Mitigation of stack corruption exploits
First Claim
1. A computing device comprising:
- a memory comprising a stack, the stack including a return address location; and
a stack protection engine, implemented at least partly on a hardware platform and comprising a key array, the stack protection engine operable for;
receiving a return address;
encoding at least a portion of the return address with a cipher with a key from the key array, comprising using a portion of the return address as an index to the key array; and
placing the return encoded address in the return address location of the stack.
10 Assignments
0 Petitions
Accused Products
Abstract
In an example, a stack protection engine is disclosed for preventing or ameliorating stack corruption attacks. The stack protection engine may operate transparently to user-space processes. After a call to a subroutine from a parent routine, the stack protection engine encodes the return address on the stack, such as with an exclusive or cipher and a key selected from a key array. After the subroutine returns control to the main routine, the stack protection engine decodes the address, and returns control. If a stack corruption attack occurs, the malicious return address is not properly encoded, so that when decoding occurs, the program may simply crash rather than returning control to the malicious code.
13 Citations
21 Claims
-
1. A computing device comprising:
-
a memory comprising a stack, the stack including a return address location; and a stack protection engine, implemented at least partly on a hardware platform and comprising a key array, the stack protection engine operable for; receiving a return address; encoding at least a portion of the return address with a cipher with a key from the key array, comprising using a portion of the return address as an index to the key array; and placing the return encoded address in the return address location of the stack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. Logic encoded on one or more tangible, non-transitory computer-readable mediums operable for providing a stack protection engine, implemented at least partly on a hardware platform and comprising a key array, wherein the stack protection engine is operable for:
-
receiving a return address; encoding at least a portion of the return address with a cipher with a key from the key array, comprising using a portion of the return address as an index to the key array; and placing the return encoded address in a return address location of a memory stack. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A method for providing a stack protection engine, implemented at least partly on a hardware platform and comprising a key array, the stack protection engine operable for:
-
receiving a return address; encoding at least a portion of the return address with a cipher with a key from the key array, comprising using a portion of the return address as an index to the key array after a call to a subroutine from a parent routine; and placing the return encoded address in a return address location of a memory stack. - View Dependent Claims (21)
-
Specification