Data-oriented attacks manipulate non-control data to alter a program’s benign behavior without violating its control-flow integrity. It has been shown that such attacks can cause significant damage even in the presence of control-flow defense mechanisms. However, these threats have not been adequately addressed. In this survey article, we first map data-oriented exploits, including Data-Oriented Programming (DOP) and Block-Oriented Programming (BOP) attacks, to their assumptions/requirements and attack capabilities. Then, we compare known defenses against these attacks, in terms of approach, detection capabilities, overhead, and compatibility. It is generally believed that control flows may not be useful for data-oriented security. However, data-oriented attacks (especially DOP attacks) may generate side effects on control-flow behaviors in multiple dimensions (i.e., incompatible branch behaviors and frequency anomalies). We also characterize control-flow anomalies caused by data-oriented attacks. In the end, we discuss challenges for building deployable data-oriented defenses and open research questions.

中文翻译：

---

具有现有和潜在防御方法的面向数据攻击的利用技术

面向数据的攻击操纵非控制数据来改变程序的良性行为，而不会破坏其控制流的完整性。已经表明，即使存在控制流防御机制，此类攻击也会造成重大损害。然而，这些威胁并未得到充分解决。在这篇调查文章中，我们首先绘制了面向数据的漏洞利用，包括面向数据的编程 (DOP) 和面向块的编程 (BOP)攻击，他们的假设/要求和攻击能力。然后，我们在方法、检测能力、开销和兼容性方面比较了针对这些攻击的已知防御措施。人们普遍认为，控制流可能对面向数据的安全性没有用处。然而，面向数据的攻击（尤其是 DOP 攻击）可能会对多维度的控制流行为产生副作用（即不兼容的分支行为和频率异常）。我们还描述了由面向数据的攻击引起的控制流异常。最后，我们讨论了构建可部署的面向数据的防御和开放研究问题的挑战。