Data-Oriented Programming - On the Expressiveness of Non-Control Data Attacks

Explore the concept of Data-Oriented Programming (DOP) and its implications for non-control data attacks in this 20-minute IEEE conference talk. Delve into the Turing-complete nature of these exploits and learn about a systematic technique for constructing expressive non-control data attacks on x86 programs. Examine the findings from an experimental evaluation of 9 programs, revealing thousands of data-oriented x86 gadgets and gadget dispatchers. Discover how 8 out of 9 real-world programs contain gadgets capable of simulating arbitrary computations, with 2 confirmed to enable Turing-complete attacks. Investigate three end-to-end attack scenarios that bypass randomization defenses, operate network bots, and alter memory permissions, all while evading ASLR and DEP protections. Gain insights into the significant power DOP grants attackers and consider potential defense strategies against these sophisticated exploits.

Control Attacks are Getting Harder
Contributions
Motivating Example (cont.)
Data-Oriented Programming (DOP) . General construction
Data-Oriented Gadgets
Gadget Dispatcher
Attack Construction
Evaluation - Feasibility
Case Study: Bypassing Randomization
dlopend - Dynamic Linking Interface
Case Study: Simulating A Network Bot
Case Study: Altering Memory Permissions
Related Work
Potential Defenses
Motivatine Example