Microsoft security tool has ROP defence inspired by BlueHat finalist

Microsoft has released the technology preview of a new security toolkit that uses defences inspired by one of the contestants of its BlueHat Prize security competition.

The tool includes protection against return-oriented programming (ROP) attacks, an advanced technique attackers use to combine short pieces of valid code already present in a system for a malicious purpose, Microsoft said. The defence against those kind of attacks was developed by Ivan Fratric, a researcher at the University of Zagreb, Croatia, who has a PhD in computer science.

Fratric submitted a security tool called ROPguard to the BlueHat competition, which is software that aims to hinder return-oriented programming attacks by defining a set of checks that can be used to detect when certain functions are being called in the context of malicious ROP code, Microsoft said. Fratric's defence system can help protect against attacks that exploit memory safety vulnerabilities, the company added.

Microsoft's Trustworthy Computing Group released a technology preview of the Enhanced Mitigation Experience Toolkit (EMET) 3.5 this morning that includes ROP defences "inspired by" Fratric's ROPguard. The technology was integrated in EMET within three months, and the addition helps make software significantly more resistant to exploitation, Microsoft said, adding that Fratric helped incorporate the technology into EMET.

The BlueHat Prize is a competition that aims to entice researchers to develop defensive technologies by awarding more than $250,000 in cash and prizes. The competition was launched at last year's BlackHat security conference in Las Vegas and closed on April 1, 2012. Microsoft has yet to determine if Fratric, who is one of three finalists, will receive the grand prize of $200,000.