforced intra-domain isolation. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (2015)
Davi, L., Liebchen, C., Sadeghi, A.-R., Snow, K.Z., Monrose, F.: Isomeron: code randomization resilient to (just-in-time) return-oriented programming. In: Proceedings of the 22nd Network and Distributed Systems Security Sym (NDSS) (2015)
Bigelow, D., Hobson, T., Rudd, R., Streilein, W., Okhravi, H.: Timely rerandomization for mitigating memory disclosures. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (2015)
Tang, A., Sethumadhavan, S., Stolfo, S.: Heisenbyte: thwarting memory disclosure attacks using destructive code reads. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (2015)
Wartell, R., Zhou, Y., Hamlen, K.W., Kantarcioglu, M., Thuraisingham, B.: Differentiating code from data in x86 binaries. In: Machine Learning and Knowledge Discovery in Databases, pp. 522–536. Springer (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Luo, B., Yang, Y., Zhang, C., Wang, Y., Zhang, B. (2019). A Survey of Code Reuse Attack and Defense. In: Xhafa, F., Patnaik, S., Tavana, M. (eds) Advances in Intelligent, Interactive Systems and Applications. IISA 2018. Advances in Intelligent Systems and Computing, vol 885. Springer, Cham. https://doi.org/10.1007/978-3-030-02804-6_102
Download citation
DOI: https://doi.org/10.1007/978-3-030-02804-6_102
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02803-9
Online ISBN: 978-3-030-02804-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)