IBM recently announced a software-oriented solution to help eradicate Return Oriented Programming (ROP) malware attacks. ROP is a significant and growing problem in the industry. Crafty hackers will use snippets of code from other trusted programs and stitch it together to create their attacks. It has become a very popular and effective technique for top malware.
Almost 90 percent of exploit-based software attacks use the hostile ROP technique in the chain of attack.
The Security Intelligence article referenced a blog I wrote in June about how Intel and Microsoft have developed a hardware based solution. Thought leading companies are looking to prevent these types of attacks.
First, let’s recognize that the problem is real, it is an issue now, and will likely be a favorite method of attackers because of its effectiveness and stealth properties. Because it is using parts of trusted code, it is very difficult to detect and stop. Software solutions have tried in the past to stem the problem, but have largely been unsuccessful. Software fighting software is just to even of a fight and the attackers only need to find one way around preventative solutions to win. I hope the IBM solution has a positive effect, but am concerned about the long term viability.
In the end, I believe the future of ROP security will be based on features embedded beneath the software, operating systems, virtual machines, and even beneath the firmware, and located in the hardware processor itself. Hardware tends to be outside the maneuvering zone of software hackers, therefore can give a definitive advantage to securing the system from ROP based attacks. The architecture itself can be designed to give advantages to secure computing practices, help OS’s be more secure, and compensate for vulnerable software.
Regardless of where it happens, it is very important for innovative minds to continue to work on taking the fangs out of ROP attacks.