Malicious individuals who seek to compromise the security of a computer system often exploit programming errors or other system vulnerabilities to gain unauthorized access to a system. In the past, attackers were able to exploit vulnerabilities, such as weak bounds checking on memory buffers or input strings to inject arbitrary instructions into the address space of a process. The attacker can then subvert the process's control flow to cause the process to perform operations of the attacker's choosing using the process's credentials.
Secure programming practices along with hardware-based security technology have reduced the attack surface over which exploitation techniques may be attempted. Some computer systems include countermeasures to prevent the injection and execution of arbitrary code. In response, ‘return-oriented programming’ (ROP) techniques were developed. Using such techniques, attackers are able to utilize existing instructions in memory to cause a computer system to unwittingly perform some set of arbitrary instructions that may result in a compromised computing system. An example ROP attack utilizes instructions within the process or within system libraries that are linked against a compiled binary of the process.
To perform a ROP attack, an attacker can analyze instructions in address space of process, or in libraries that are linked with the process, to find a sequence of instructions that, if the process were forced to execute, would result in the attacker gaining some degree of unauthorized control over the computing system on which the process executes. Through various attack techniques, such as stack or heap manipulation, forced process crashes, or buffer overflows, the vulnerable process can be forced to execute the sequence of instructions identified by the process. Thus, an attacker can manipulate existing instructions in memory and force a process to perform partially arbitrary operations even if the attacker is no longer able to inject arbitrary code into memory to use when exploiting a vulnerable process.