Xiaobin Shen scite author profile

Abstract. Return-Oriented Programming (ROP) is a new technique that helps the attacker construct malicious code mounted on x86/SPARC executables without any function call at all. Such technique makes the ROP malicious code contain no instruction, which is different from existing attacks. Moreover, it hides the malicious code in benign code. Thus, it circumvents the approaches that prevent control flow diversion outside legitimate regions (such as W ⊕ X) and most malicious code scanning techniques (such as anti-virus scanners). However, ROP has its own intrinsic feature which is different from normal program design: (1) uses short instruction sequence ending in "ret", which is called gadget, and (2) executes the gadgets contiguously in specific memory space, such as standard GNU libc. Based on the features of the ROP malicious code, in this paper, we present a tool DROP, which is focused on dynamically detecting ROP malicious code. Preliminary experimental results show that DROP can efficiently detect ROP malicious code, and have no false positives and negatives.

show abstract

Automatic construction of jump-oriented programming shellcode (on the x86)

Chen

Xing

Mao

et al. 2011

View full text Add to dashboard Cite

Return-Oriented Programming (ROP) is a technique which leverages the instruction gadgets in existing libraries/executables to construct Turing complete programs. However, ROP attack is usually composed with gadgets which are ending in ret instruction without the corresponding call instruction. Based on this fact, several defense mechanisms have been proposed to detect the ROP malicious code. To circumvent these defenses, Return-Oriented Programming without returns has been proposed recently, which uses the gadgets ending in jmp instruction but with much diversity. In this paper, we propose an improved ROP techniques to construct the ROP shellcode without returns. Meanwhile we implement a tool to automatically construct the realworld Return-Oriented Programming without returns shellcode, which as demonstrated in our experiment can bypass most of the existing ROP defenses.

show abstract

Visualization and analysis of email networks

Hong

Nikolov

et al. 2007

View full text Add to dashboard Cite

This paper presents various methods for visualization and analysis of email networks; visualization on the surface of a sphere to reveal communication patterns between different groups, a hierarchical drawing displaying the centrality analysis of nodes to emphasize important nodes, a 2.5D visualization for temporal email networks to analyze the evolution of email relationships changing over time, and an ambient display for finding social circles derived from the email network. Each method was evaluated with various data sets from a research organization. We also extended our method for visual analysis of an email virus network.

show abstract

IntFinder: Automatically Detecting Integer Bugs in x86 Binary Program

Chen

Han

Wang

et al. 2009

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Xiaobin Shen

Patterns of Plasma Corticotropin-Releasing Hormone, Progesterone, Estradiol, and Estriol Change and the Onset of Human Labor

DROP: Detecting Return-Oriented Programming Malicious Code

Automatic construction of jump-oriented programming shellcode (on the x86)

Visualization and analysis of email networks

IntFinder: Automatically Detecting Integer Bugs in x86 Binary Program

Contact Info

Product

Resources

About