An online approach to defeating ROP attacks∗

Abstract

Return‐Oriented Programming (ROP) attacks become very popular in recent years as these attacks can bypass traditional defense mechanisms such as data execution prevention (DEP) effectively. Previous solutions suffer from limitations in that: 1) some methods need to modify the target programs; 2) some methods introduce considerable performance cost; 3) some methods rely on the special hardware; and 4) ,most of existing methods could not provide an online protection for the target processes. In this paper, we present OnRop, an on‐the‐fly ROP attack protection system by using the commodity hardware features and OS internal facilities. Our system is compatible with the existing programs, and its protection layer can be added on demand. The experiments show that OnRop can detect ROP attacks effectively with moderate performance cost.