Return Oriented Programming

Return Oriented Programming

Return Oriented Programming (ROP) ist eine Technik in Computer-Schadprogrammen zur Ausnutzung einer Sicherheitslücke, bei der der Angreifer den Aufrufstack so manipuliert, dass nach dem nächsten Rücksprungbefehl indirekt ausgesuchter Maschinencode ausgeführt wird.[1][2]

Weil der ausgesuchte Maschinencode direkt aus dem ausführbaren Speicher stammt, ist kein Schutz über die Datenausführungsverhinderung (DEP) möglich.[3]

Die Return into libc Technik ist eine spezielle Implementierung des Return Oriented Programmings.

Quellen

  1. Heise Online vom 19. März 2010: Neue Exploittechnik trickst Speicherschutz aus
  2. Heise Online vom 31. Oktober 2011: ROP-Schutz in Windows 8 ausgetrickst
  3. Hovav Shacham, Erik Buchanan, Ryan Roemer, and Stefan Savage: Return-Oriented Programming: Exploits Without Code Injection. Abgerufen am 20. März 2010 (englisch).

Wikimedia Foundation.

Игры ⚽ Нужно решить контрольную?

Schlagen Sie auch in anderen Wörterbüchern nach:

  • Aspect-oriented programming — (AOP) is a programming paradigm that increases modularity by allowing the separation of cross cutting concerns.Separation of concerns entails breaking down a program into distinct parts (so called concerns , cohesive areas of functionality). All… …   Wikipedia

  • Comparison of programming languages (object-oriented programming) — Programming language comparisons General comparison Basic syntax Basic instructions Arrays Associative arrays String operations …   Wikipedia

  • Constructor (object-oriented programming) — Programming language comparisons General comparison Basic syntax Basic instructions Arrays Associative arrays String operations …   Wikipedia

  • Polymorphism in object-oriented programming — In simple terms, polymorphism is the ability of one type, A, to appear as and be used like another type, B. In strongly typed languages, this usually means that type A somehow derives from type B, or type A implements an interface that represents …   Wikipedia

  • Expression-oriented programming languages — An expression oriented programming language is a programming language where (nearly) every construction is an expression and yields a value. Macro definitions, preprocessor commands, and declarations are often treated as statements in expression… …   Wikipedia

  • Protocol (object-oriented programming) — In object oriented programming, a protocol or interface is what or how unrelated objects use to communicate with each other. These are definitions of methods and values which the objects agree upon in order to cooperate. For example, in Java… …   Wikipedia

  • Return-to-libc attack — Une attaque de type return to libc est une attaque informatique démarrant généralement par un dépassement de tampon dans lequel l adresse de retour dans la pile est remplacée par l adresse d une autre fonction et une seconde partie de la pile est …   Wikipédia en Français

  • Return statement — In computer programming, a return statement causes execution to leave the current subroutine and resume at the point in the code immediately after where the subroutine was called known as its return address. The return address is saved, usually… …   Wikipedia

  • Comparison of programming paradigms — Programming paradigms Agent oriented Automata based Component based Flow based Pipelined Concatenative Concurrent computin …   Wikipedia

  • Comparison of programming languages (mapping) — Programming language comparisons General comparison Basic syntax Basic instructions Arrays Associative arrays String operations …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”