Static Analysis of ROP Code

被引：5

作者：

D'Elia, Daniele Cono ^{[1
]}

Coppa, Emilio ^{[1
]}

Salvati, Andrea ^{[1
]}

Demetrescu, Camil ^{[1
]}

机构：

[1] Sapienza Univ Rome, Rome, Italy

来源：

PROCEEDINGS OF THE 12TH EUROPEAN WORKSHOP ON SYSTEMS SECURITY (EUROSEC 2019) | 2019年

关键词：

Return oriented programming; code reuse; static analysis; exploits;

D O I：

10.1145/3301417.3312494

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Recent years have witnessed code reuse techniques being employed to craft entire programs such as Jekyll apps, malware droppers, and persistent data-only rootkits. The increased complexity observed in such payloads calls for specific techniques and tools that can help in their analysis. In this paper we propose novel ideas for static analysis of ROP code and apply them to study prominent payloads targeting the Windows platform. Unlike state-of-the-art approaches, we do not require the ROP activation context be reproduced for the analysis. We then propose a guessing mechanism to identify gadget sources for payloads found in documents or over the network.

引用

页数：6

共 14 条

[1] Compiler-Agnostic Function Detection in Binaries [J].

Andriesse, Dennis ;

Slowinska, Asia ;

Bos, Herbert .

2017 IEEE EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY (EUROS&P), 2017, :177-189

[2] Assisting Malware Analysis with Symbolic Execution: A Case Study [J].

Baldoni, Roberto ;

Coppa, Emilio ;

D'Elia, Daniele Cono ;

Demetrescu, Camil .

CYBER SECURITY CRYPTOGRAPHY AND MACHINE LEARNING (CSCML 2017), 2017, 10332 :171-188

[3] The ROP Needle: Hiding Trigger-based Injection Vectors via Code Reuse [J].

Borrello, Pietro ;

Coppa, Emilio ;

D'Elia, Daniele Cono ;

Demetrescu, Camil .

SAC '19: PROCEEDINGS OF THE 34TH ACM/SIGAPP SYMPOSIUM ON APPLIED COMPUTING, 2019, :1962-1970

[4]

Coppa E, 2017, IEEE INT CONF AUTOM, P613, DOI 10.1109/ASE.2017.8115671

[5]

Follner A., 2016, PROC INT S ENG SECUR, P155

[6] ROPMEMU: A Framework for the Analysis of Complex Code-Reuse Attacks [J].

Graziano, Mariano ;

Balzarotti, Davide ;

Zidouemba, Alain .

ASIA CCS'16: PROCEEDINGS OF THE 11TH ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2016, :47-58

[7]

Li X., 2018, ROPNN DETECTION ROP

[8]

Lu KJ, 2011, 27TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE (ACSAC 2011), P363

[9]

Poulios G., 2015, BLACK HAT US

[10]

Roemer Ryan, 2012, ACM TISSEC

← 1 2 →