Return Oriented Programming (ROP) attacks, in which a cyber attacker crafts an exploit from instruction sequences already contained in a running binary, have become popular and practical. While previous research has investigated software diversity and dynamic binary instrumentation for defending against ROP, many of these approaches incur large performance costs or are susceptible to Blind ROP attacks.
Vulnerabilities in today’s computer systems are relentlessly exploited by cyber attackers armed with sophisti- cated vulnerability search and exploit development toolkits. To protect against such threats, we are developing FUZZBUSTER, an automated system that provides adaptive immunity against a wide variety of cyber threats. FUZZBUSTER uses custom and off-the-shelf fuzz-testing tools to find vulnerabilities, create vulnerability profiles identifying the inputs that drive target programs to the corresponding faults, and synthesize adap- tations that prevent future exploits.