How to defend against Stack Pivoting attacks on existing 32-bit x86 processor architecture?

Stack Pivoting is a common technique widely used by vulnerability exploits to bypass hardware protections like NX/SMEP, or to chain ROP (Return-Oriented Programing, the Wikipedia link) gadgets. However, there is NO hardware protection solution to defend against it (at least for now:-). This blog will describe a software solution to detect Stack Pivoting at run time, and I will also point out some limitations due to current processor architecture implementations.  <Please let me know if this is NOT a new idea, or NOT doable.>

Defending Against ret2dir Attacks (partially) with Virtualization Technology?

I was so excited when recently reading the paper (ret2dir: Rethinking Kernel Isolation) from Vasileios P. Kemerlis. This post is basically going to introduce the idea of ret2dir attack, and how to prevent such an attack with hardware virtualization technology, actually partially. 

Improve Performance for Separating Kernel and User Address Space with Process-Context Identifiers (PCIDs)

This post is not talking about any new idea, just about what I'm thinking..

Page Table Structure Corruption Attacks - How to Mitigate it?

On x86 and many other processor architectures (with MMU), page tables are critical data structures for address translations. And many hardware-based page level protection technologies in my previous post, like SMEP, XD/DEP, highly depend on correct page table settings. so what if page tables are controlled by an attacker? ...At the end of this post, I will propose an extra solution to mitigate page table structure attacks.

Security OS Design (cont.): Write Protection for Linux Kernel critical data structures (GDT, IDT, syscall table, task_strcture, mm_struct,...)

To be continued for previous post, let me review what must be changed in Linux kernel in order to prevent buffer overrun/overflow attacks from modifying the critical kernel data structures, like GDT, IDT, task_struct, mm_struct, etc.

An OS Kernel Bug in Windows 8.1 32-bit OS When Handling Task Switch Events

I'm not sure if this kernel bug that I reported in last year has been fixed in the latest Win8.1 32bit system. The bug is : any NMI (Non-Maskable Interrupt) can cause system crash/BSOD with BugCheck 7F, {7, *, *, *}. 

Is this a good security design in Linux kernel? -- connections between thread_info and kernel stack

In Linux kernel, thread_info is a small CPU-specific data structure that stores some low-level task data for corresponding process, it also has a pointer to task_struct, which is a processor-independent process control block data structure, e.g. scheduling, virtual memory structures.