This project implements a software-based Shadow Stack mechanism to ensure Control Flow Integrity (CFI) on x86-64 architectures. It protects function return addresses from buffer overflow attacks.
main.c: Binary Search implementation with attack simulation.main_matrix.c: Matrix summation with nested function call tests.security_layer.h/c: Core Shadow Stack logic and macros.Makefile: Automated build and test script.
To compile all versions (secured and non-secured), run:
- ./binary_with_security : This version demonstrates how the shadow stack detects a compromised return address
- perf stat ./binary_with_security / perf stat ./binary_no_security : To measure execution time and instruction overhead using perf
- ./matrix_with_security : To verify shadow stack stability during nested function calls
The security layer uses SHADOW_PROLOGUE() and SHADOW_EPILOGUE() macros.
Prologue: Captures the return address using __builtin_return_address(0) and stores it in an isolated shadow stack.
Epilogue: Compares the hardware stack's return address with the shadow stack copy. If a mismatch is detected (Attack), the program terminates immediately.
##Performance Summary Execution Overhead: ~30.4%
Instruction Overhead: ~2.4 instructions per function call.
Detection Rate: 100% against simulated return address manipulation.