Bypassing CPU Protections using Function-Oriented Programming (FOP): A Linux Kernel Case Study

Authors

  • Suryo Bramasto Institut Teknologi Indonesia image/svg+xml Author
  • Muhammad Ramli Author

DOI:

https://doi.org/10.30998/faktor.exac.v19i1.807

Keywords:

function oriented programming, gadgets, kernel, linux, proteksi CPU

Abstract

Modern Central Processing Unit (CPU) hardware protections have significantly increased the difficulty of traditional code-reuse attacks, such as Return-Oriented Programming (ROP) and Jump-Oriented Programming (JOP). This study investigates the viability of Function-Oriented Programming (FOP), a novel exploitation technique, against systems implementing these modern architectural mitigations. Combining a comprehensive literature review with controlled simulations, this research introduces FOP Arbalest, an analytical artifact designed to identify, validate, and map exploitable FOP gadgets. Evaluation of the Linux kernel v5.19.17 demonstrates that FOP Arbalest identified 7,470, 18,541, and 52,285 gadgets at increasing analysis depths, yielding substantially more than conventional ROP and JOP techniques. Notably, FOP Arbalest is the first framework to integrate symbolic execution as the primary mechanism for FOP gadget detection, whereas prior x86-64 approaches relied exclusively on compiler plugins and static analysis. Future work will implement FOP techniques on Qualcomm Snapdragon system-on-chip (SoC) platforms to evaluate the portability and scalability of this vector across heterogeneous mobile computing environments.

Downloads

Download data is not yet available.

References

J. Ravichandran, W. T. Na, J. Lang, and M. Yan, “PACMAN,” in Proceedings of the 49th Annual International Symposium on Computer Architecture, New York, NY, USA: ACM, Jun. 2022, pp. 685–698. doi: 10.1145/3470496.3527429.

S. Ognawala, F. Kilger, and A. Pretschner, “Compositional Fuzzing Aided by Targeted Symbolic Execution,” Oct. 2019.

R. C. Goluch, “Trust, transforms, and control flow: A graph-theoretic method to verifying source and binary control flow equivalence,” Iowa State University, 2021. doi: 10.31274/etd-20210609-59.

M. Lipp et al., “Meltdown,” Commun ACM, vol. 63, no. 6, pp. 46–56, May 2020, doi: 10.1145/3357033.

S. Matsuoka, “Fugaku and A64FX: the First Exascale Supercomputer and its Innovative Arm CPU,” in 2021 Symposium on VLSI Circuits, IEEE, Jun. 2021, pp. 1–3. doi: 10.23919/VLSICircuits52068.2021.9492415.

X. Zhu, S. Wen, S. Camtepe, and Y. Xiang, “Fuzzing: A Survey for Roadmap,” ACM Comput Surv, vol. 54, no. 11s, pp. 1–36, Jan. 2022, doi: 10.1145/3512345.

V. Chipounov, V. Kuznetsov, and G. Candea, “The S2E Platform,” ACM Transactions on Computer Systems, vol. 30, no. 1, pp. 1–49, Feb. 2012, doi: 10.1145/2110356.2110358.

Y. Cheng, Z. Zhou, M. Yu, X. Ding, and R. H. Deng, “ROPecker: A Generic and Practical Approach For Defending Against ROP Attacks,” in Proceedings 2014 Network and Distributed System Security Symposium, Reston, VA: Internet Society, 2014. doi: 10.14722/ndss.2014.23156.

R. Baldoni, E. Coppa, D. C. D’elia, C. Demetrescu, and I. Finocchi, “A Survey of Symbolic Execution Techniques,” ACM Comput Surv, vol. 51, no. 3, pp. 1–39, May 2019, doi: 10.1145/3182657.

S. Ozdemir, R. Saptarshi, A. Prakash, and D. Ponomarev, “Track Conventions, Not Attack Signatures: Fortifying X86 ABI and System Call Interfaces to Mitigate Code Reuse Attacks,” in 2021 International Symposium on Secure and Private Execution Environment Design (SEED), IEEE, Sep. 2021, pp. 176–188. doi: 10.1109/SEED51797.2021.00029.

D. Parygina, A. Vishnyakov, and A. Fedotov, “Strong Optimistic Solving for Dynamic Symbolic Execution,” in 2022 Ivannikov Memorial Workshop (IVMEM), IEEE, Sep. 2022, pp. 43–53. doi: 10.1109/IVMEM57067.2022.9983965.

S. Xu, P. Xie, and Y. Wang, “AT-ROP: Using static analysis and binary patch technology to defend against ROP attacks based on return instruction,” in 2020 International Symposium on Theoretical Aspects of Software Engineering (TASE), IEEE, Dec. 2020, pp. 209–216. doi: 10.1109/TASE49443.2020.00036.

Downloads

Published

06-07-2026

How to Cite

Bramasto, S., & Ramli, M. (2026). Bypassing CPU Protections using Function-Oriented Programming (FOP): A Linux Kernel Case Study. Faktor Exacta, 19(1). https://doi.org/10.30998/faktor.exac.v19i1.807