About: Sigreturn-oriented programming

An Entity of Type: Thing, from Named Graph: http://dbpedia.org, within Data Space: dbpedia.org

Sigreturn-oriented programming (SROP) is a computer security exploit technique that allows an attacker to execute code in presence of security measures such as non-executable memory and code signing. It was presented for the first time at the 35th IEEE Symposium on Security and Privacy in 2014 where it won the best student paper award. This technique employs the same basic assumptions behind the return-oriented programming (ROP) technique: an attacker controlling the call stack, for example through a stack buffer overflow, is able to influence the control flow of the program through simple instruction sequences called gadgets. The attack works by pushing a forged sigcontext structure on the call stack, overwriting the original return address with the location of a gadget that allows the at

Property	Value
dbo:abstract	Sigreturn-oriented programming (SROP) is a computer security exploit technique that allows an attacker to execute code in presence of security measures such as non-executable memory and code signing. It was presented for the first time at the 35th IEEE Symposium on Security and Privacy in 2014 where it won the best student paper award. This technique employs the same basic assumptions behind the return-oriented programming (ROP) technique: an attacker controlling the call stack, for example through a stack buffer overflow, is able to influence the control flow of the program through simple instruction sequences called gadgets. The attack works by pushing a forged sigcontext structure on the call stack, overwriting the original return address with the location of a gadget that allows the attacker to call the sigreturn system call. Often just a single gadget is needed to successfully put this attack into effect. This gadget may reside at a fixed location, making this attack simple and effective, with a setup generally simpler and more portable than the one needed by the plain return-oriented programming technique. Sigreturn-oriented programming can be considered a weird machine since it allows code execution outside the original specification of the program. (en)
dbo:thumbnail	wiki-commons:Special:FilePath/Sigret_stackframe.svg?width=300
dbo:wikiPageExternalLink	http://0x36.blogspot.it/2014/06/sigreturn-rop-exploitation-technique.html http://docs.binjit.su/rop/srop.html http://v0ids3curity.blogspot.it/2015/06/fun-with-srop-exploitation.html http://x86overflow.blogspot.it/2014/04/playing-around-with-srop.html http://zer0day.tistory.com/275 https://labs.portcullis.co.uk/blog/ohm-2013-review-of-returning-signals-for-fun-and-profit/
dbo:wikiPageID	50825018 (xsd:integer)
dbo:wikiPageLength	13379 (xsd:nonNegativeInteger)
dbo:wikiPageRevisionID	1115666265 (xsd:integer)
dbo:wikiPageWikiLink	dbr:NX_bit dbr:Return-oriented_programming dbr:Canary_value dbr:Information_leakage dbr:Gadget_(machine_instruction_sequence) dbr:Weird_machine dbr:Vulnerability_(computing) dbr:Context_switch dbr:Control_flow dbc:Computer_security_exploits dbr:Linux dbr:Linux_kernel dbr:Linux_kernel_interfaces dbr:Call_stack dbr:Stack_(abstract_data_type) dbr:Data_execution_prevention dbr:Address_space_layout_randomization dbr:Exclusive_or dbr:POSIX dbr:Magic_cookie dbr:Backdoor_(computing) dbr:Code_reuse dbr:Buffer_overflow dbr:Control-flow_Enforcement_Technology dbr:Intel dbr:System_call dbr:Memory_management_unit dbr:Virtual_machine dbr:Shell_(computing) dbr:Shellcode dbr:Exploit_(computer_security) dbr:Stack_buffer_overflow dbr:Executable_space_protection dbr:Unix_signal dbr:Shadow_stack dbr:VDSO dbr:Turing-complete dbr:Self-modifying_program dbr:Computer_security_exploit dbr:Binaries dbr:Brainfuck_programming_language dbr:Stack_smashing dbr:File:Sigret_stackframe.svg
dbp:wikiPageUsesTemplate	dbt:Anchor dbt:Mono dbt:Na dbt:Reflist dbt:Short_description dbt:Ya
dcterms:subject	dbc:Computer_security_exploits
rdfs:comment	Sigreturn-oriented programming (SROP) is a computer security exploit technique that allows an attacker to execute code in presence of security measures such as non-executable memory and code signing. It was presented for the first time at the 35th IEEE Symposium on Security and Privacy in 2014 where it won the best student paper award. This technique employs the same basic assumptions behind the return-oriented programming (ROP) technique: an attacker controlling the call stack, for example through a stack buffer overflow, is able to influence the control flow of the program through simple instruction sequences called gadgets. The attack works by pushing a forged sigcontext structure on the call stack, overwriting the original return address with the location of a gadget that allows the at (en)
rdfs:label	Sigreturn-oriented programming (en)
owl:sameAs	yago-res:Sigreturn-oriented programming wikidata:Sigreturn-oriented programming dbpedia-fa:Sigreturn-oriented programming https://global.dbpedia.org/id/2M2cA
prov:wasDerivedFrom	wikipedia-en:Sigreturn-oriented_programming?oldid=1115666265&ns=0
foaf:depiction	wiki-commons:Special:FilePath/Sigret_stackframe.svg
foaf:isPrimaryTopicOf	wikipedia-en:Sigreturn-oriented_programming
is dbo:wikiPageRedirects of	dbr:Signal_cookie dbr:SROP_(computer_security)
is dbo:wikiPageWikiLink of	dbr:Return-oriented_programming dbr:Signal_cookie dbr:Central_processing_unit dbr:SROP dbr:SROP_(computer_security) dbr:VDSO
is foaf:primaryTopic of	wikipedia-en:Sigreturn-oriented_programming