TGRop: Top Gun of Return-Oriented Programming Automation

TGRop: Top Gun of Return-Oriented Programming Automation

연구 분야: Analysis

학회: European Symposium on Research in Computer Security

Given the prevalence of Return-Oriented Programming (ROP) in exploitation, automating ROP has become a cornerstone of security research and education. Many security measures are evaluated against and thus restricted by the practical capability of ROP. However, the ROP automation state-of-the-art approaches have fundamental limitations in their gadget utilization and fall short of delivering the promise. To overcome these fundamental limitations, we design and implement TGRop which advances ROP automation to a new level. TGRop can leverage gadgets that operate memory and perform complex arithmetic calculations. By breaking down the entire computation into sub-goals, TGRop effectively reduces search space and thus maximizes the utility of the SAT/SMT solver. More importantly, TGRop employs a systematic approach to resolving data dependencies and eliminating side effects. Our thorough measurement shows that TGRop outperforms all existing approaches by more than 1.62–3.11 times. Additionally, we validate the rationale behind its design via analytical experiments. When running TGRop against the newest ROP mitigations, we discovered their weaknesses and reported to vendors.