Return-oriented programming (ROP) is the most dangerous and most widely used technique to exploit software vulnerabilities. However, the solutions proposed in research often lack viability for real-life deployment. In this paper, we take a novel, statistical approach on detecting ROP programs. Our approach is based on the observation that ROP programs, when executed, produce different micro-architectural events than ordinary programs produced by compilers. Therefore, special registers of modern processors (hardware performance counters) that track these events can be leveraged to detect ROP attacks. We use machine learning techniques to generate a model of this different behavior, and develop a kernel module that detects and prevents ROP...
Hardware security features need to strike a careful balance between design intrusiveness and complet...
Largely known for attack scenarios, code reuse techniques at a closer look reveal properties that ar...
We consider the problem of detecting exploits based on return-oriented programming. In contrast to p...
Return-Oriented Programming (ROP) is one of the most common techniques to exploit software vulnerabi...
Return-oriented programming (ROP) is a technique that enables an adversary to construct malicious pr...
Return-Oriented Programming (ROP) is a technique that enables an adversary to construct malicious pr...
This publication describes techniques aimed at detecting and preventing return-oriented programming ...
Return-Oriented Programming (ROP) is a sophisticated exploitation technique that is able to drive ta...
Return-oriented programming (ROP) has become the primary exploitation technique for system compromis...
Attackers able to compromise the memory of a target machine can change its behavior and usually gain...
Abstract Return-oriented programming (ROP) has become the primary exploitation technique for system ...
We consider the problem of detecting exploits based on return-oriented programming. In contrast to p...
The prevalence of code injection attacks has led to the wide adoption of exploit mitigations based o...
Control-flow attacks, usually achieved by exploiting a buffer-overflow vulnerability, have been a se...
ROP attack introduced briefly in this paper is a serious threat to compute systems. Kernel ROP attac...
Hardware security features need to strike a careful balance between design intrusiveness and complet...
Largely known for attack scenarios, code reuse techniques at a closer look reveal properties that ar...
We consider the problem of detecting exploits based on return-oriented programming. In contrast to p...
Return-Oriented Programming (ROP) is one of the most common techniques to exploit software vulnerabi...
Return-oriented programming (ROP) is a technique that enables an adversary to construct malicious pr...
Return-Oriented Programming (ROP) is a technique that enables an adversary to construct malicious pr...
This publication describes techniques aimed at detecting and preventing return-oriented programming ...
Return-Oriented Programming (ROP) is a sophisticated exploitation technique that is able to drive ta...
Return-oriented programming (ROP) has become the primary exploitation technique for system compromis...
Attackers able to compromise the memory of a target machine can change its behavior and usually gain...
Abstract Return-oriented programming (ROP) has become the primary exploitation technique for system ...
We consider the problem of detecting exploits based on return-oriented programming. In contrast to p...
The prevalence of code injection attacks has led to the wide adoption of exploit mitigations based o...
Control-flow attacks, usually achieved by exploiting a buffer-overflow vulnerability, have been a se...
ROP attack introduced briefly in this paper is a serious threat to compute systems. Kernel ROP attac...
Hardware security features need to strike a careful balance between design intrusiveness and complet...
Largely known for attack scenarios, code reuse techniques at a closer look reveal properties that ar...
We consider the problem of detecting exploits based on return-oriented programming. In contrast to p...