close
This essay has been submitted by a student. This is not an example of the work written by professional essay writers.

Jump-oriented Programming

downloadDownload printPrint

Remember! This is just a sample.

You can get your custom paper by one of our expert writers.

Get custom essay

121 writers online

Jump-oriented Programming essay

Return oriented programming (ROP) and Jump-oriented programming (JOP) are both code-reuse attack. They re-use legitimate code of a vulnerable program to construct arbitrary computation without injecting code. They are computer security exploit technique which mainly allows an attacker to execute code even in the presence of security defenses, like no-executable memory and code signing. ROP is an effective code-reuse attack in which short code sequences ending in a ret instruction are found with existing binaries and executed in arbitrary order by taking control of the stack, but its inherent characteristics, such as reliance on the stack and the consecutive execution of return-oriented gadgets, have prompted a variety of defenses to detect or prevent it from happening. Whereas Jump-oriented programming doesn’t rely on the stack and ret instructions as seen in ROP without sacrificing expressive power. In JOP, without the convenience of using ret to unify them, the attack relies on a dispatcher gadget to dispatch and execute the functional gadgets. As in ROP, the building blocks of JOP are still short code sequences called gadgets.

JOP does the same job as of return oriented in terms of building & chaining functional gadgets, with each gadget performing certain primitive operations. The main difference is, these gadgets end in an indirect branch rather than ret as seen in return oriented program. They are different in format, ROP uses ret as ending instruction. It uses ret as ending of gadget to chain multiple frames, whereas JOP uses jmp, it uses jmp as an ending of gadget. With jmp, we can’t chain the frames, which is a new problem in JOP on how to chain gadgets together with uni-directional jmps.

The solution to this problem was the proposition of ‘the dispatcher gadget’ which will be used to govern control flow among various jump-oriented gadgets. This dispatcher gadget will be used to determine which functional gadget is going to be invoked next. This dispatcher gadget can maintain an internal dispatch table that will explicitly specifies the control flow of functional gadgets. It will also ensures that the ending jmp instruction in the functional gadget will always transfer the control back to the dispatcher gadget. With this, jump-oriented computation became feasible.

In a JOP-based attack, the attacker abandons all reliance on the stack for control flow and ret for gadget discovery and chaining, instead it uses sequence of indirect jump instructions. Instead of ending with a ret, each such gadget ends with an indirect jmp. Unlike ROP, where a ret gadget can naturally return back the control based on the content of the stack, a jmp gadget is performing an uni-directional control-flow transfer to its target, making it tough to regain control back to further chain the execution of next jump-oriented gadget. What these techniques have in common is that they all assume that the attack must use the stack to govern control flow. Jump-oriented programming is an alternative that has no reliance on the stack, and is therefore immune to such defenses. By not relying on the stack for control flow, JOP can potentially use any memory range, including even non-contiguous memory, to hold the dispatch table. In particular, under this attack, we can build and chain normal functional gadgets with each performing certain primitive operations.

However, due to the lack of ret to chain them, this attack relies on a dispatcher gadget to dispatch and execute next functional gadget. Figure1: Return-oriented programming (ROP) vs. jump-oriented programming (JOP) Figure 1 compares ROP vs JOP. Like ROP, a JOP program consists of a set of gadget addresses and data values loaded into memory, with the gadget addresses being analogous to opcodes within a new jump-oriented machine. In ROP, this data is stored in the stack, so the stack pointer esp serves as the program counter in a return-oriented program.

JOP is not limited to using esp to reference its gadget addresses, and control flow is not driven by the ret instruction. Instead, in JOP, dispatch table is used to hold gadget addresses and data. The program counter is any register that points into the dispatch table. Dispatcher gadget is used to drive the Control flow by executing the sequence of gadgets. At each invocation, the dispatcher advances the virtual program counter, and launches the associated gadget.

Remember: This is just a sample from a fellow student.

Your time is important. Let us write you an essay from scratch

experts 450+ experts on 30 subjects ready to help you just now

delivery Starting from 3 hours delivery

Find Free Essays

We provide you with original essay samples, perfect formatting and styling

Cite this Essay

To export a reference to this article please select a referencing style below:

Jump-Oriented Programming. (2018, September 04). GradesFixer. Retrieved December 4, 2022, from https://gradesfixer.com/free-essay-examples/jump-oriented-programming/
“Jump-Oriented Programming.” GradesFixer, 04 Sept. 2018, gradesfixer.com/free-essay-examples/jump-oriented-programming/
Jump-Oriented Programming. [online]. Available at: <https://gradesfixer.com/free-essay-examples/jump-oriented-programming/> [Accessed 4 Dec. 2022].
Jump-Oriented Programming [Internet]. GradesFixer. 2018 Sept 04 [cited 2022 Dec 4]. Available from: https://gradesfixer.com/free-essay-examples/jump-oriented-programming/
copy to clipboard
close

Where do you want us to send this sample?

    By clicking “Continue”, you agree to our terms of service and privacy policy.

    close

    Be careful. This essay is not unique

    This essay was donated by a student and is likely to have been used and submitted before

    Download this Sample

    Free samples may contain mistakes and not unique parts

    close

    Sorry, we could not paraphrase this essay. Our professional writers can rewrite it and get you a unique paper.

    close

    Thanks!

    Please check your inbox.

    We can write you a custom essay that will follow your exact instructions and meet the deadlines. Let's fix your grades together!

    boy

    Hi there!

    Are you interested in getting a customized paper?

    Check it out!
    Don't use plagiarized sources. Get your custom essay. Get custom paper
    exit-popup-close

    Get expert help for your assignment!

    We can help you get a better grade and deliver your task on time!

    • Instructions Followed To The Letter
    • Deadlines Met At Every Stage
    • Unique And Plagiarism Free
    Get your paper order now