A New Approach against Stack Overrun: Separates the Stack to Two Parts

Since 1980s, stack overrun has been discussed all around the world. At the same time, more and more people began to have a deep research for the attack which exploiting stack overflows. Many solutions have been proposed to protect against a direct stack smashing attack overwriting a return address. In this paper, we present a new approach against stack overrun. Our new countermeasure does not rely on exception handle (Such as Safe SEH) or secret values (Such as canaries). Our opinion separates the standard stack to two parts, original stack saves the return address and the address of buffer with read permissions only, and the true values of buffer we save in other space. Then the former saved address as a pointer link to our space of the values in buffer. This approach synthesizes several customized protections against stack overflow.