The present invention relates generally to the field of computer security, and more particularly to mitigation of code reuse attacks by restriction of target addresses.
Memory corruption refers to those instances where memory locations are unintentionally modified. Memory corruption often leads to runtime errors and erratic program behavior. Memory corruption vulnerabilities may also lead to execution of arbitrary code without permission or consent of the program user.
Memory corruption vulnerabilities allow attackers to perform code reuse attacks. These types of attacks are software exploits where an attacker directs control flow of a program through existing code with malicious results. For example, return oriented programming (ROP) and jump oriented programming (JOP) techniques allow attackers to achieve arbitrary computation and behavior of a program without code injection.
In ROP, attackers overwrite the stack with return addresses and arguments, where the return addresses reference arbitrary snippets of code within the existing code base. These snippets of code (also known as gadgets), end in a return instruction to transfer control to the next gadget. In JOP, attackers do not rely on the stack for control flow instead relying merely on a sequence of indirect jump instructions to access gadgets. Both ROP and JOP techniques allow attackers arbitrary execution of gadgets in order to bypass the intended control flow of a program.