Our second technique restricts the application's control transfers based on the destination and the type of transfer. For direct branches, this is a one-time check that incurs no overhead in the code cache. For indirect branches, we can make use of the hashtable that is already being used to translate application addresses to code cache addresses. Normally it contains all targets that exist in the code cache. We can restrict its contents to only those targets that are both in the code cache and are allowed by the execution model. This way there is again no overhead during code cache execution. If we miss in the table, the dispatcher will distinguish between a cache miss and a security violation.
|Copyright © 2004 Derek Bruening|