Shadow stack

In software, a shadow stack is a mechanism for maintaining control-flow integrity by mitigating return address overwrites such as those seen during exploitation of a stack buffer overflow. The technique is to first keep a record of the legitimate return address for some function call, and then to check that the return address is still correct before returning.[1] This can be accomplished by adding additional instructions to function calls and function epilogues: on calls, store the legitimate return address (that is, the address of the instruction after the call), and on returns, check before actually returning. A stack buffer overflow would be adequate to overwrite the return address on the stack, but not the shadow stack's record of the return address. If the return address and the shadow return address differ, the check inserted before the return instruction will fail; the usual action in such cases is to crash the program, and in some cases alert administrators to the possibility of an intrusion attempt.

The technique can be implemented with hardware assistance, by a compiler, or at runtime.[2]

References

  1. Sinnadurai, Saravanan; Zhao, Qin; Wong, Weng Fai (2008). "Transparent runtime shadow stack: Protection against malicious return address modifications" (PDF).
  2. Nurmukhametov, A. R.; Kurmangaleev, S. F.; Kaushan, V.; Gaissaryan, S. (2015). "Application of compiler transformations against software vulnerabilities exploitation". Programming and Computer Software. 41 (4): 231–236. doi:10.1134/S0361768815040052.


This article is issued from Wikipedia - version of the 9/16/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.