Abstract | ||
---|---|---|
Data-oriented attacks manipulate non-control data to alter a program's benign behavior without violating its control-flow integrity. It has been shown that such attacks can cause significant damage even in the presence of control-flow defense mechanisms. However, these threats have not been adequately addressed. In this systematization of knowledge (SoK) paper, we first map data-oriented exploits, including Data-Oriented Programming (DOP) and Block-Oriented Programming attacks, to their assumptions/requirements and attack capabilities. We also compare known defenses against these attacks, in terms of approach, detection capabilities, overhead, and compatibility. Then we discuss the possible frequency anomalies of data-oriented attacks, especially the frequency anomalies of DOP attacks with experimental proofs. It is generally believed that control flows may not be useful for data-oriented security. How-ever, the frequency anomalies show that data-oriented attacks (especially DOP attacks) may generate side-effects on control-flow behavior in multiple dimensions. In the end, we discuss challenges for building deployable data-oriented defenses and open research questions. |
Year | DOI | Venue |
---|---|---|
2019 | 10.1109/SecDev.2019.00022 | 2019 IEEE Cybersecurity Development (SecDev) |
Keywords | Field | DocType |
Data-oriented attacks,Exploitation techniques,Defenses | Open research,Computer security,Computer science,Exploit,Mathematical proof,Multiple time dimensions | Conference |
ISBN | Citations | PageRank |
978-1-5386-7290-7 | 0 | 0.34 |
References | Authors | |
87 | 7 |
Name | Order | Citations | PageRank |
---|---|---|---|
Long Cheng | 1 | 80 | 12.40 |
Hans Liljestrand | 2 | 3 | 4.13 |
Salman Ahmed | 3 | 0 | 0.68 |
Thomas Nyman | 4 | 77 | 7.98 |
T Jaeger | 5 | 2635 | 255.67 |
N. Asokan | 6 | 2889 | 211.44 |
Danfeng Yao | 7 | 965 | 74.85 |