ARG: Automatic ROP Chains Generation

Wang, Yuan; Luo, Senlin; Zhuge, Jing; Gao, Jing; Zheng, Enqin; Li, Bo; Pan, Limin

doi:10.1109/access.2019.2937585

Cited by 7 publications

(7 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In response to the security threat posed by code reuse attacks, extensive research has been conducted on defense methods against such attacks. These include CRA defense methods based on randomization [ 15 , 16 ], protection methods based on CFI protection [ 17 ], and Data Execution Protection (DEP) [ 18 ].…”

Section: Related Workmentioning

confidence: 99%

“…DEP adopts a protection strategy that prohibits programs from simultaneously writing to and executing the same memory section, in order to prevent attackers from executing malicious code injected by the attackers. However, this defense method is vulnerable to bypassing through ROP and JOP attacks [ 18 ]. Randomization techniques are an effective defense against CRA attacks as they randomize code segments, data segments, and control flow paths within a program.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Securing Embedded System from Code Reuse Attacks: A Lightweight Scheme with Hardware Assistance

An,

Wang,

et al. 2023

Micromachines

View full text Add to dashboard Cite

The growing prevalence of embedded systems in various applications has raised concerns about their vulnerability to malicious code reuse attacks. Current software-based and hardware-assisted security techniques struggle to detect or block these attacks with minor performance and implementation overhead. To address this issue, this paper presents a lightweight hardware-assisted scheme to enhance the security of embedded systems against code reuse attacks. We develop an on-chip lightweight hardware shadow stack to validate target addresses at runtime for backward-edge control flow integrity, which backs up valid return addresses during function calls and automatically verifies actual return addresses during the return phase. Additionally, we propose a lightweight stream cipher circuit that encrypts and decrypts critical stack data related to control flow manipulation, preventing attackers from analyzing or tampering with them. When designing and implementing the security mechanism for embedded systems, we fully consider the constraints of limited system resources and performance, optimizing both the architecture design and implementation of the proposed hardware. Finally, we integrate both the proposed lightweight hardware shadow stack and the runtime data encryption hardware into the OR1200 processor. We have verified the system security function on the Terasic DE1-SoC FPGA platform and evaluated the system performance as well as implementation overhead. The results show that the proposed lightweight hardware-assisted scheme can provide a dedicated defense capability against code reuse attacks for embedded systems, with an average system performance overhead of 0.39% and an area footprint of 0.316 mm2.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Securing Embedded System from Code Reuse Attacks: A Lightweight Scheme with Hardware Assistance

An,

Wang,

et al. 2023

Micromachines

View full text Add to dashboard Cite

show abstract

“…A memory corruption attack exploits a software bug to corrupt the content of a memory location, which contains important data structures, such as data and code pointers. The set of attacks that modify code pointers to change the control flow of the victim program is called control-flow hijacking attacks, such as code injection attacks, return-oriented programming (ROP) [31,56,66], and jumporiented programming (JOP) [11,16].…”

Section: Background 21 Memory Corruption Vulnerabilitiesmentioning

confidence: 99%

“…These mitigations include stack canaries [19], data execution prevention [64], address space layout randomization (ASLR) [1,47], and kernel address space layout randomization (kASLR) [21]. Even though these mechanisms make memory corruption attacks more difficult, several advanced attacks [11,16,31,56,66] and various data disclosure attacks [29,59] still have the potential to bypass these memory protection mechanisms, and show that none of the existing systems are impenetrable.…”

Section: Background 21 Memory Corruption Vulnerabilitiesmentioning

confidence: 99%

Pacman

Ravichandran¹,

Na²,

Lang³

et al. 2022

Proceedings of the 49th Annual International Symposium on Computer Architecture

View full text Add to dashboard Cite

This paper studies the synergies between memory corruption vulnerabilities and speculative execution vulnerabilities. We leverage speculative execution attacks to bypass an important memory protection mechanism, ARM Pointer Authentication, a security feature that is used to enforce pointer integrity. We present PACMAN, a novel attack methodology that speculatively leaks PAC verification results via micro-architectural side channels without causing any crashes. Our attack removes the primary barrier to conducting control-flow hijacking attacks on a platform protected using Pointer Authentication.We demonstrate multiple proof-of-concept attacks of PACMAN on the Apple M1 SoC, the first desktop processor that supports ARM Pointer Authentication. We reverse engineer the TLB hierarchy on the Apple M1 SoC and expand micro-architectural side-channel attacks to Apple processors. Moreover, we show that the PACMAN attack works across privilege levels, meaning that we can attack the operating system kernel as an unprivileged user in userspace. CCS CONCEPTS• Security and privacy → Side-channel analysis and countermeasures; Hardware reverse engineering.

show abstract

“…Recent cyber-attack techniques, especially control flow hijacking, are highly complex and numbers of variants of the techniques have been developed [10]. Furthermore, there are studies that automatically produce exploit codes for buffer overflows [11], ROP chains [12], heap overflows [13], etc.…”

Section: Related Workmentioning

confidence: 99%

Real-time Attack-Scheme Visualization for Complex Exploit Technique Comprehension

Kose¹,

Suenaga²,

Oida³

2021

IJMLC

View full text Add to dashboard Cite

Recent exploit techniques are highly complex, and it is not easy for cybersecurity learners to understand the attack strategies quickly and clearly. For efficient and comprehensive learning, this paper proposes an attack-scheme visualization system that fulfills three requirements: attack progress visualization in real-time, memory and register-level description, and concise description of the attack schemes. This paper exemplifies two cases: stack buffer overflow and ROP attacks, and demonstrates how the system operates and how users can learn that existing defense technologies are effective or ineffective depending on the execution environments.

show abstract

ARG: Automatic ROP Chains Generation

Cited by 7 publications

References 19 publications

Securing Embedded System from Code Reuse Attacks: A Lightweight Scheme with Hardware Assistance

Securing Embedded System from Code Reuse Attacks: A Lightweight Scheme with Hardware Assistance

Pacman

Real-time Attack-Scheme Visualization for Complex Exploit Technique Comprehension

Contact Info

Product

Resources

About