In computing systems, a stack may be a last-in-first-out memory structure used to store temporary variables created by functions in software being executed. The stack may also store information on where to return once a function call is issued, wherein a stack pointer may store the address of the last function variable added to the top of the stack. Return oriented programming (ROP) is a technique that may be used to exploit software vulnerability in which the attacker forces out-of-order execution of currently existing code fragments (e.g., gadgets) to perform unexpected/arbitrary computations. More particularly, the attacker may manipulate the stack information indicating where to return in an effort to control the execution flow (thus, the return oriented programming name).
For example, the attacker may make an exchange update to the stack pointer in order to “pivot” the stack into another memory area (e.g., the heap) that is under the control of the attacker. Thus, grouping together different gadgets in the other memory area may enable the attacker to perform the final malicious computation(s). Conventional approaches to ROP stack pivoting protection may attempt to intercept function calls that are commonly used to create the other memory area. Such a solution, however, may be bypassed (e.g., by avoiding the use of certain function calls) and/or may have a negative impact on performance (e.g., due to instrumentation of every loaded code/library).