Xuhua Ding scite author profile

Return-Oriented Programming (ROP) is a sophisticated exploitation technique that is able to drive target applications to perform arbitrary unintended operations by constructing a gadget chain reusing existing small code sequences (gadgets). Existing defense mechanisms either only handle specific types of gadgets, require access to source code and/or a customized compiler, break the integrity of the binary code, or suffer from high performance overhead. In this paper, we present a novel system, ROPecker, to efficiently and effectively defend against ROP attacks without relying on any other side information (e.g., source code and compiler support) or binary rewriting. ROPecker detects an ROP attack at run-time by checking the presence of a sufficiently long chain of gadgets in past and future execution flow, with the assistance of the taken branches recorded in the Last Branch Record (LBR) registers and an efficient technique combining offline analysis with run-time emulation. We also design a sliding window mechanism to invoke the detection logic in proper timings, which achieves both high detection accuracy and efficiency. We build an ROPecker prototype on x86-based Linux computers and evaluate its security effectiveness and performance overhead. In our experiment, ROPecker can detect all ROP attacks from real-world examples and generated by the general-purpose ROP compiler Q. It only incurs acceptable performance overhead on CPU computation, disk I/O and network I/O. ROP Types No Source No Binary Run-time Code Rewriting Efficiency DROP [9] Ret-based √ X X ROPDefender [13] Ret-based √ X X ROPGuard [15] Ret-based √ X √ Return-less Kernel [18] Ret-based X √ √

show abstract

Conditional proxy re-encryption secure against chosen-ciphertext attack

Weng

et al. 2009

View full text Add to dashboard Cite

Private Query on Encrypted Data in Multi-user Settings

Bao

Deng²,

Ding³

et al.

176

107

View full text Add to dashboard Cite

Anomaly Based Web Phishing Page Detection

Pan

Ding

2006

151

View full text Add to dashboard Cite

Many anti-phishing schemes have recently been proposed in literature. Despite all those efforts, the threat of phishing attacks is not mitigated. One of the main reasons is that phishing attackers have the adaptability to change their tactics with little cost. In this paper, we propose a novel approach, which is independent of any specific phishing implementation. Our idea is to examine the anomalies in web pages, in particular, the discrepancy between a web site's identity and its structural features and HTTP transactions. It demands neither user expertise nor prior knowledge of the website. The evasion of our phishing detection entails high cost to the adversary. As shown by the experiments, our phishing detector functions with low miss rate and low false-positive rate.

show abstract

Protecting RFID communications in supply chains

Ding

2007

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Xuhua Ding

ROPecker: A Generic and Practical Approach For Defending Against ROP Attacks

Conditional proxy re-encryption secure against chosen-ciphertext attack

Private Query on Encrypted Data in Multi-user Settings

Anomaly Based Web Phishing Page Detection

Protecting RFID communications in supply chains

Contact Info

Product

Resources

About