Computing systems generally provide means to react to high-priority conditions by interrupting an ongoing task to execute a condition-specific routine. When the high-priority condition or interrupt request (IRQ) has been resolved, code execution of the prior task is resumed at the point where the IRQ had occurred. Such interrupt capabilities are commonly implemented with the help of interrupt stacks. These stacks are Last-In-First-Out memory buffers which serve to temporarily store the context of the interrupted task, data and/or the local variables allocated by the condition-specific interrupt service routine (ISR). Many computing systems combine the interrupt stack along with the subroutine call. Interrupt stacks are vulnerable to many security and safety problems. Security problems typically manifest themselves in external attacks, such as stack buffer overflow attacks, where the attacker intentionally manipulates the saved context of the interrupted task to gain control over the computing system as the interrupted task is restored. Safety problems are unintended stack manipulation caused by software or hardware faults. These stack manipulations may have severe impact on the system integrity. In particular these stack manipulations provide a way for immature code segments to affect the functionality of mature code segments. While there are existing protection schemes against the mentioned security problems (e.g., software solutions using the insertion of canary codes), these only offer limited stack protection. Most computing systems don't provide any protection against the safety issues. Common protecting mechanisms like memory protection units (MPU) provide access restrictions on static memory ranges and are not suited for the dynamic boundaries required for the protection of interrupt stacks.
Therefore, in view of the lack of appropriate protection techniques, there is a need to provide for the dynamic protection of interrupt stacks.