1. Field of the Disclosure
The disclosure generally relates to security of computer programs executed on computing devices, and more particularly to systems and methods for mitigating function pointer overwrite attacks on a portion of a computer program.
2. General Background
With the advent of advanced memory protections and vulnerability mitigations in software, attackers have been forced to use more complicated and challenging techniques to gain code execution. Due to the proliferation of DEP (Data Execution Protection) and ASLR (Address Space Layout Randomization) attackers are more and more relying on a technique called ROP (Return Oriented Programming) to circumvent these protections. ROP can be used to exploit certain types of memory corruption bugs introduced by developers such as buffer overflows and use after free conditions to modify heap or stack stored function pointers which are called later to gain limited control of execution by switching the executing process' stack context to a specially crafted one supplied by the attacker with the ultimate goal of gaining full control of execution.
One approach that can be used by attackers in the presence of DEP and ASLR to gain full code execution, is as follows:                Find an appropriate bug that would allow for a function pointer to overwrite.        Bypass ASLR in a module by either finding another vulnerability that leads to “information disclosure” about the address space, or force the loading of another module (such as a DLL library) that is not protected by ASLR into the address space.        Locate a stack pivot in the bypassed module which changes the context of the stack to that of the attackers.        Overwrite a function pointer with the location (address) of the stack pivot.        Force the application to call the function pointer to begin executing the ROP payload.        The ROP payload then must bypass DEP via either allocating new memory or disabling DEP on the actual functional payload.        The ROP payload then calls the functional payload which now has full control of the execution.        
There is a need in the art for security measures that implement additional safeguards to prevent attackers from gaining execution control of a software program.
There is a need in the art for security measures that implement additional safeguards to prevent attackers from executing function pointer overwrite attacks on a portion of a software program.