Abstract |
In 2007, Shacham published a seminal paper on Return-Oriented Programming (ROP), the first systematic formulation of code reuse. The paper has been highly influential, profoundly shaping the way we still think about code reuse today: an attacker analyzes the “geometry” of victim binary code to locate gadgets and chains these to craft an exploit. We challenge this perception and show that an attacker going beyond “geometry” (static analysis) and considering the “dynamics” (dynamic analysis) of a victim program can easily find function call gadgets even in the presence of state-of-the-art code-reuse defenses. |