Evaluating the generality and limits of blind return-oriented programming attacks
MetadataShow full item record
We consider a recently proposed information disclosure vulnerability called blind return-oriented programming (BROP). Under certain conditions, this attack allows a return-oriented programming attack against previously unknown binaries. We precisely enumerate the assumptions for a successful BROP attack to take place. We analyze prerequisite knowledge to perform a BROP attack, including the need to exploit a stack-based buffer overflow. In particular, we examine the types of buffer-handling functions and canaries that may render these functions useless for exploitation purposes. We survey network service binaries, to examine how often different BROP requirements are satisfied in real software, including the presence of certain gadgets and the behavior on crashes. We find if an optimized attack fails, a first principles BROP attack is unlikely to succeed. Our survey shows that certain required gadgets are rare, limiting a first principles attack.We show the presence of required gadgets fluctuates with binary version number and build conditions. The majority of the services we survey do not appear vulnerable to BROP due to missing gadgets or re-randomization on crash. We suggest some ameliorations that may further limit the applicability of this attack.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
McLain, Brian K. (Monterey, California. Naval Postgraduate School, 2009-09);This study generated new information through qualitative documentation of the main flow features and direct measurements of the aerodynamic performance of a tailless, unmanned combat air vehicle (UCAV) 1303 configuration ...
Elkin, Leslie R. (Monterey, California: Naval Postgraduate School, 1990);The corrosion mechanisms and behavior of a P-130x graphite fiber reinforced 6063 aluminum composite laminate were studied. Electrochemical and total immersion tests were performed on the composite in 3.5% sodium chloride ...
Operational energy capability portfolio analysis for protection of maritime forces against small boat swarms Cheang, Whye Kin Melvin (Monterey, California: Naval Postgraduate School, 2016-09);This research examines the requirements of a capability portfolio for protecting a maritime force against a conventional small boat swarm attack. It provides decision makers with insights gleaned from exploring the trade ...