Computer_Arch_Project_Shadow_Stack/main.c at main · Ekrembrck/Computer_Arch_Project_Shadow_Stack · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#include <stdio.h>
#include "security_layer.h"

int protected_binary_search(int arr[], int size, int target, int trigger_attack) {
    SHADOW_PROLOGUE(); // Expanded as a macro

    int left = 0, right = size - 1;
    int result = -1;

    while (left <= right) {
        int mid = left + (right - left) / 2;

        if (trigger_attack && mid == (size / 2)) {
            printf("[Attack] Simulated overflow: Overwriting return address with 0xDEADBEEF\n");
            // Overwriting the return address via the frame address
            unsigned long *ret_addr_ptr = (unsigned long *)__builtin_frame_address(0) + 1;
            *ret_addr_ptr = 0xDEADBEEF;
        }

        if (arr[mid] == target) { result = mid; break; }
        if (arr[mid] < target) left = mid + 1;
        else right = mid - 1;
    }

    SHADOW_EPILOGUE(); // Called as a macro
    return result;
}

int main() {
    int data[] = {10, 20, 30, 40, 50, 60, 70, 80, 90, 100};
    int size = sizeof(data) / sizeof(data[0]);

    // Executing the operation 1,000,000 times to observe the performance difference
    for (int i = 0; i < 1000000; i++) {
        protected_binary_search(data, size, 70, 0);
    }

    printf("=== Shadow Stack Security Mechanism Test ===\n");

    printf("\n[Test 1] Running safe search...\n");
    int idx = protected_binary_search(data, size, 70, 0);
    printf("[Result] Element found at index: %d\n", idx);

    printf("\n[Test 2] Running search under attack simulation...\n");
    protected_binary_search(data, size, 70, 1);

    return 0;
}