Question

What are some steps that individuals or organizations can take to protect themselves from return oriented programming attacks?

Answer 1

Some steps or defense that individuals or organizations can take to protect themselves from Return Oriented Programming (ROP) attacks are:
In general, it requires to maintain Control Flow Integrity (CFI) to defend against ROP attacks.

* G-Free: It is a technique and a practical solution to defend and fight against any potential form of ROP. It removes or rules out all unaligned free-branch instructions within a binary executable, and safe-guards from attackers preventing them from using the free-branch instructions. Also, it verifies the authenticity of function calls appending a validation block. In case it does not find the desired result, G-Free causes application crashing.

* Address Space Layout Randomization (ASLR): This defense, in general, requires randomizing the location of program and library code, making attackers unable to accurately predict instructions; locations that could be useful in gadgets and hence, would not be able to mount a successful return-oriented programming attack chain. This defense loads shared libraries into different memory locations for every program load.

Defense: Randomization of the code's location using ASLR, compiling for position independence on a 64-bit machine, making attacks very difficult.

* SEHOP: SEHOP is the acronym for Structured Exception Handler Overwrite Protection. It is a feature of Windows OS protecting, defending, and safeguarding against stack overflow attacks and structured exception handler attacks.

* Binary Code Randomization: This defense is applicable for network interfaces and system programming. Binary Randomization is used in a software update system. For all the updated devices, the Cloud-based service would introduce variations to code, performs online compilation, and dispatch the binary. This defense is very effective.

* W^X: This defense is carried out in organizations by developers or defenders. The stack memory (stack or heap) would have to be made non-executable (NX) or No-eXecute, called Data Execution Prevention (DEP), preventing the injection of code on the stack. This technique is a security feature where pages in a process' memory are made either, writable or executable, but never both.

For the attacks, attackers carry out without injecting code by jumping or returning to libc using system command. In order to prevent and defend this, defenders hide the address of the desired libc code or return address using Address Space Layout Randomization (ASLR).

Defense: Defenders could stop using libc code altogether, but rather use code in the program text.
* Against control flow attacks: In this defense, both, organizations and individuals using Internet of Things (IoT) devices and gadgets made of small embedded systems, could use Instruction Based Memory Access Control (IB-MAC) implemented hardware, thus protecting such low-cost embedded systems against malicious control flow and stack overflow attacks.

* Against return-oriented rootkits defense.

* Pointer Authentication Codes (PAC): This defense can be carried out by individuals who are using the latest iPhone A12 chips which are upgraded to ARMv8.3, which uses PACs. The ARMv8.3-A architecture holds a hardware level new feature, exploiting unused bits in the pointer address space to cryptographically sign pointer addresses. The signature is checked before jumping to a pointer. The check fails, in case, an error is encountered.

In general, in this case, the defense would be to ensure to have memory safety which is useful and use of memory safe programming languages.
* One could use an automated defense called control-flow integrity but would be available in the near future.