Defeating ROP through denial of stack pivot

Aravind Prakash, Heng Yin

Research output: Chapter in Book/Entry/PoemConference contribution

18 Scopus citations

Abstract

Return-Oriented Programming (ROP) is a popular and prevalent infiltration technique. While current solutions based on code randomization, artificial diversification and Control-Flow Integrity (CFI) have rendered ROP attacks harder to accomplish, they have been unsuccessful in completely eliminating them. Particularly, CFIbased approaches lack incremental deployability and impose high performance overhead - Two key requirements for practical application. In this paper, we present a novel compiler-level defense against ROP attacks. We observe that stack pivoting - A key step in executing ROP attacks - often moves the stack pointer from the stack region to a non-stack (often heap) region, thereby violating the integrity of the stack pointer. Unlike CFI-based defenses, our defense does not rely on the control-flow of the program. Instead, we assert the sanity of stack pointer at predetermined execution points in order to detect stack pivoting and thereby defeat ROP. The key advantage of our approach is that it allows for incremental deployability, an Achilles heel for CFI. That is, we can selectively protect some modules that can coexist with other unprotected modules. Other advantages include: (1) We do not depend on ASLR - which is particularly vulnerable to information disclosure attacks, and (2) We do not make any assumptions regarding the so called "gadget". We implemented our defense in a proofof- concept LLVM-based system called PBlocker. We evaluated PBlocker on SPEC 2006 benchmark and show an average runtime overhead of 1.04%.

Original languageEnglish (US)
Title of host publicationProceedings - 31st Annual Computer Security Applications Conference, ACSAC 2015
PublisherAssociation for Computing Machinery
Pages111-120
Number of pages10
ISBN (Electronic)9781450336826
DOIs
StatePublished - Dec 7 2015
Event31st Annual Computer Security Applications Conference, ACSAC 2015 - Los Angeles, United States
Duration: Dec 7 2015Dec 11 2015

Publication series

NameACM International Conference Proceeding Series
Volume7-11-December-2015

Other

Other31st Annual Computer Security Applications Conference, ACSAC 2015
Country/TerritoryUnited States
CityLos Angeles
Period12/7/1512/11/15

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Defeating ROP through denial of stack pivot'. Together they form a unique fingerprint.

Cite this