Statistical Measurement of Production Environment Influence on Code Reuse Availability

27 Oct 2019
Code-reuse exploits, ROP, Return-Oriented-Programming


Return-oriented-programming is widely used for software exploits, and ten years after its academic description, little to no protection is deployed most of the time. Performance trade-offs or insufficient protection often results in no protection deployment. Address space layout randomisation is a basic protection that just increases the complexity of writing attacks but does not prevent code-reuse exploits. Its overhead is negligible enough to justify its deployment. These protections come after software development, and are implemented in the compiler or via binary modification. Usually, each binary is either critical and protected or not critical and not protected. This decision results from a usage criterion, like gzip, or if it exposes network interfaces, like apache. In this paper, we go through multiple views to expose elements that make it possible to compare binaries with respect to their available code-reuse components. We look at these elements to underline what part of the production process of a binary can increase or decrease its quantitative inclusion of code reuse components. With this evaluation, we expose certain disparities introduced by production tools, by the language used to write applications or even because of the targeted platform. We also show how hardware architectures affect this statistical measurement.


Étienne Louboutin, Jean-Christophe Bach, Fabien Dagnat. Statistical Measurement of Production Environment Influence on Code Reuse Availability. SECURWARE 2019 : The Thirteenth International Conference on Emerging Security Information, Systems and Technologies, Oct 2019, Nice, France. ⟨hal-02354761⟩

Lien vers l’article en PDF