%0 Conference Paper %1 CDDSSW2010 %A Checkoway, Stephen %A Davi, Lucas %A Dmitrienko, Alexandra %A Sadeghi, Ahmad-Reza %A Shacham, Hovav %A Winandy, Marcel %B ACM Conference on Computer and Communications Security (CCS) %D 2010 %K International-Conference-Workshop-Papers-Book-Chapters myown %T Return-Oriented Programming without Returns %X We show that on both the x86 and ARM architectures it is possible to mount return-oriented programming attacks without using return instructions. Our attacks instead make use of certain instruction sequences that behave like a return, which occur with sufficient frequency in large libraries on (x86) Linux and (ARM) Android to allow creation of Turing-complete gadget sets. Because they do not make use of return instructions, our new attacks have negative implications for several recently proposed classes of defense against return-oriented programming: those that detect the too-frequent use of returns in the instruction stream; those that detect violations of the last-in, first-out invariant normally maintained for the return-address stack; and those that modify compilers to produce code that avoids the return instruction.

@inproceedings{CDDSSW2010, abstract = {We show that on both the x86 and ARM architectures it is possible to mount return-oriented programming attacks without using return instructions. Our attacks instead make use of certain instruction sequences that behave like a return, which occur with sufficient frequency in large libraries on (x86) Linux and (ARM) Android to allow creation of Turing-complete gadget sets. Because they do not make use of return instructions, our new attacks have negative implications for several recently proposed classes of defense against return-oriented programming: those that detect the too-frequent use of returns in the instruction stream; those that detect violations of the last-in, first-out invariant normally maintained for the return-address stack; and those that modify compilers to produce code that avoids the return instruction.}, added-at = {2020-05-03T20:09:10.000+0200}, author = {Checkoway, Stephen and Davi, Lucas and Dmitrienko, Alexandra and Sadeghi, Ahmad-Reza and Shacham, Hovav and Winandy, Marcel}, biburl = {https://www.bibsonomy.org/bibtex/20066c4849a5feca48f3b120b0734bf22/sssgroup}, booktitle = {ACM Conference on Computer and Communications Security (CCS)}, interhash = {6bc39ec5432643824752b3948defeeaa}, intrahash = {0066c4849a5feca48f3b120b0734bf22}, keywords = {International-Conference-Workshop-Papers-Book-Chapters myown}, location = {Chicago, USA}, month = {October}, pdf = {https://se2.informatik.uni-wuerzburg.de/publications/download/paper/1530.pdf}, timestamp = {2022-12-20T00:43:51.000+0100}, title = {Return-Oriented Programming without Returns}, venue = {ACM CCS}, year = 2010 }