Publikationen

Art der Publikation: Forschungsbericht

Return-Oriented Programming without Returns on ARM

Autor(en):
Davi, Lucas; Sadeghi, Alexandra Dmitrienko Ahmad-Reza; Winandy, Marcel
Nummer des Berichts oder Beitrags:
HGI-TR-2010-002
Veröffentlichung:
2010
Link zum Volltext:
https://www.ais.rub.de/media/trust/veroeffentlichungen/2010/07/21/ROP-without-Returns-on-ARM.pdf
Zitation:
Download BibTeX

Kurzfassung

In this paper we present a novel and general memory-related attack method on ARM-based computing platforms. Our attack deploys the principles of return-oriented programming (ROP), however, in contrast to conventional ROP, it exploits jumps instead of returns, and hence it can not be detected by return address checkers. Although a similar attack has been recently proposed for Intel x86, it was unclear if the attack technique can be deployed to ARM-based computing platforms as well. Developing a jump-based attack on ARM is more involved, because ARM is based on a RSIC architecture which differs in many aspects from Intel's x86 architecture. Nevertheless, we show a Turing-complete attack that can induce arbitrary change of behavior in running programs without requiring code injection. As proof of concept, we instantiate our attack method on the Android platform.