A buffer overflow attack is generally known as an attack in which an attacker's program is sent into a memory (e.g., memory stack) of a program that is currently in execution and leads to an execution of a malicious program resulting in a deprivation of system control from a legitimate controller/program. More practically, the attacker's program may change a return address of the executed program in the memory stack to obtain control for the deprivation of the system control.
Even though various countermeasure methods have already been proposed for coping with the buffer overflow attack, one of which is a control flow integrity technique or a CFI technique that checks and detects, before damage has actually been caused, a call/return address involving a call/return from one function to another function after permitting a change to the call/return address by the attacker. However, the check process of the CFI technique during an execution of the program is time consuming.
For resolution of such an issue, patent document 1, i.e., Japanese Patent No. 2011-8778, proposes, for example, a storage of a program instruction in a specific region of a storage (i.e., a memory) and masking of a target jump/return address of a jump/return process, which prevents the attacker from simply modifying the jump/return address for meaningfully overtaking a current operation/process, without causing overhead to the check process for checking the jump/return address.
Further, according to patent document 2, i.e., Japanese Patent No. 2011-123658, while reducing a time-related overhead and a spatial (i.e., memory address) overhead, an efficient address check is enabled in consideration of an inter-domain execution restriction when a function call and a function return are performed between a non-trusted domain or domains.
In view of all of the above, the present disclosure is advantageous due to the following reasoning. That is, the methods of patent document 1 are not applicable to the conventional CFI technique, because such methods are different from the conventional CFI technique.
With regard to the teachings of patent document 2, a function call/return within the non-trusted domain(s) is not included in the scope of checking, which may allow an execution of an unintended instruction string (i.e., an instruction string not intended by the programmer/systems engineer) or the like within the non-trusted domain(s) by an inappropriate function call/return.