[cantankerous]

I think that Shacham paper is the best primer on ROP of all the papers I've read, including the paper mentioned by the parent commentor:

http://cseweb.ucsd.edu/~hovav/dist/geometry.pdf

[jeffreyg]

I agree. This is the paper that started it all.

[tptacek]

Well. It's the paper that made the topic break out.

[lawnchair_larry]

Not true. It just took credit for it, and somehow managed to inject a new buzzword into circulation.

http://www.suse.de/~krahmer/no-nx.pdf is from 2005.

http://www.comms.engg.susx.ac.uk/fft/security/solaris_non_ex... is from 1999.

[onars]

It is true that code-reuse attacks have been around for some time, but Shacham's paper actually showed that you can make arbitrary --Turing complete-- computations with this approach, among other things. I think this alone is a good contribution.