Catalogo dei prodotti della ricerca

Recent years have witnessed code reuse techniques being employed to craft entire programs such as Jekyll apps, malware droppers, and persistent data-only rootkits. The increased complexity observed in such payloads calls for specific techniques and tools that can help in their analysis. In this paper we propose novel ideas for static analysis of ROP code and apply them to study prominent payloads targeting the Windows platform. Unlike state-of-the-art approaches, we do not require the ROP activation context be reproduced for the analysis. We then propose a guessing mechanism to identify gadget sources for payloads found in documents or over the network.

Static analysis of ROP code / D'Elia, D. C.; Coppa, E.; Salvati, A.; Demetrescu, C.. - (2019). (Intervento presentato al convegno 12th European Workshop on Systems Security, EuroSec 2019 tenutosi a Dresden; Germany) [10.1145/3301417.3312494].

Static analysis of ROP code

D'Elia D. C.
Primo
;Coppa E.;Demetrescu C.
2019

Abstract

Recent years have witnessed code reuse techniques being employed to craft entire programs such as Jekyll apps, malware droppers, and persistent data-only rootkits. The increased complexity observed in such payloads calls for specific techniques and tools that can help in their analysis. In this paper we propose novel ideas for static analysis of ROP code and apply them to study prominent payloads targeting the Windows platform. Unlike state-of-the-art approaches, we do not require the ROP activation context be reproduced for the analysis. We then propose a guessing mechanism to identify gadget sources for payloads found in documents or over the network.
2019
12th European Workshop on Systems Security, EuroSec 2019
Code reuse; Exploits; Return oriented programming; Static analysis
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
Static analysis of ROP code / D'Elia, D. C.; Coppa, E.; Salvati, A.; Demetrescu, C.. - (2019). (Intervento presentato al convegno 12th European Workshop on Systems Security, EuroSec 2019 tenutosi a Dresden; Germany) [10.1145/3301417.3312494].
04b Atto di convegno in volume
File allegati a questo prodotto
File Dimensione Formato  
DElia_Static-Analysis_2019.pdf

solo gestori archivio

Tipologia: Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 575.59 kB
Formato Adobe PDF
  Contatta l'autore
575.59 kB Adobe PDF   Contatta l'autore

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1282927
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 8
  • ???jsp.display-item.citation.isi??? 5
social impact