Question

I wonder why countermeasures against code-injection and control-flow hijacking attacks (e.g. stack-based buffer overflows and heap-based...

I wonder why countermeasures against code-injection and control-flow hijacking attacks (e.g. stack-based buffer overflows and heap-based buffer overflows) are mostly implemented in software.

Examples of popular and widely deployed countermeasures are:
- ASLR
- Stack canaries
- Non-executable memory regions

But why exactly are these countermeasures not completely implemented in hardware, or at least supported by hardware? Since nowadays reconfigurable hardware (e.g. FPGA's) is affordable, this approach seems perfectly possible to me.

Or do hardware-based countermeasures exist? And if so, can anyone give me some examples?

0 0
Add a comment Improve this question Transcribed image text
Answer #1

Non-executable memory regions are an example of a hardware-based countermeasure: the non-executability of the memory is enforced by the memory management unit. Heap overflow protection can also be implemented at the hardware level (by placing non-readable memory pages at the ends of a heap allocation), but usually isn't, because it greatly reduces the available address space and only works for allocations that are an exact multiple of the page size.

Most countermeasures are implemented at the software level because the concepts they involve (such as address space layout) only exist at the software level.

Add a comment
Answer #2

Non-executable memory regions are an example of a hardware-based countermeasure: the non-executability of the memory is enforced by the memory management unit. Heap overflow protection can also be implemented at the hardware level (by placing non-readable memory pages at the ends of a heap allocation), but usually isn't, because it greatly reduces the available address space and only works for allocations that are an exact multiple of the page size.

Most countermeasures are implemented at the software level because the concepts they involve (such as address space layout) only exist at the software level.

Add a comment
Know the answer?
Add Answer to:
I wonder why countermeasures against code-injection and control-flow hijacking attacks (e.g. stack-based buffer overflows and heap-based...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions
ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT