Title :
JOP-alarm: Detecting jump-oriented programming-based anomalies in applications
Author :
Fan Yao ; Jie Chen ; Venkataramani, Guru
Author_Institution :
Dept. of Electr. & Comput. Eng., George Washington Univ., Washington, DC, USA
Abstract :
Code Reuse-based Attacks (popularly known as CRA) are becoming increasingly notorious because of their ability to reuse existing code, and evade the guarding mechanisms in place to prevent code injection-based attacks. Among the recent code reuse-based exploits, Jump Oriented Programming (JOP) captures short sequences of existing code ending in indirect jumps or calls (known as gadgets), and utilizes them to cause harmful, unintended program behavior. In this work, we propose a novel, easily implementable algorithm, called JOP-alarm, that computes a score value to assess the potential for JOP attack, and detects possibly harmful program behavior. We demonstrate the effectiveness of our algorithm using published JOP code, and test the false positive alarm rate using several unmodified SPEC2006 benchmarks.
Keywords :
security of data; CRA; JOP attack potential assessment; JOP code; JOP-alarm; SPEC2006 benchmark; code injection-based attack; code reuse-based attacks; code reuse-based exploit; existing code reuse; false positive alarm rate; gadgets; guarding mechanism evasion; harmful unintended program behavior; indirect calls; indirect jumps; jump-oriented programming-based anomaly detection; possibly harmful program behavior detection; score value computation; short existing code sequence; Benchmark testing; Computers; Delays; Programming profession; Security; Standards; Code reuse attack; Detection algorithm; Jump-oriented programming;
Conference_Titel :
Computer Design (ICCD), 2013 IEEE 31st International Conference on
Conference_Location :
Asheville, NC
DOI :
10.1109/ICCD.2013.6657084
