Method and apparatus for protecting memory stacks
First Claim
1. A method of protecting processing elements from buffer overflow attacks, the method comprising the steps of:
- upon execution of a jump to subroutine, storing a return address in a first location in a stack memory;
storing an address of the first location in a second location separate from the stack memory;
storing the return address itself in a third location separate from the stack memory;
upon completion of the subroutine, comparing the address stored in the second location to the first location in the stack memory;
if equal, comparing the return address stored in the third location to the return address stored in the first location in the stack memory; and
if equal, returning to the return address.
8 Assignments
0 Petitions
Accused Products
Abstract
Method and apparatus for protecting processing elements from buffer overflow attacks are provided. The apparatus includes a memory stack for, upon execution of a jump to subroutine, storing a return address in a first location in a stack memory. A second location separate from the stack memory for storing an address of the first location and a third location separate from the stack memory for storing the return address itself are included. A first comparator upon completion of the subroutine, compares the address stored in the second location to the first location in the stack memory and a first interrupt generator provides an interrupt signal if locations are not the same. A second comparator looks at the return address stored in the third location and the return address stored in the first location in the stack memory and has a second interrupt generator for generating an interrupt signal if addresses are not the same. A further method and apparatus for protecting processing elements from buffer overflow attacks includes a memory stack for, upon execution of a jump to subroutine in a first processor, storing a return address in a first location in a stack memory and a second location separate from the stack memory for storing results for the subroutine operation. Also included is a second processor including routines for data manipulation associated with the subroutine, separate from the first processor and for storing any resultant data in the second location, which is readable by the first processor separate from the stack memory.
-
Citations
15 Claims
-
1. A method of protecting processing elements from buffer overflow attacks, the method comprising the steps of:
-
upon execution of a jump to subroutine, storing a return address in a first location in a stack memory;
storing an address of the first location in a second location separate from the stack memory;
storing the return address itself in a third location separate from the stack memory;
upon completion of the subroutine, comparing the address stored in the second location to the first location in the stack memory;
if equal, comparing the return address stored in the third location to the return address stored in the first location in the stack memory; and
if equal, returning to the return address. - View Dependent Claims (2, 3)
-
-
4. Apparatus for protecting processing elements from buffer overflow attacks, comprising:
-
a memory stack for, upon execution of a jump to subroutine, storing a return address in a first location in a stack memory;
a second location separate from the stack memory for storing an address of the first location;
a third location separate from the stack memory for storing the return address itself;
a first comparator for, upon completion of the subroutine, comparing the address stored in the second location to the first location in the stack memory and having a first interrupt generator for generating an interrupt signal if locations are not the same; and
a second comparator for comparing the return address stored in the third location to the return address stored in the first location in the stack memory and having a second interrupt generator for generating an interrupt signal if addresses are not the same.
-
-
5. A method of protecting processing elements from buffer overflow attacks, the method comprising the steps of:
-
upon execution of a jump to subroutine, storing a return address in a first location in a stack memory;
storing the return address itself in a second location separate from the stack memory;
comparing the return address stored in the second location to the return address stored in the first location in the stack memory; and
if equal, returning to the return address. - View Dependent Claims (6)
-
-
7. Apparatus for protecting processing elements from buffer overflow attacks, comprising:
-
a memory stack for, upon execution of a jump to subroutine, storing a return address in a first location in a stack memory;
a second location separate from the stack memory for storing the return address itself;
a comparator for comparing the return address stored in the second location to the return address stored in the first location in the stack memory; and
an interrupt generator for generating an interrupt signal if addresses are not the same.
-
-
8. A method of protecting processing elements from buffer overflow attacks, the method comprising the steps of:
-
upon execution of a jump to subroutine in a first processor, storing a return address in a first location in a stack memory;
processing a data manipulation associated with the subroutine in a second processor, separate from the main processor and storing any resultant data in a second location, which is readable by the first processor separate from the stack memory;
upon completion of the subroutine, returning control to the first processor for reading of the return address stored in the first location in the stack memory. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. Apparatus for protecting processing elements from buffer overflow attacks, comprising:
-
a memory stack for, upon execution of a jump to subroutine in a first processor, storing a return address in a first location in a stack memory;
a second location separate from the stack memory for storing results for the subroutine operation;
a second processor including routines for data manipulation associated with the subroutine, separate from the first processor and for storing any resultant data in the second location, which is readable by the first processor separate from the stack memory.
-
Specification