Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

PSHAPE: Automatically combining gadgets for arbitrary method execution

: Follner, A.; Bartel, A.; Peng, H.; Chang, Y.-C.; Ispoglou, K.; Payer, M.; Bodden, E.


Barthe, G.:
Security and trust management. 12th international conference, STM 2016 : Heraklion, Crete, Greece, September 26-27, 2016; Proceedings
Cham: Springer International Publishing, 2016 (Lecture Notes in Computer Science 9871)
ISBN: 978-3-319-46597-5 (Print)
ISBN: 978-3-319-46598-2 (Online)
International Workshop on Security and Trust Management (STM) <12, 2016, Heraklion>
Conference Paper
Fraunhofer IEM ()

Return-Oriented Programming (ROP) is the cornerstone of today’s exploits. Yet, building ROP chains is predominantly a manual task, enjoying limited tool support. Many of the available tools contain bugs, are not tailored to the needs of exploit development in the real world and do not offer practical support to analysts, which is why they are seldom used for any tasks beyond gadget discovery. We present PSHAPE (Practical Support for Half-Automated Program Exploitation), a tool which assists analysts in exploit development. It discovers gadgets, chains gadgets together, and ensures that side effects such as register dereferences do not crash the program. Furthermore, we introduce the notion of gadget summaries, a compact representation of the effects a gadget or a chain of gadgets has on memory and registers. These semantic summaries enable analysts to quickly determine the usefulness of long, complex gadgets that use a lot of aliasing or involve memory accesses. Case studies on nine real binaries representing 147 MiB of code show PSHAPE’s usefulness: it automatically builds usable ROP chains for nine out of eleven scenarios.