Paper Info
Title
Exploitation Techniques and Defenses for Data-Oriented Attacks
Abstract
Data-oriented attacks manipulate non-control data to alter a program's benign behavior without violating its control-flow integrity. It has been shown that such attacks can cause significant damage even in the presence of control-flow defense mechanisms. However, these threats have not been adequately addressed. In this systematization of knowledge (SoK) paper, we first map data-oriented exploits, including Data-Oriented Programming (DOP) and Block-Oriented Programming attacks, to their assumptions/requirements and attack capabilities. We also compare known defenses against these attacks, in terms of approach, detection capabilities, overhead, and compatibility. Then we discuss the possible frequency anomalies of data-oriented attacks, especially the frequency anomalies of DOP attacks with experimental proofs. It is generally believed that control flows may not be useful for data-oriented security. How-ever, the frequency anomalies show that data-oriented attacks (especially DOP attacks) may generate side-effects on control-flow behavior in multiple dimensions. In the end, we discuss challenges for building deployable data-oriented defenses and open research questions.
Year
DOI
Venue
2019
10.1109/SecDev.2019.00022
2019 IEEE Cybersecurity Development (SecDev)
Keywords
Field
DocType
Data-oriented attacks,Exploitation techniques,Defenses
Open research,Computer security,Computer science,Exploit,Mathematical proof,Multiple time dimensions
Conference
ISBN
Citations 
PageRank 
978-1-5386-7290-7
0
0.34
References 
Authors
87
7
Name
Order
Citations
PageRank
Long Cheng18012.40
Hans Liljestrand234.13
Salman Ahmed300.68
Thomas Nyman4777.98
T Jaeger52635255.67
N. Asokan62889211.44
Danfeng Yao796574.85