Abstract
Non-executable memory pages were deployed in operating systems in order to defend against code injection attacks. However, it was bypassed by reusing codes that already exist in the process memory which have the execute permission. The Return-Oriented Programming (ROP), of the most well-known code reuse attack, has been developed and widely used to exploit systems. ROP hijacks the control flow and returns to the middle of instruction sequences that end with a return instruction. These instruction sequences are called gadgets. Researchers proposed many ROP defense mechanisms which mostly relied on the fact that ROP executes many return instructions. Proposed defenses however, are not fundamental defenses. Researches found that the concept of ROP can be implemented in Linux using jump instructions instead of return instructions, therefore successfully bypassing ROP defenses. However, no research was done on implementing the attack on non-Linux systems. In this paper, we show the possibility of implementing JOP (Jump Oriented Programming) attack model on Windows platform by presenting example gadgets and propose an algorithm for searching JOP gadgets in Dynamic Link Libraries.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Sotirov, A., Dowd, M.: Bypassing Browser Memory Protections: Setting back browser security by 10 years, Blackhat (2008)
Solar Designer: Getting around non-executable stack (and fix), Bugtraq (August 1997)
Shacham, H.: The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 552–561 (2007)
Davi, L., Sadephi, A.-R., Winandy, M.: Dynamic integrity measurement and attestation: Towards defense against return-oriented programming attacks. In: Asokan, N., Nita-Rotaru, C., Seifert, J.-P. (eds.) Proceedings of STC 2009, pp. 49–54. ACM Press (2009)
Chen, P., Xiao, H., Shen, X., Yin, X., Mao, B., Xie, L.: DROP: Detecting Return-Oriented Programming Malicious Code. In: Prakash, A., Sen Gupta, I. (eds.) ICISS 2009. LNCS, vol. 5905, pp. 163–177. Springer, Heidelberg (2009)
Frantzen, M., Shuey, M.: StackGhost: Hardware facilitated stack protection. In: Wallach, D. (ed.) Proceedings of Usenix Security 2001, pp. 55–65. USENIX (2001)
Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A.-R., Shacham, H., Winandy, M.: Return-oriented programming without returns. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 559–572. ACM, New York (2010)
Bletsch, T., Jiang, X., Freeh, V.W., Liang, Z.: Jump-Oriented Programming: A New Class of Code-Reuse Attack. In: ASIACCS, Boston, vol. 4865, pp. 154–165 (2011)
Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Return-Oriented Programming without Returns on ARM. Technical Report (2010)
OS Platform Statistics, http://www.w3schools.com/browsers/browsers_os.asp
Bletsch, T., Jiang, X., Freeh, V.: Mitigating Code-Reuse Attacks with Control-Flow Locking. In: Proceedings of the 27th ACSAC (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Min, JW., Jung, SM., Lee, DY., Chung, TM. (2012). Jump Oriented Programming on Windows Platform (on the x86). In: Murgante, B., et al. Computational Science and Its Applications – ICCSA 2012. ICCSA 2012. Lecture Notes in Computer Science, vol 7335. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31137-6_29
Download citation
DOI: https://doi.org/10.1007/978-3-642-31137-6_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31136-9
Online ISBN: 978-3-642-31137-6
eBook Packages: Computer ScienceComputer Science (R0)