Publication Date
2018
Document Type
Thesis
Committee Members
Adam Bryant (Committee Co-Chair), John Emmert (Committee Co-Chair), Meilin Liu (Committee Member), Krishnaprasad Thirunarayan (Committee Member)
Degree Name
Master of Science (MS)
Abstract
Data-Oriented Programming (DOP) is a data-only code-reuse exploit technique that "stitches" together sequences of instructions to alter a program's data flow to cause harm. DOP attacks are difficult to mitigate because they respect the legitimate control flow of a program and by-pass memory protection schemes such as Address Space Layout Randomization, Data Execution Prevention, and Control Flow Integrity. Techniques that describe how to build DOP payloads rely on a program's source code. This research explores the feasibility of constructing DOP exploits without source code-that is, using only binary representations of programs. The lack of semantic and type information introduces difficulties in identifying data-oriented gadgets and their properties. This research uses binary program analysis techniques and formal methods to identify and verify data-oriented gadgets, and determine if they are reachable and executable from a given memory corruption vulnerability. This information guides the construction of DOP attacks without the need for source code, showing that common-off-the-shelf programs are also vulnerable to this class of exploit.
Page Count
70
Department or Program
Department of Computer Science and Engineering
Year Degree Awarded
2018
Copyright
Copyright 2018, some rights reserved. My ETD may be copied and distributed only for non-commercial purposes and may not be modified. All use must give me credit as the original author.
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.
ORCID ID
0000-0002-6553-712X
