Exploits based on ROP (Return-Oriented Programming) are increasingly present in advanced attack scenarios. Testing systems for ROP-based attacks can be valuable for improving the security and reliability of software. In this paper, we propose ROPMATE, the first Visual Analytics system specifically designed to assist human red team ROP exploit builders. In contrast, previous ROP tools typically require users to inspect a puzzle of hundreds or thousands of lines of textual information, making it a daunting task. ROPMATE presents builders with a clear interface of well-defined and semantically meaningful gadgets, i.e., fragments of code already present in the binary application that can be chained to form fully-functional exploits. The system supports incrementally building exploits by suggesting gadget candidates filtered according to constraints on preserved registers and accessed memory. Several visual aids are offered to identify suitable gadgets and assemble them into semantically correct chains. We report on a preliminary user study that shows how ROPMATE can assist users in building ROP chains.

ROPMate: Visually Assisting the Creation of ROP-based Exploits / Angelini, Marco; Blasilli, Graziano; Borrello, Pietro; Coppa, Emilio; Cono D'Elia, Daniele; Ferracci, Serena; Lenti, Simone; Santucci, Giuseppe. - 2018 IEEE Symposium on Visualization for Cyber Security (VizSec), (2018), pp. - (IEEE Symposium on Visualization for Cyber Security (VizSec), Berlin, Germany, 22 ottobre 2018). [10.1109/VIZSEC.2018.8709204].

ROPMate: Visually Assisting the Creation of ROP-based Exploits

Marco Angelini;Emilio Coppa;
2018

Abstract

Exploits based on ROP (Return-Oriented Programming) are increasingly present in advanced attack scenarios. Testing systems for ROP-based attacks can be valuable for improving the security and reliability of software. In this paper, we propose ROPMATE, the first Visual Analytics system specifically designed to assist human red team ROP exploit builders. In contrast, previous ROP tools typically require users to inspect a puzzle of hundreds or thousands of lines of textual information, making it a daunting task. ROPMATE presents builders with a clear interface of well-defined and semantically meaningful gadgets, i.e., fragments of code already present in the binary application that can be chained to form fully-functional exploits. The system supports incrementally building exploits by suggesting gadget candidates filtered according to constraints on preserved registers and accessed memory. Several visual aids are offered to identify suitable gadgets and assemble them into semantically correct chains. We report on a preliminary user study that shows how ROPMATE can assist users in building ROP chains.
2018
Malware Analysis, Return-Oriented Programming, Code Reuse, ROP Exploits, Visual Analytics
File in questo prodotto:
File Dimensione Formato  
Angelini_ROPMate_2018.pdf

Solo gestori archivio

Tipologia: Versione dell'editore
Licenza: Tutti i diritti riservati
Dimensione 1.05 MB
Formato Adobe PDF
1.05 MB Adobe PDF   Visualizza/Apri
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11385/236300
Citazioni
  • Scopus 13
  • ???jsp.display-item.citation.isi??? 0
social impact