To hijack the execution of a program, an attacker must overwrite the value of a return address or a function pointer (broadly defined). To prevent program hijacking, our product will provide a layered defense of these two targets, including deterministic and randomization defenses, with the ability in many cases to continue execution after a hijacking attempt is prevented. Our product toolkit includes static analysis of the program binary to be protected (no source code required) and dynamic monitoring using virtual machine technology after deployment. The randomization defense can be used to provide artificial software diversity.
Keywords: program hijacking, program binaries, static analysis, process virtualization, software diversity