eavesROP: Listening for ROP Payloads in Data Streams

Christopher Jämthagen, Linus Karlsson, Paul Stankovski, Martin Hell

Forskningsoutput: Kapitel i bok/rapport/Conference proceedingKonferenspaper i proceedingPeer review

183 Nedladdningar (Pure)


We consider the problem of detecting exploits based on
return-oriented programming. In contrast to previous works we investigate
to which extent we can detect ROP payloads by only analysing
streaming data, i.e., we do not assume any modifications to the target
machine, its kernel or its libraries. Neither do we attempt to execute any
potentially malicious code in order to determine if it is an attack. While
such a scenario has its limitations, we show that using a layered approach
with a filtering mechanism together with the Fast Fourier Transform, it
is possible to detect ROP payloads even in the presence of noise and
assuming that the target system employs ASLR. Our approach, denoted
eavesROP, thus provides a very lightweight and easily deployable mitigation
against certain ROP attacks. It also provides the added merit
of detecting the presence of a brute-force attack on ASLR since library
base addresses are not assumed to be known by eavesROP.
Titel på värdpublikationInformation Security/Lecture Notes in Computer Science
RedaktörerSherman S. M. Chow, Jan Camenisch, Lucas C. K. Hui, Siu Ming Yiu
ISBN (elektroniskt)978-3-319-13257-0
ISBN (tryckt)978-3-319-13256-3
StatusPublished - 2014
EvenemangISC 2014 - Hong Kong
Varaktighet: 2014 okt. 122014 okt. 14


NamnLecture Notes in Computer Science
FörlagSpringer International Publishing
ISSN (tryckt)0302-9743


KonferensISC 2014

Ämnesklassifikation (UKÄ)

  • Elektroteknik och elektronik
  • Datavetenskap (datalogi)


Utforska forskningsämnen för ”eavesROP: Listening for ROP Payloads in Data Streams”. Tillsammans bildar de ett unikt fingeravtryck.

Citera det här