Overview
Explore a critical security presentation from USENIX Security '14 that examines the ongoing threat of Return Oriented Programming (ROP) and introduces three new attack methods capable of bypassing modern ROP defenses. Delve into the vulnerabilities of kBouncer and ROPecker, two low-overhead defense mechanisms designed for legacy software on existing hardware. Analyze real-world ROP attacks and learn how the presented techniques can effectively cloak them from detection. Gain insights into the weaknesses of CFI-based defenses and understand the implications for future security measures. The 17-minute talk covers topics including ROP background, normal execution patterns, non-call-preceded returns, attack detection methods, large NOP gadgets, history flushing, and the introduction of kBouncer++. Conclude by examining related work and discussing the broader implications for defensive strategies in cybersecurity.
Syllabus
Intro
Background
Return Oriented Programming
Normal Execution
Non-Call-Preceded Return
Detecting Attacks
Large NOP Gadget
History Flushing
Introducing kBouncer++
Call-Preceded Detector Insufficient
Defeating kBouncer++
Results
Related Work
Implication for Defenses
Taught by
USENIX