Smashing the Gadgets: Hindering Return-Oriented Programming Using In-Place Code Rando

Smashing the Gadgets: Hindering Return-Oriented
Programming Using In-Place Code Randomization

http://nsl.cs.columbia.edu/papers/2012/smash.sp12.pdf

 

"Like". Looks like they'll be publishing an EMET-like solution soon.

 

It would be very welcome. As mentioned in the article ASLR does try to break ROP but it isn't perfect - programs have to be specifically compiled to become PIE and even then there are other issues.

I don't know the state of things for Windows and PIE - on Android it's not supported, one of the major fallbacks of their recently implemented ASLR.

I think that this would seriously pick up the slack from ASLR and the combination would drive up exploit costs substantially. On its own it's not as useful as ASLR is, it's definitely meant to be paired with it.

They completely lost me in some areas though. From what I gathered this would be more or less effective depending on the program it's used on because it tries to prioritize compatibility.

 

Thanks for posting, haven't dug fully into the PDF yet.
Searching a bit, I found the authors will give a presentation at the '2012 IEEE Symposium on Security and Privacy' link.
Most of those presentations are waayyy over my head but surely plenty 'food for thought' there for other WSF members.