Get an early preview of the new iBridge Network

Access new technology search features and an extended innovation database with new transformative technologies
fed into the platform by our member Academic Institutions, Research Labs, SMEs, Startups


Return-oriented programming payload detection using speculative code execution

Columbia Technology Ventures
posted on 01/15/2012

Lead Inventors: Angelos D. Keromytis, Ph.D. ; Michalis Polychronakis Problem or Unmet Need: Return-oriented programming (ROP) is a co...

Innovation Details

Detailed Description

Lead Inventors: Angelos D. Keromytis, Ph.D.; Michalis Polychronakis

Problem or Unmet Need:

Return-oriented programming (ROP) is a computer exploitation technique in which an attacker executes arbitrary code on a victim system by injecting a sequence of addresses to code fragments (referred to as gadgets) that already exist in the address space of the targeted process on the victim system. Current methods for detecting and/or preventing the execution of malicious code such as Data Execution Protection (DEP) are ineffective against ROP attacks because the injected payload in such attacks contains no identifiable malicious code. The current lack of effective ROP exploit detection methods has encouraged attackers to increasingly employ it to compromise computer systems.

Details of the Invention:

The technology is a software method for the detection of ROP payloads in arbitrary inputs. This method scans the input byte by byte to determine whether it contains a sequence of valid memory addresses that point to consecutively executed unique gadgets in the executable memory segments of a target process. These sequences can be heuristically identified because of the low probability that a benign input would contain a sequence of addresses to code fragments that read valid destination addresses from the input and transfer execution control to them. The detection threshold of the method - specifically, the number of consecutive unique gadgets executed due to a potential payload - can be tuned to increase the robustness of the method to false positives.


-- The technology can effectively identify network-level attacks or documents that contain exploits based upon ROP.


-- In contrast to existing exploit detection and prevention methods that can only identify exploits that contain malicious code, the technology can identify exploits that only contain ROP payloads.

-- The technology can be combined with existing exploit detection methods to identify attacks that comprise both ROP and non-ROP components.

Patent Status: Patent Pending

Licensing Status: Available for Licensing or Sponsored Research Support

Publications: ROP Payload Detection Using Speculative Code Execution, M. Polychronakis and A.D. Keromytis, Malware 2011, October 2011.

Further Information
Calvin Chu

File Number: CU12079 

IP Protection

License Online

This innovation currently is not available for online licensing. Please contact Tech Transfer at Columbia Technology Ventures for more information.

Request more info via email request more info

Case Manager:

Tech Transfer Tech Transfer

Innovations (1214)

Download Technology Brief (PDF)

Followed By

Follow this innovation

No one is following this innovation.

Related Tags

Find more innovations

February 11, 2009

13,716 members 17,882 innovations 176 organizations


Martin Lehr, Osage University Partners

"iBridge is a great resource for entrepreneurs who are looking for technologies to license. Many premiere universities including Michigan, Columbia, MIT, Penn, and Harvard, participate in the iBridge program."  read more...