Application security metrics when using defense system against vulnerabilities based on return-oriented programming

Download article in PDF format

Authors: Lubkin I. A.

Annotation: The vulnerabilities using return-oriented programming pose threats to the functioning of information systems. There are many protection systems to counteract them. They are based on various principles of functioning. At the same time, there are no generally accepted approaches to assess the security of applied solutions. The paper proposes security metrics that allow obtaining objective data on the efficiency of protection against RoP vulnerabilities. Proposed security metrics show ability to perform attack by gain control over control flow graph.

Keywords: vulnerability, remote code execution, rop, code protection, metrics