With Internet use forming an ever greater part of day to day life, security exploits that steal or destroy system resources, data, and private information are an increasing problem. Governments and businesses devote significant resources to preventing intrusions and thefts related to these security exploits. Security exploits come in many forms, such as computer viruses, worms, trojan horses, spyware, keystroke loggers, adware, rootkits, and shellcodes. These exploits are delivered in or through a number of mechanisms, such as spearfish emails, clickable links, documents, executables, or archives. Some of the threats posed by security exploits are of such significance that they are described as cyber terrorism or industrial espionage.
A variant of the shellcode security exploits known as Return Oriented Programming (ROP) has proven very difficult to detect. Return oriented programming makes use of a security vulnerability of a computing device to spoof or control the call stack of that computing device. By spoofing or controlling the call stack, the security exploit is able to utilize select instructions of legitimate processes to effectively create and execute a shellcode. The use of legitimate instructions circumvents memory safeguards that have been put in place to stop shellcode security exploits. The only techniques that have been developed for detecting and responding to return oriented programming, however, impose a substantial performance cost.