One way for an attacker to take control of a computer is to replace the value of a code pointer or return address with the address of the attacker’s program. Code pointer masking (CPM) guards against this kind of attack by ANDing a bit pattern with such an address and then jumping to the resulting address rather than to the original address. The execution time cost of the countermeasure is low and it is hard for the attacker to circumvent.
This paper explains the concepts behind such code injection attacks and surveys other countermeasures. It then gives a careful description of CPM, explaining how the bit pattern is constructed and used in a wide range of situations involving transfer to an address stored in memory. The authors developed implementations for the ARM and x86 architectures, and evaluated them against standard benchmarks. The paper analyzes both the timing and security of the method in light of these implementations.
I found the paper to be readable and informative, and accessible to anyone with a rudimentary understanding of machine architecture and assembly language programming. Although the issue addressed is security related, no knowledge of the security field is needed.