About: Shadow stack

Facets (new session)
Description
Metadata
Settings
- Rule:
- Inverse Functional Properties:
- "Same As":

About: Shadow stack Goto Sponge NotDistinct Permalink

An Entity of Type : owl:Thing, within Data Space : dbpedia.org associated with source document(s)
QRcode icon

http://dbpedia.org/describe/?url=http%3A%2F%2Fdbpedia.org%2Fresource%2FShadow_stack

In computer security, a shadow stack is a mechanism for protecting a procedure's stored return address, such as from a stack buffer overflow. The shadow stack itself is a second, separate stack that "shadows" the program call stack. In the function prologue, a function stores its return address to both the call stack and the shadow stack. In the function epilogue, a function loads the return address from both the call stack and the shadow stack, and then compares them. If the two records of the return address differ, then an attack is detected; the typical course of action is simply to terminate the program or alert system administrators about a possible intrusion attempt. A shadow stack is similar to stack canaries in that both mechanisms aim to maintain the control-flow integrity of the

Attributes	Values
rdfs:label	Shadow stack (en)
rdfs:comment	In computer security, a shadow stack is a mechanism for protecting a procedure's stored return address, such as from a stack buffer overflow. The shadow stack itself is a second, separate stack that "shadows" the program call stack. In the function prologue, a function stores its return address to both the call stack and the shadow stack. In the function epilogue, a function loads the return address from both the call stack and the shadow stack, and then compares them. If the two records of the return address differ, then an attack is detected; the typical course of action is simply to terminate the program or alert system administrators about a possible intrusion attempt. A shadow stack is similar to stack canaries in that both mechanisms aim to maintain the control-flow integrity of the (en)
dcterms:subject	Computer security
Wikipage page ID	51622444 (xsd:integer)
Wikipage revision ID	1067615323 (xsd:integer)
Link from a Wikipage to another Wikipage	Computer security Function prologue Control-flow integrity Call stack Function (computer programming) Exception handling Computer security Thread (computing) Buffer overflow Buffer overflow protection Intel Memory safety Setjmp.h Exploit (computer security) Stack buffer overflow Return address (computing) Function epilogue
sameAs	Shadow stack Shadow stack Shadow stack
dbp:wikiPageUsesTemplate	dbt:Reflist
has abstract	In computer security, a shadow stack is a mechanism for protecting a procedure's stored return address, such as from a stack buffer overflow. The shadow stack itself is a second, separate stack that "shadows" the program call stack. In the function prologue, a function stores its return address to both the call stack and the shadow stack. In the function epilogue, a function loads the return address from both the call stack and the shadow stack, and then compares them. If the two records of the return address differ, then an attack is detected; the typical course of action is simply to terminate the program or alert system administrators about a possible intrusion attempt. A shadow stack is similar to stack canaries in that both mechanisms aim to maintain the control-flow integrity of the protected program by detecting attacks that tamper the stored return address by an attacker during an exploitation attempt. Shadow stacks can be implemented by recompiling programs with modified prologues and epilogues, by dynamic binary rewriting techniques to achieve the same effect, or with hardware support. Unlike the call stack, which also stores local program variables, passed arguments, spilled registers and other data, the shadow stack typically just stores a second copy of a function's return address. Shadow stacks provide more protection for return addresses than stack canaries, which rely on the secrecy of the canary value and are vulnerable to non-contiguous write attacks. Shadow stacks themselves can be protected with guard pages or with information hiding, such that an attacker would also need to locate the shadow stack to overwrite a return address stored there. Like stack canaries, shadow stacks do not protect stack data other than return addresses, and so offer incomplete protection against security vulnerabilities that result from memory safety errors. In 2016, Intel announced upcoming hardware support for shadow stacks with their Control-flow Enforcement Technology. Shadow stacks face some compatibility problems. After a program throws an exception or a longjmp occurs, the return address at the top of the shadow stack will not match return address popped from the call stack. The typical solution for this problem is to pop entries from the shadow stack until a matching return address is found, and to only terminate the program when no match is found in the shadow stack. A multithreaded program, which would have a call stack for each executing thread, would then also have a shadow stack shadowing each of the call stacks. (en)
prov:wasDerivedFrom	wikipedia-en:Shadow_stack?oldid=1067615323&ns=0
page length (characters) of wiki page	5371 (xsd:nonNegativeInteger)
foaf:isPrimaryTopicOf	wikipedia-en:Shadow_stack
is Link from a Wikipage to another Wikipage of	Control-flow integrity Zen 3 Tiger Lake Willow Cove Windows 10 version 20H2 Alder Lake Intel Core X86 instruction listings Sigreturn-oriented programming
is foaf:primaryTopic of	wikipedia-en:Shadow_stack

Faceted Search & Find service v1.17_git139 as of Feb 29 2024

Alternative Linked Data Documents: ODE Content Formats:

RDF

ODATA

Microdata

About

OpenLink Virtuoso version 08.03.3332 as of Feb 27 2025, on Linux (x86_64-generic-linux-glibc212), Single-Server Edition (61 GB total memory, 53 GB memory in use)
Data on this page belongs to its respective rights holders.
Virtuoso Faceted Browser Copyright © 2009-2025 OpenLink Software