Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Are Harvard architecture computers immune to arbitrary code injection and execution attacks?

Harvard architecture computers have separate code and data memories. Does this make them immune to code injection attacks (as data cannot be executed as code)?

like image 530
Matthew Murdoch Avatar asked Jun 05 '09 06:06

Matthew Murdoch


1 Answers

They are somewhat more immune than Von Neumann architecture, but not entirely. Every architecture has a conversion point, where data starts being treated as code. In Von Neumann it happens immediately inside CPU, while in Harvard it happens before the memory is reserved and declared for the module (or sometimes even before that, when a file is being prepared by the build system). This means that in Harvard architecture a successful code injection attack needs to be a bit more complicated and far-fetching, but not necessarily impossible.

If one can place a file containing malicious code in the machine's storage (e.g. file system) and cause, say, a buffer overrun which would redirect on return to existing (valid, non-malicious) code which loads this malicious file as code and if the architecture allows this file to start executing (e.g. via self-initialization routine), that'll be an example of successful code injection.

like image 183
Rom Avatar answered Oct 19 '22 12:10

Rom