Date of Award

Spring 3-2019

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Cyber Operations (PhDCO)

Department

Computer Science

First Advisor

Joshua Stroschein

Second Advisor

Jared DeMott

Third Advisor

Yong Wang

Fourth Advisor

Mark Hawkes

Abstract

Return-oriented programming is the predominant code-reuse attack, where short gadgets or borrowed chunks of code ending in a RET instruction can be discovered in binaries. A chain of ROP gadgets placed on the stack can permit control flow to be subverted, allowing for arbitrary computation. Jump-oriented programming is a class of code-reuse attack where instead of using RET instructions, indirect jumps and indirect calls are utilized to subvert the control flow. JOP is important because can allow for important mitigations and protections against ROP to be bypassed, and some protections against JOP are imperfect. This dissertation presents a design science study that proposes and creates the Jump-oriented Programming Reversing Open Cyber Knowledge Expert Tool, the JOP ROCKET. This is a novel framework for jump-oriented programming (JOP) that can help facilitate binary analysis for exploit development and code-reuse attacks.

The process for manually developing exploits for JOP is a time-consuming and tedious process, often fraught with complications, and an exhaustive review of the literature shows there is a need for a mature, sophisticated tool to automate this process, to allow users to easily enumerate JOP gadgets for Windows x86 binaries. The JOP ROCKET fulfills this unmet need for a fully-featured tool to facilitate JOP gadget discovery. The JOP ROCKET discovers dispatcher gadgets as well as functional gadgets, and it performs classification on gadgets, according to registers used, registers affected, and operations performed. This allows researchers to utilize this tool to be very granular and specific about what gadgets they discover. Additionally, there are a variety of options available to modify how the gadgets are discovered, and this will expand or narrow the quantity of gadgets discovered. This design science research presents original significant contributions in the form of an instantiation and five new or highly reworked and enhanced methods. Some of these methods pertain directly to JOP, while others could be adapted and utilized in other reverse engineering projects. The JOP ROCKET allows researchers to enumerate JOP gadgets for software easily, allowing for a JOP exploit to be more efficiently constructed, whereas before the task would have been a time-consuming process requiring expert knowledge and the use of multiple tools.

Download

Share

COinS