LAUSR.org creates dashboard-style pages of related content for over 1.5 million academic articles. Sign Up to like articles & get recommendations!

DOPdefenderPlus: A Data-Oriented Programming Attack Mitigation Technique for Complex Software

Photo from wikipedia

With the development of research on noncontrol data attacks and defense, the threat of data-oriented programming (DOP) attacks has attracted increasing attention from the security research community. DOP attacks can… Click to show full abstract

With the development of research on noncontrol data attacks and defense, the threat of data-oriented programming (DOP) attacks has attracted increasing attention from the security research community. DOP attacks can manipulate security-critical noncontrol data to alter program behavior without violating control-flow integrity (CFI) and can circumvent the most effective defenses against control-data attacks. Among DOP attacks, the misuse of user input data is a major contributor. Moreover, existing defense methods, e.g., DOPdefender, currently lack security protection for user input data. To effectively defend against DOP attacks, we propose a novel technique, DOPdefenderPlus, which draws on the idea of divide-and-conquer and uses the modular authentication technique to make DOPdefender scalable for complex software that is designed modularly, as well as introduce the Inputguard technique to protect the program input data. The DOPdefenderPlus is an enhanced version of DOPdefender, which overcomes some limitations of DOPdefender. We implement DOPdefenderPlus on a Linux operating system and use it to defend against multiple realistic DOP attacks. We also evaluate the performance of our method, and all the results show that DOPdefenderPlus can overcome the two limitations of DOPdefender while introducing a moderate runtime overhead.

Keywords: dop attacks; oriented programming; complex software; dopdefenderplus; data oriented; technique

Journal Title: IEEE Access
Year Published: 2019

Link to full text (if available)


Share on Social Media:                               Sign Up to like & get
recommendations!

Related content

More Information              News              Social Media              Video              Recommended



                Click one of the above tabs to view related content.