Question

I wonder why countermeasures against code-injection and control-flow hijacking attacks (e.g. stack-based buffer overflows and heap-based buffer overflows) are mostly implemented in software.

Examples of popular and widely deployed countermeasures are:
- ASLR
- Stack canaries
- Non-executable memory regions

But why exactly are these countermeasures not completely implemented in hardware, or at least supported by hardware? Since nowadays reconfigurable hardware (e.g. FPGA's) is affordable, this approach seems perfectly possible to me.

Or do hardware-based countermeasures exist? And if so, can anyone give me some examples?

Answer 1

Non-executable memory regions are an example of a hardware-based countermeasure: the non-executability of the memory is enforced by the memory management unit. Heap overflow protection can also be implemented at the hardware level (by placing non-readable memory pages at the ends of a heap allocation), but usually isn't, because it greatly reduces the available address space and only works for allocations that are an exact multiple of the page size.

Most countermeasures are implemented at the software level because the concepts they involve (such as address space layout) only exist at the software level.

Answer 2

Non-executable memory regions are an example of a hardware-based countermeasure: the non-executability of the memory is enforced by the memory management unit. Heap overflow protection can also be implemented at the hardware level (by placing non-readable memory pages at the ends of a heap allocation), but usually isn't, because it greatly reduces the available address space and only works for allocations that are an exact multiple of the page size.

Most countermeasures are implemented at the software level because the concepts they involve (such as address space layout) only exist at the software level.