[ Back to EurekAlert! ]

Contact: Daniel Kane
dbkane@ucsd.edu
858-534-3262
University of California - San Diego

Return-oriented Programming Shows Limits of Software Defenses

Caption: If you want to make sure your computer or server is not tricked into undertaking malicious or undesirable behavior, it's not enough to keep bad code out of the system. Two graduate students from UC San Diego's computer science department (L-R Ryan Roemer and Erik Buchanan) have just published work showing that the process of building bad programs from good code using "return-oriented programming" can be automated and that this vulnerability applies to multiple computer architectures.

Credit: UC San Diego Jacobs School of Engineering

Usage Restrictions: mandatory credit: UC San Diego Jacobs School of Engineering

Related news release: Good code, bad computations: A computer security gray area


[ Back to EurekAlert! ]