Abstract: A system and method is provided for probabilistic defense against remote exploitation of memory. In certain embodiments, the system comprises one or more processors, read and execute (RX) portions of memory, read and write (RW) portions of memory, execute only (XOM) portions of memory, and one or more programs stored in the memory. The one or more programs include instructions for maintaining all pointers to RX memory instructions in XOM memory. In addition, the one or more programs include instructions for preventing all direct references to RX memory in RW memory by forcing pointers in RW memory to reference XOM memory first, which then references RX memory instructions.

Abstract: A system and method is provided for secure establishment of a trusted enclave among co-privileged executable code. The system comprises one or more processors; execute only memory; and one or more programs stored in the memory. The one or more programs comprise instructions to establish a trusted enclave and an untrusted enclave in kernel space code, wherein the trusted enclave and the untrusted enclave are co-privileged from the perspective of the processor. The trusted code has the ability to modify page tables and the untrusted code does not have the ability to modify page tables. Any changes to memory mappings involve the trusted code. Page tables are mapped as read-only during execution of the untrusted code and mapped as writeable only during execution of the trusted code.

Abstract: A system and method is provided for secure establishment of a trusted enclave among co-privileged executable code. The system comprises one or more processors; execute only memory; and one or more programs stored in the memory. The one or more programs comprise instructions to establish a trusted enclave and an untrusted enclave in kernel space code, wherein the trusted enclave and the untrusted enclave are co-privileged from the perspective of the processor. The trusted code has the ability to modify page tables and the untrusted code does not have the ability to modify page tables. Any changes to memory mappings involve the trusted code. Page tables are mapped as read-only during execution of the untrusted code and mapped as writeable only during execution of the trusted code.

Abstract: A system and method is provided for probabilistic defense against remote exploitation of memory. In certain embodiments, the system comprises one or more processors, read and execute (RX) portions of memory, read and write (RW) portions of memory, execute only (XOM) portions of memory, and one or more programs stored in the memory. The one or more programs include instructions for maintaining all pointers to RX memory instructions in XOM memory. In addition, the one or more programs include instructions for preventing all direct references to RX memory in RW memory by forcing pointers in RW memory to reference XOM memory first, which then references RX memory instructions.