关键词: ROP，程序自动化，地址随机化，找溢出，程序控制流，程序安全

Abstract: With the adoption of W⊕ X technology, the traditional code injection attacks have been almost eliminated, so the return-to-lib attack has been greatly restrained. Under this circumstance, Doc. Hovav Shacham promoted the ROP i- dea, which is short for Return-Oriented Programming. Based on the theory of stack overflow, making using of the valid short instruction sequences that end with ret instructions to construct gadget collections with Turning-Complete fea- lures, the ROP idea can accomplish the task of compute and attack. In this paper, we presented achievements in ROP field and ROP's ability of attack since its promotion,and then illustrated the direction for development of the automa- lion of ROP attack and its current achievements, after that, analyzed and predicted the future development of ROP auto- mation. Simultaneously, we discussed strategies and methods aiming at eliminating this attack based on its characteris- tics, introduced exisiting achievements of defending this attack by comparing their merits and demerits, gave our own perspectives of these defending strategies and methods about how to change and improve them.

Key words: ROP, Program automation, Address randomization, Stack overflow, Program control flow, Program security