Experiments on ROP Attack with Various Instruction Set Architectures

The return-oriented programming (ROP) attack attempts to execute malicious code by collecting code snippets, and several ROP variants have been proposed. Although there are security mechanisms against ROP attacks, these require high-spec architectures with respect to memories and CPUs. Recently, Cloosters et al. analyzed the features of various CPUs including the ARM 32, the ARM64 and the RISC-V, and they developed a method to search ROP gadgets automatically and then construct an ROP chain. In this paper, we reconsider the possibility of ROP attacks against the x86, ARM32, and ARM64 architectures to investigate their differences. In an experiment, these processors were emulated using the QEMU emulator, and we demonstrate that our method allows us to construct the target environments easily even for multiple processors.