Full Program »
Defeating ROP Through Denial of Stack Pivot
In this paper, we present a novel defense against ROP attacks. We observe that stack pivoting – a key step in executing ROP attacks, moves the stack pointer from the stack region to a non-stack (often heap) region, thereby violating the integrity of the stack pointer. Unlike CFI-based defenses, our defense does not rely on the control-flow of the program. Instead, we assert the sanity of stack pointer at predetermined execution points in order to detect stack pivoting and thereby defeat ROP. The key advantage of our approach is that it allows for incremental deployability, an Achilles heel for CFI. That is, we can selectively protect some modules that can coexist with other unprotected modules. Other advantages include: (1) We do not depend on ASLR – which is particularly vulnerable to information disclosure attacks, and (2) We do not make any assumptions regarding the so called “gadget". This is particularly important since recent attacks have demonstrated the weakness of such assumptions. We implemented our defense in a proof-of-concept system called PBlocker. We evaluated PBlocker on SPEC 2006 benchmark and show an average runtime overhead of under 1.04%.