[Full-disclosure] PAPER: Security Mitigations for Return-Oriented Programming Attacks
Piotr Bania
bania.piotr at gmail.com
Mon Aug 23 06:29:42 BST 2010
ABSTRACT
With the discovery of new exploit techniques, new protection mechanisms are
needed as well. Mitigations like DEP (Data Execution Prevention) or ASLR
(Address Space Layout Randomization) created a significantly more difficult
environment for vulnerability exploitation. Attackers, however, have
recently developed new exploitation methods which are capable of bypassing
the operating system's security protection mechanisms. In this paper we
present a short summary of novel and known mitigation techniques against
return-oriented programming (ROP) attacks. The techniques described in this
article are related mostly to x86-32 processors and Microsoft Windows
operating systems.
PAPER LINK:
http://kryptoslogic.com/download/ROP_Whitepaper.pdf
MIRROR LINK:
http://piotrbania.com/all/articles/pbania_rop_mitigations2010.pdf
best regards,
pb
--
--------------------------------------------------------------------
Piotr Bania - <bania.piotr at gmail.com> - 0xCD, 0x19
Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE43 AC33
http://www.piotrbania.com - Key ID: 0xBE43AC33
--------------------------------------------------------------------
- "The more I learn about men, the more I love dogs."
Full-Disclosure is hosted and sponsored by Secunia.