Computer Engineering Commons^™

Verifying Data-Oriented Gadgets In Binary Programs To Build Data-Only Exploits, Zachary David Sisco

Browse all Theses and Dissertations

Data-Oriented Programming (DOP) is a data-only code-reuse exploit technique that "stitches" together sequences of instructions to alter a program's data flow to cause harm. DOP attacks are difficult to mitigate because they respect the legitimate control flow of a program and by-pass memory protection schemes such as Address Space Layout Randomization, Data Execution Prevention, and Control Flow Integrity. Techniques that describe how to build DOP payloads rely on a program's source code. This research explores the feasibility of constructing DOP exploits without source code-that is, using only binary representations of programs. The lack of semantic and type information introduces difficulties …