Question: A proposal for preventing stack buffer overflow attacks is based on making a backup copy of the return address when a function starts. The backup

A proposal for preventing stack buffer overflow attacks is based on making a backup copy of the return address when a function starts. The backup copy is written to a shadow stack located at some random location L on the heap. In the function epilog, just before the function is about to return, the backup copy of the return address is compared to the return address on the stack and if they differ the program exits. Otherwise, the return instruction is executed normally.

(a) Explain why this mechanism can make it harder to mount a stack buffer overflow attack.

(b) Give sample C code that is vulnerable to a stack buffer overflow attack even if this mechanism is used. For example, consider the case of function pointers stored on the stack.

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

I need a solution ASAP please Problem 1: Control hijacking A proposal for preventing stack buffer overflow attacks is based on making a backup copy of the return address when a function starts. The...

Goal: Understand the concept of Buffer Overflows, potential security impacts and ways to help prevent them Task: In teams of 2 students, complete as much of the lab as time allows. Both individuals...

computer security course, please I need help it due 3 hours. 1 Lab Overview The learning objective of this lab is for students to gain the first-hand experience on buffer-overflow vulner- ability by...

There are two problems due this week (each worth 35 points) as follows. Case 5-1David L. Miller: Portrait of a White-Collar Criminal (page 144). In comprehensive paragraphs, answerrequirements 1?6....

Use EXCEL only please, also make a data analyst excel file thanks! EntertainmentTech Research Analyst - 50% You have been hired to work as a research analyst at Entertainment Tech. EntertainmentTech...

DON'T SUMMARIZE JUST PARAGRAPH OF WHAT YOU THOUGHT/LEARNED CHAPTER 13 - The phrase "garbage in, garbage out" highlights the importance of input controls. If the data entered into a system are...

# ( Health Care Information Systems: A Practical Approach for Health Care Management, 3rd Edition PREV NEXT Chapter 17: Asses... ' " Appendixes CHAPTER 18 Health IT Leadership A Compendium of Case...

Provide a summary technical report with your own words about Pipelined Execution which is also named as Instruction Level Parallelism, addressing mainly the following areas: 1. What is Pipelined...

GRADUATE CERTIFICATE IN PROJECT MANAGEMENT PROJ5010: PROJECT PROCUREMENT AND STRATEGIC SOURCING. CASE STUDIES CONTENTS 1. Proj5010: The World Bank RFP Case Study covers 1. Assignment 1: Marks = 5 2....

Summarize these pages to 4 or 5 pages User and Operating-System Interface We mentioned earlier that there are several ways for users to interface with the operating system. Here, we discuss two...

Describe business analysis and identify its objectives.

What is the difference between a price level and a price index?

Weiland, Incorporated, has 3 4 0 , 0 0 0 shares outstanding that sell for $ 8 4 per share. The company plans a 6 - for - 5 stock split. How many shares will be outstanding after the split?

(8) (20 marks) (a) Design a polymeric membrane with selective removal of one segment (polylactic acid) of the polymeric chains to produce large and narrow size porous structure, respectively chini...

Economist John Taylor has suggested that the Fed use the following rule for choosing its target for the federal funds interest rate (r): r = 2% + + 12 (y y*) / y* + 12 ( *), where is the average...

Suppose banks install automatic teller machines on every block and, by making cash readily available, reduce the amount of money people want to hold. a. Assume the Fed does not change the money...

Consider two policiesa tax cut that will last for only 1 year and a tax cut that is expected to be permanent. Which policy will stimulate greater spending by consumers? Which policy will have the...