Code re-use attacks and their mitigation


Code-Reuse Attacks (CRAs) are well studied in the academic community. In this article, we provide a brief summary of notable attacks and mitigations with a focus on Return-oriented Programming (ROP). Our goal is to provide a roadmap for readers who may or may not be familiar with CRAs and who want to become more familiar with the research. As this is a roadmap, our aim is to be broad and concise with executive summaries, including citations, but otherwise defer to the original publications for a detailed account.

We have included a glossary at the end of technical terms and acronyms. In addition, our bibliography includes more articles than are covered and we recommend the enthusiastic reader to review the bibliography to discover additional reading material in this area.

This material is based upon work supported by the Maryland Procurement Office under Contract No. H98230-15-D-0035. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Maryland Procurement Office.}




  author      = {Jason Dagit and
                 Simon Winwood and
                 Getty Ritter and
                 Jem Berkes and
                 Adam Wick
  institution = {Galois, Inc.},
  title       = {Code re-use attacks and their mitigation},
  year        = {2017},
  note        = {Available at \url{}}}