Tuesday, September 30, 2014

A Run-time Non-invasive Approach to Defending against ROP and JOP Attacks

<For some reason, I cannot public it. But I'm planning to open it at some time later >

This blog presents an idea to defend against both ROP (Return-oriented Programming) and JOP (Jump-oriented Programming) attacks ...

It is a low-overhead, real-time, and non-invasive solution with no need target exploit binary/source change. 


References:


ROP

http://en.wikipedia.org/wiki/Return-oriented_programming

Return-oriented programming without returns, JOP

http://dl.acm.org/citation.cfm?id=1866370

Mitigating ROP via Last Branch Recording (kBouncer)

http://blogs.technet.com/b/srd/archive/2012/07/23/technical-analysis-of-the-top-bluehat-prize-submissions.aspx

No comments:

Post a Comment