Ruhr-Uni-Bochum
HGI

Copyright: HGI, stock.adobe.com: chinnarach

Lucas Davi Honored with ACM AsiaCCS Test of Time Award

The paper “ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks” has received the Test of Time Award from ACM AsiaCCS, one of the leading international conferences in cybersecurity.

CASA PI Lucas Davi

Copyright: CASA

The paper “ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks” has received the Test of Time Award from ACM AsiaCCS, one of the leading international conferences in cybersecurity. Published in 2011, the work originated from Lucas Davi’s master’s thesis, which he wrote under the supervision of Dr. Marcel Winandy and Prof. Ahmad-Reza Sadeghi. Today, Lucas Davi is a professor and director of paluno – The Ruhr Institute for Software Technology.

 

Computer science is an exceptionally fast-moving field. Technologies, methods, and research trends often change within just a few years. Against this backdrop, it is all the more remarkable when a scientific paper continues to have an impact 15 years after its publication and still shapes developments in both research and practice.

The award-winning paper introduced ROPdefender, a tool designed to defend against an attack technique that was highly relevant at the time and remains so today: Return-Oriented Programming, or ROP. In a ROP attack, attackers do not inject their own malicious code. Instead, they repurpose existing code fragments already present in a program’s memory. These fragments are chained together to execute malicious operations. The chain is constructed using the machine instruction for a function return (the RET instruction on Intel-based systems).

The practical danger of ROP became apparent around the time ROPdefender was published. The first high-profile attacks against Adobe Reader and Adobe Flash Player emerged, and ROP was also used in the Stuxnet attack, which exploited zero-day vulnerabilities in the Windows operating system. Traditional protection mechanisms such as Data Execution Prevention, or DEP, were ineffective against this type of attack.

ROPdefender introduced a novel software-based approach that can protect programs already installed on a system. The approach is based on a shadow stack: whenever a function is called, the system stores a protected copy of the return address. When the function returns, this address is compared with the stored copy. If the two differ, this is a clear indication of an attack. The potential of this idea was recognized early by the research community: in 2010, Lucas Davi, Marcel Winandy, and Ahmad-Reza Sadeghi were awarded second place in the German IT Security Award for this work.

Since then, the shadow stack principle has found its way into modern processor architectures, where it helps harden systems against classical ROP attacks. For example, Intel processors use the CET, or Control-Flow Enforcement Technology, extension to provide a hardware-based shadow stack.

However, the challenge posed by ROP is far from solved. Attackers continue to develop advanced variants of return-oriented programming techniques, creating new challenges for IT security. The Test of Time Award therefore highlights two things: fundamental research questions in IT security can remain relevant for a remarkably long time, and good ideas, when consistently developed further, can find their way into practice and have a lasting impact on real-world systems.

Publication:

Lucas Davi, Ahmad-Reza Sadeghi and Marcel Winandy: ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks. In: Proc. of 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2011.

Further Links:

Link to the paper: https://dl.acm.org/doi/10.1145/1966913.1966920 

ACM ASAICCS 2026: https://asiaccs2026.cse.iitkgp.ac.in/ 

Article about the German “IT-Sicherheitspreis 2010” at heise-online (in German): https://www.heise.de/news/Deutscher-IT-Sicherheitspreis-2010-fuer-Crypto-Light-1143445.html 

General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.