A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2012; you can also visit the original URL.
The file type is application/pdf
.
ROP payload detection using speculative code execution
2011
2011 6th International Conference on Malicious and Unwanted Software
The prevalence of code injection attacks has led to the wide adoption of exploit mitigations based on nonexecutable memory pages. In turn, attackers are increasingly relying on return-oriented programming (ROP) to bypass these protections. At the same time, existing detection techniques based on shellcode identification are oblivious to this new breed of exploits, since attack vectors may not contain binary code anymore. In this paper, we present a detection method for the identification of ROP
doi:10.1109/malware.2011.6112327
dblp:conf/malware/PolychronakisK11
fatcat:pjsam7jukbfl7ksbv6l2ylry5e