Publication Date

2018

Document Type

Thesis

Committee Members

Adam Bryant (Committee Co-Chair), John Emmert (Committee Co-Chair), Meilin Liu (Committee Member), Krishnaprasad Thirunarayan (Committee Member)

Degree Name

Master of Science (MS)

Abstract

Data-Oriented Programming (DOP) is a data-only code-reuse exploit technique that "stitches" together sequences of instructions to alter a program's data flow to cause harm. DOP attacks are difficult to mitigate because they respect the legitimate control flow of a program and by-pass memory protection schemes such as Address Space Layout Randomization, Data Execution Prevention, and Control Flow Integrity. Techniques that describe how to build DOP payloads rely on a program's source code. This research explores the feasibility of constructing DOP exploits without source code-that is, using only binary representations of programs. The lack of semantic and type information introduces difficulties in identifying data-oriented gadgets and their properties. This research uses binary program analysis techniques and formal methods to identify and verify data-oriented gadgets, and determine if they are reachable and executable from a given memory corruption vulnerability. This information guides the construction of DOP attacks without the need for source code, showing that common-off-the-shelf programs are also vulnerable to this class of exploit.

Page Count

70

Department or Program

Department of Computer Science and Engineering

Year Degree Awarded

2018

Creative Commons License

Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.

ORCID ID

0000-0002-6553-712X


Share

COinS