Entry Roemer:2012:ROP from tissec.bib

Last update: Sun Oct 15 02:58:48 MDT 2017                Valid HTML 3.2!

Index sections

Top | Symbols | Numbers | Math | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

BibTeX entry

@Article{Roemer:2012:ROP,
  author =       "Ryan Roemer and Erik Buchanan and Hovav Shacham and
                 Stefan Savage",
  title =        "Return-Oriented Programming: Systems, Languages, and
                 Applications",
  journal =      j-TISSEC,
  volume =       "15",
  number =       "1",
  pages =        "2:1--2:??",
  month =        mar,
  year =         "2012",
  CODEN =        "ATISBQ",
  DOI =          "https://doi.org/10.1145/2133375.2133377",
  ISSN =         "1094-9224 (print), 1557-7406 (electronic)",
  ISSN-L =       "1094-9224",
  bibdate =      "Sat Mar 24 09:45:43 MDT 2012",
  bibsource =    "http://portal.acm.org/;
                 http://www.math.utah.edu/pub/tex/bib/tissec.bib",
  abstract =     "We introduce return-oriented programming, a technique
                 by which an attacker can induce arbitrary behavior in a
                 program whose control flow he has diverted, without
                 injecting any code. A return-oriented program chains
                 together short instruction sequences already present in
                 a program's address space, each of which ends in a
                 ``return'' instruction. Return-oriented programming
                 defeats the $W \oplus X$ protections recently deployed
                 by Microsoft, Intel, and AMD; in this context, it can
                 be seen as a generalization of traditional
                 return-into-libc attacks. But the threat is more
                 general. Return-oriented programming is readily
                 exploitable on multiple architectures and systems. It
                 also bypasses an entire category of security
                 measures---those that seek to prevent malicious
                 computation by preventing the execution of malicious
                 code. To demonstrate the wide applicability of
                 return-oriented programming, we construct a
                 Turing-complete set of building blocks called gadgets
                 using the standard C libraries of two very different
                 architectures: Linux/x86 and Solaris/SPARC. To
                 demonstrate the power of return-oriented programming,
                 we present a high-level, general-purpose language for
                 describing return-oriented exploits and a compiler that
                 translates it to gadgets.",
  acknowledgement = ack-nhfb,
  articleno =    "2",
  fjournal =     "ACM Transactions on Information and System Security",
  journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J789",
}

Related entries