Data Execution Protection

Stack smash attacks may inject code. The other possible way to prevent such an attack is to prevent malicious code from executing. Some modern OS’s already have Data Execution Protection (DEP) support [DEP] [1] [PaX] [2]. DEP may be applied to: [WindowsInternal][3]

• User mode stacks

• User mode pages not specifically marked as executable

• Kernel mode Stacks

• kernel paged pool (X64)

• kernel session pool (X64)

Research shows 14 of 19 exploits from popular exploit kits fail with DEP enabled. [DEP] [1].

[1][DEP] Exploit Mitigation Improvements in Windows 8, Ken Johnson, Ma, Miller

[2][PaX] PaX Home Page, https://pax.grsecurity.net/

[3][WindowsInternal] Windows Internals, 6th edition, Mark E. Russinovich, David A. Solomon, Alex Ionescu, 2012, Microsoft Press. ISBN-13: 978-0735648739/978-0735665873