Abstract: Memory corruption vulnerabilities often enable attackers to take control of a target system by overwriting control-flow relevant data (such as return addresses and function pointers), which are potentially stored in close proximity of related, typically user-controlled data on the stack. In this paper, we propose ProConDa, a general approach for protecting control-flow relevant data on the stack ProConDa leverages hardware features to enforce a strict separation between control-flow relevant and regular data of programs written in non-memory-safe languages such as C. Contrary to related approaches, ProConDa does not rely on information hiding and is therefore not susceptible to several recent attacks specifically targeting information hiding as a foundation for memory isolation. We show that ProConDa enforcement is compatible with existing software by applying a software-based prototype to industry benchmarks on an ARM CPU running Linux.
Publication Year: 2019
Publication Date: 2019-09-09
Language: en
Type: preprint
Access and Citation
AI Researcher Chatbot
Get quick answers to your questions about the article from our AI researcher chatbot