-
Essay / Jump-Oriented Programming
Return-oriented programming (ROP) and jump-oriented programming (JOP) are both code reuse attacks. They reuse legitimate code from a vulnerable program to construct arbitrary calculations without injecting code. It is a computer security exploitation technique that primarily allows an attacker to execute code even in the presence of security defenses, such as non-executable memory and code signing. ROP is an efficient code reuse attack in which short code sequences ending with a ret instruction are found along with existing binaries and executed in an arbitrary order by taking control of the stack but its inherent characteristics, such as Stack dependence, and the subsequent execution of return-oriented gadgets, have prompted various defenses to detect or prevent this from happening. While Jump oriented programming does not rely on stack and ret statements as seen in ROP without sacrificing expressive power. In JOP, without the ability to use ret to unify them, the attack relies on a dispatcher gadget to distribute and execute the functional gadgets. As in ROP, the building blocks of JOP are always short code sequences called gadgets. Say no to plagiarism. Get a tailor-made essay on “Why Violent Video Games Should Not Be Banned”? Get the original essay JOP does the same job right back, oriented in terms of building and chaining together functional gadgets, with each gadget performing some primitive operations. The main difference is that these gadgets terminate in an indirect branch rather than a ret as shown in return-oriented programs. They are of different format, ROP uses ret as end instruction. It uses ret as a gadget ending to chain multiple images together, while JOP uses jmp, it uses jmp as a gadget ending. With jmp we can't chain frames, which is a new problem in JOP on how to chain gadgets with one-way jmps. The solution to this problem was the proposed “splitter gadget” which will be used to govern the flow between various jump oriented gadgets. This dispatcher gadget will be used to determine which functional gadget will be summoned next. This dispatcher gadget can manage an internal dispatch table that explicitly specifies the control flow of functional gadgets. This will also ensure that the terminating jmp instruction in the functional gadget will always transfer control to the dispatcher gadget. Thanks to this, jump-oriented computing became possible. In a JOP-based attack, the attacker drops all reliance on the stack for control flow and falls back for gadget discovery and chaining, but instead uses a sequence of indirect jump instructions. Instead of ending with a ret, each of these gadgets ends with an indirect jmp. Unlike ROP, where a ret gadget can naturally return control based on the contents of the stack, a jmp gadget performs a one-way control flow transfer to its target, making it difficult to regain control to further chain execution . of the next jumping oriented gadget. What these techniques have in common is that they all assume that the attack must use the stack to govern the flow of control. Jump-oriented programming is an alternative that is not stack-dependent and therefore immune to such defenses. By not relying on the stack for control flow, JOP can potentially use any memory range, including even non-contiguous memory, to hold the allocation table. In particular, in.