| CPC G06F 21/554 (2013.01) [G06F 21/54 (2013.01)] | 14 Claims |
|
1. A return-oriented programming (ROP) attack protection apparatus comprising:
a first region of memory having stored therein a protection function, said first region of memory set as executable; and
a second region of memory having stored therein a plurality of operation functions, said second region of memory set as non-executable,
wherein said protection function is arranged to:
responsive to a call to one of said plurality of operation functions and further responsive to at least one predetermined rule, allow execution of said called operation function; and
after receiving a return from said executed operation function, set said executed operation function as non-executable,
wherein said plurality of operation functions comprises said called function and a caller function, said call to said called function received from said caller function,
wherein said protection function is further arranged to:
responsive to said call, set said caller function as non-executable;
responsive to said received return, allow execution of said caller function,
wherein responsive to said at least one predetermined rule, said protection function is further arranged to determine whether a return address of said call is valid,
wherein said allowance of said execution of said called operation function is responsive to said return address of said call being determined to be valid, and
wherein, responsive to said return address of said call being determined to not be valid, said protection function is further arranged to:
not allow said execution of said called operation function; and
output a notification regarding the non-valid return address.
|