Browse Prior Art Database

A Split Stack Implementation to Prevent Malicious Code Branches

IP.com Disclosure Number: IPCOM000236854D
Publication Date: 2014-May-19
Document File: 4 page(s) / 265K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is an idea to separate the critical instruction address, stack pointer values, and exception information from the standard pushed data and to place these critical pieces of data in a read-only section that's only modifiable by the processor. Thus any attempt to overwrite critical values would result in a data except ion, preventing branches to malicious code.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 54% of the total text.

Page 01 of 4

A Split Stack Implementation to Prevent Malicious Code Branches

Disclosed is an idea to separate the critical instruction address, stack pointer values, and exception information from the standard pushed data and to place these critical pieces of data in a read-only section that's only modifiable by
the processor. Thus any attempt to overwrite critical values would result in a data exception, preventing branches to malicious code.

Currently region/section definitions allow a gross level of security over the firmware running on a processor by setting up read only code regions and sections. However, the stack offers one particular glaring opportunity for hijacking a processor with malicious code by overwriting it (perhaps via buffer overrun, which could originate from outside or within the stack itself) and then performing a return instruction, making the processor jump to some code originally unintended or non-existent. The problem might have
been prevented if only we could protect the return addresses, stack pointer values, and exception information in the stack.


Page 02 of 4

Memory

Region =

Stack Frame 1

R/W

Stack Frame

Return Address

Exception Info

Stack Data

Stack Frame 2

Stack Frame

Return Address

Exception Info

Stack Data

Buffer

A buffer overrun caused by malicious software eventually replaces the stack return address with the address of one of it's own functions, causing a branch to malicious code on the next return statement.


Page 03 of 4

For backward compa...