MID-019: ROP Gadget Minimization

Mitigation Tier: Intermediate

Description

Applying Return Oriented Programming (ROP) gadget protection techniques to device code involves eliminating sequences of instructions that can be used as ROP gadgets, zeroing out registers, monitoring gadget history, using gadgets to hide other gadgets, modifying gadgets to make them unusable, etc. The goal of these mechanisms is to reduce the number of reusable code fragments that can successfully be used as ROP gadgets, reducing the likelihood that a threat actor can assemble a number and variety of gadgets sufficient to craft a working exploit payload.

Gadget minimization is most easily be performed at compile time, when the compiler is in control over the precise strings of machine instructions it produces [2][3][4]. Other work seeks to identify and potentially remove or neutralize gadgets found in previously compiled libraries and executables. [1]

IEC 62443 4-2 Mappings

• SAR / EDR / HDR / NDR 3.2 - Protection for malicious code 

References

[1] ivanfrantic. “ropguard.” github.com. Accessed: Aug. 28, 2024. [Online.] Available: https://github.com/ivanfratric/ropguard

[2] pagabuc. “gfree.” github.com. Accessed: Aug. 28, 2024. [Online.] Available: https://github.com/pagabuc/gfree

[3] K. Onarlioglu, L. Bilge, A. Lanzi, D. Balzarotti, and E. Kirda. “G-Free: defeating return-oriented programming through gadget-less binaries” in Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC ‘10. [Online.] Available: https://doi.org/10.1145/1920261.1920269

[4] F. Cassano, C. Bershatsky, J. Ginesin, S. Bashenko, “SafeLLVM: LLVM Without The ROP Gadgets!,” 2023, arXiv:2305.06092v3

MID-019