Return-oriented Programming: Exploitation without Code Injection
Erik Buchanan, Ryan Roemer, Stefan Savage, Hovav Shacham University of California, San Diego
*Bad code versus bad behavior “Bad” behavior “Good” behavior
Attacker code
Application code
Problem: this implication is false!
2
Return-oriented Programming: BH2008
*The Return-oriented programming thesis
any sufficiently large program codebase
arbitrary attacker computation and behavior, without code injection
(in the absence of control-flow integrity)
3
Return-oriented Programming: BH2008
*Security systems endangered:
W-x
↧