Good Code, Bad Computations: a Computer Security Gray Area

“If you want to make sure your computer or server is not tricked into undertaking malicious or undesirable behavior, it’s not enough to keep bad code out of the system. Return-oriented programming exploits start out like more familiar attacks on computers. The attacker takes advantage of a programming error in the target system to overwrite the runtime stack and divert program execution away from the path intended by the system’s designers. But instead of injecting outside code – the approach used in traditional malicious exploits – return-oriented programming enables attackers to create any kind of nasty computation or program by using just the existing code.”

2 Comments

  1. 2008-11-10 3:30 pm
  2. 2008-11-10 8:22 pm