| With adoption of W(?)X technology, the traditional code injection attacks have been almost eliminated and return to libc attack has been greatly restrained. Consequently, Doc. Shacham promoted the Return Oriented Programming (ROP) idea. Basing on the theory of abduction of control flow, exploiting the valid short instruction sequences ended with ret to construct gadgets, ROP can accomplish compute and attack.With deliberate and sophisticated construction and rare static characteristics, ROP can circumvent many traditional defending measures. Therefore, bringing in Dynamic Binary Instrumentation provides powerful support for dynamic analysis of ROP. Moreover, ROP on PC being migrated to embedded devices has brought new threats to embedded platforms, and existing protection methods against ROP on PC rarely work well.Address randomization is an effective method against attacks that depend on accurate addresses. In view of this.a randomized solution which includes modeling short sequences and dependency relationship analysis and combines with NOP padding and function randomization, to achieve a high coverage rate of randomization of ROP and its variants can defend this attack thoroughly.We illustrate current achievements of ROP and predict its future. Simultaneously, we design a dynamic defense strategy which depends on the characteristic of malicious use of library code by means of control flow shepherd, and design an extensible framework and implement it on ARM platform. Meanwhile, by studying dependency on addresses and efficiency of randomization, we design a short sequence randomization strategy, discuss its coverage rate and develop a three-step coverage guarantee scheme.Finally, we will summarize our researches, integrate them with current achievements of ROP, to predict the possible future directions of evolutions of ROP, which could make us completely defend control flow attacks, such as ROP exploits with dexterous design. |
PDF Full Text Request