JOP-alarm: Detecting jump-oriented programming-based anomalies in applications

Author

Fan Yao ; Jie Chen ; Venkataramani, Guru

Author_Institution

Dept. of Electr. & Comput. Eng., George Washington Univ., Washington, DC, USA

fYear

2013

fDate

6-9 Oct. 2013

Firstpage

467

Lastpage

470

Abstract

Code Reuse-based Attacks (popularly known as CRA) are becoming increasingly notorious because of their ability to reuse existing code, and evade the guarding mechanisms in place to prevent code injection-based attacks. Among the recent code reuse-based exploits, Jump Oriented Programming (JOP) captures short sequences of existing code ending in indirect jumps or calls (known as gadgets), and utilizes them to cause harmful, unintended program behavior. In this work, we propose a novel, easily implementable algorithm, called JOP-alarm, that computes a score value to assess the potential for JOP attack, and detects possibly harmful program behavior. We demonstrate the effectiveness of our algorithm using published JOP code, and test the false positive alarm rate using several unmodified SPEC2006 benchmarks.

Keywords

security of data; CRA; JOP attack potential assessment; JOP code; JOP-alarm; SPEC2006 benchmark; code injection-based attack; code reuse-based attacks; code reuse-based exploit; existing code reuse; false positive alarm rate; gadgets; guarding mechanism evasion; harmful unintended program behavior; indirect calls; indirect jumps; jump-oriented programming-based anomaly detection; possibly harmful program behavior detection; score value computation; short existing code sequence; Benchmark testing; Computers; Delays; Programming profession; Security; Standards; Code reuse attack; Detection algorithm; Jump-oriented programming;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Design (ICCD), 2013 IEEE 31st International Conference on

Conference_Location

Asheville, NC

Type

conf

DOI

10.1109/ICCD.2013.6657084

Filename

6657084