Skip to main content
SpringerLink
Log in

A Novel Method for the Automatic Generation of JOP Chain Exploits

  • Conference paper
  • First Online:
National Cyber Summit (NCS) Research Track 2021 (NCS 2021)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 310))

Included in the following conference series:

  • 356 Accesses

Abstract

Jump-Oriented Programming (JOP) is a seldom studied form of advanced code-reuse attacks, very different from return-oriented programming (ROP). JOP identifies snippets of code ending in an indirect jump or indirect call (gadgets), and these are chained together to construct exploits. All applications contain gadgets in executable memory. In this paper we present a mature tool, JOP ROCKET, to facilitate JOP gadget discovery and classification. Additionally, it automates generation a complete JOP chain to bypass Data Execution Prevention (DEP), using a limited virtual machine with emulation. The JOP chain generation utilizes a novel variation to the approach to JOP. Automating JOP chain generation can help provide for automatic detection of vulnerabilities in an application prior to being released, allowing for remediation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Pappas, V., Polychronakis, M., Keromytis, A.D.: Transparent ROP exploit mitigation using indirect branch tracing. In: Proceedings of the 22nd USENIX Security Symposium, pp. 447–462 (2013)

    Google Scholar 

  2. Brizendine, B., Stroschein, J.: A JOP gadget discovery and analysis tool. S. D. Law Rev. 65, 540–555 (2020)

    Google Scholar 

  3. Brizendine, B.: JOP ROCKET repository. https://github.com/Bw3ll/JOP_ROCKET/

  4. Roemer, R.G.: Finding the bad in good code: automated return-oriented programming exploit discovery (2009)

    Google Scholar 

  5. Van Eeckhoutte, P.: Corelan Repository for mona.py. https://github.com/corelan/mona

  6. Salwan, J.: ROPgadget. https://github.com/JonathanSalwan/ROPgadget

  7. Schirra, S.: Ropper. https://github.com/sashs/Ropper

  8. Bletsch, T., Jiang, X., Freeh, V.W.: Proceedings of the 6th International Symposium on Information, Computer and Communications Security, ASIACCS 2011 (2011)

    Google Scholar 

  9. Checkoway, S., Shacham, H.: Escape from return-oriented programming: return-oriented programming without returns (on the x86). Rep. CS2010–0954, US San Diego, pp. 1–18 (2010)

    Google Scholar 

  10. Qiao, R., Zhang, M., Sekar, R.: A principled approach for ROP defense. In: Proceedings of the 31st Annual Computer Security Applications Conference, pp. 101–110 (2015)

    Google Scholar 

  11. Davi, L.V.: Code-reuse attacks and defenses. Dissertation (2015)

    Google Scholar 

  12. Erdodi, L.: Attacking x86 windows binaries by jump oriented programming. In: Proceedings of the IEEE 17th International Conference on Intelligent Engineering System, INES 2013, pp. 333–338 (2013). https://doi.org/10.1109/INES.2013.6632837

  13. Min, J.-W., Jung, S.-M., Lee, D.-Y., Chung, T.-M.: Jump oriented programming on windows platform (on the x86). In: Murgante, B., et al. (eds.) ICCSA 2012. LNCS, vol. 7335, pp. 376–390. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31137-6_29

    Chapter  Google Scholar 

  14. Shacham, H.: The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 552–561 (2007). https://doi.org/10.1145/1315245.1315313

  15. Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A.R., Shacham, H., Winandy, M.: Return-oriented programming without returns. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 559–572 (2010). https://doi.org/10.1145/1866307.1866370

  16. Roemer, R., Buchanan, E., Shacham, H., Savage, S.: Return-oriented programming: systems, languages, and applications. ACM Trans. Inf. Syst. Secur. 15, 1–36 (2012)

    Article  Google Scholar 

  17. Buchanan, E., Roemer, R., Savage, S., Shacham, H.: Return-oriented programming: exploitation without code injection. Black Hat 8 (2008)

    Google Scholar 

  18. M00nbsd: CVE-2020–7460: FreeBSD Kernel Privilege Escalation. https://www.zerodayinitiative.com/blog/2020/9/1/cve-2020-7460-freebsd-kernel-privilege-escalation

  19. Pa_kt: A Turing complete ROP compiler (2012). https://github.com/pakt/ropc

  20. Bittau, A., Belay, A., Mashtizadeh, A., Mazières, D., Boneh, D.: Hacking blind. In: 2014 IEEE Symposium on Security and Privacy, pp. 227–242 (2014)

    Google Scholar 

  21. Fraser, O.L., Zincir-Heywood, N., Heywood, M., Jacobs, J.T.: Return-oriented programme evolution with ROPER: a proof of concept. In: Proceedings of the Genetic and Evolutionary Computation Conference Companion, pp. 1447–1454 (2017)

    Google Scholar 

  22. Bania, P.: Security mitigations for return-oriented programming attacks. arXiv Prepr. arXiv1008.4099 (2010)

  23. Davi, L., Sadeghi, A.R., Lehmann, D., Monrose, F.: Stitching the gadgets: on the ineffectiveness of coarse-grained control-flow integrity protection. In: Proceedings of the 23rd USENIX Security Symposium, pp. 401–416 (2014)

    Google Scholar 

  24. Carlini, N., Barresi, A., Zurich, E., Payer, M., Wagner, D., Gross, T.R.: Control-flow bending: on the effectiveness of control-flow integrity. In: Proceedings of the USENIX Security Symposium (2018)

    Google Scholar 

  25. Schenk, M.: eXtended Flow Guard Under the Microscope. https://www.offensive-security.com/offsec/extended-flow-guard/

  26. Cheng, Y., Zhou, Z., Miao, Y., Ding, X., Deng, R.H.: ROPecker: a generic and practical approach for defending against ROP attack (2014)

    Google Scholar 

  27. Fratrić, I.: ROPGuard: runtime prevention of return-oriented programming attacks (2012)

    Google Scholar 

  28. DeMott, J.: Bypassing EMET 4.1. IEEE Secur. Priv. 13, 66–72 (2015)

    Google Scholar 

  29. Chen, P., Xiao, H., Shen, X., Yin, X., Mao, B., Xie, L.: DROP: detecting return-oriented programming malicious code. In: International Conference on Information Systems Security, pp. 163–177 (2009)

    Google Scholar 

  30. Intel Corporation: Control-flow Enforcement Technology Preview. https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf

  31. Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28, 75–105 (2004)

    Article  Google Scholar 

  32. Prieto-Diaz, R.: Implementing faceted classification for software reuse. Commun. ACM. 34, 88–97 (1991)

    Article  Google Scholar 

  33. Babcock, A.: IcoFX 2.6 - “.ico” Buffer Overflow SEH + DEP Bypass Using JOP. https://www.exploit-db.com/exploits/49959

Download references

Author information

Authors and Affiliations

  1. Dakota State University, Madison, SD, 57042, USA

    Bramwell Brizendine & Austin Babcock

Authors
  1. Bramwell Brizendine
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Austin Babcock
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bramwell Brizendine .

Editor information

Editors and Affiliations

  1. Department of Information Systems and Cyber Security, The University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  2. Department of Electrical and Computer Engineering, University of Alabama in Huntsville, Huntsville, AL, USA

    Tommy Morris

  3. Department of Electrical and Computer Engineering, Air Force Institute of Technology, Wright-Patterson Air Force Base, OH, USA

    Gilbert Peterson

  4. Information Technology and Systems Center (ITSC), University of Alabama in Huntsville, Huntsville, AL, USA

    Eric Imsand

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Brizendine, B., Babcock, A. (2022). A Novel Method for the Automatic Generation of JOP Chain Exploits. In: Choo, KK.R., Morris, T., Peterson, G., Imsand, E. (eds) National Cyber Summit (NCS) Research Track 2021. NCS 2021. Lecture Notes in Networks and Systems, vol 310. Springer, Cham. https://doi.org/10.1007/978-3-030-84614-5_7

Download citation

Publish with us

Policies and ethics

Search

Navigation