TY  - JOUR
T1  - Design and Implementation of Efficient Mitigation against Return-oriented Programming
AU  - Kim, Jeehong 
AU  - Kim, Inhyeok 
AU  - Min, Changwoo 
AU  - Eom, Young Ik 
JO  - Journal of KIISE, JOK
PY  - 2014
DA  - 2014/9/14
DO  - 
KW  - return-oriented programming
KW  - code reuse attack
KW  - software security
KW  - malware defense
AB  - An ROP attack creates gadget sequences which consist of existing code snippets in a program, and hijacks the control flow of a program by chaining and executing gadget sequences consecutively. Existing defense schemes have limitations in that they cause high execution overhead, an increase in the binary size overhead, and a low applicability. In this paper, we solve these problems by introducing zero-sum defender, which is a fast and space-efficient mitigation scheme against ROP attacks. We find a fundamental property of gadget execution in which control flow starts in the middle of a function without a call instruction and ends with a return instruction. So, we exploit this property by monitoring whether the execution is abused by ROP attacks. We achieve a very low runtime overhead with a very small increase in the binary size. In our experimental results, we verified that our defense scheme prevents real world ROP attacks, and we showed that there is only a 2% performance overhead and a 1% binary size increase overhead in several benchmarks.