Publications
Type of Publication: Research report
Return-Oriented Programming without Returns on ARM
- Author(s):
- Davi, Lucas; Sadeghi, Alexandra Dmitrienko Ahmad-Reza; Winandy, Marcel
- Number of Report or Contribution:
- HGI-TR-2010-002
- Publication Date:
- 2010
- Link to complete version:
- https://www.ais.rub.de/media/trust/veroeffentlichungen/2010/07/21/ROP-without-Returns-on-ARM.pdf
- Citation:
- Download BibTeX
Abstract
In this paper we present a novel and general memory-related attack method on ARM-based computing platforms. Our attack deploys the principles of return-oriented programming (ROP), however, in contrast to conventional ROP, it exploits jumps instead of returns, and hence it can not be detected by return address checkers. Although a similar attack has been recently proposed for Intel x86, it was unclear if the attack technique can be deployed to ARM-based computing platforms as well. Developing a jump-based attack on ARM is more involved, because ARM is based on a RSIC architecture which differs in many aspects from Intel's x86 architecture. Nevertheless, we show a Turing-complete attack that can induce arbitrary change of behavior in running programs without requiring code injection. As proof of concept, we instantiate our attack method on the Android platform.