Reply to post: Re: Alternative security measures

Intel SGX 'safe' room easily trashed by white-hat hacking marauders: Enclave malware demo'd

Justthefacts

Re: Alternative security measures

I get your point that more complex programs have likely larger stack requirements; I’ve never been involved on something that size, so I haven’t seen the problems.

One answer is to separate stack into return-address and data, and keep return address only in dedIcated onboard. “Surely” that can’t overrun.

I still think that our general problem is that we have sized our compute infrastructure on “must be able to do everything” rather than “securely compute typical things, and refactor our previously unconstrained solutions”.

I don’t have all the answers, not surprisingly....like how to enforce code/data separation for interpreted code like Java

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019