Question

A company is developing requirements for a customized OS build that will be used in an embedded environment. The company procured hardware that is capable of reducing the likelihood of successful buffer overruns while executables are processing.

Which of the following capabilities must be included for the OS to take advantage of this critical hardware-based countermeasure?

A. Application whitelisting
B. NX/XN bit
C. ASLR
D. TrustZone
E. SCP

Answer 1

The capability that must be included for the OS to take advantage of the hardware-based countermeasure against buffer overruns is the NX/XN bit.

Step-by-step explanation:

To take advantage of the hardware-based countermeasure against buffer overruns, the OS should include the capability of the NX/XN bit. The NX (No Execute) or XN (Execute Never) bit prevents certain memory regions from being executed, making it difficult for attackers to inject malicious code into the memory. This feature is important in mitigating buffer overrun attacks as it restricts the execution of code in specific memory areas.

Other options mentioned, such as Application Whitelisting, ASLR (Address Space Layout Randomization), TrustZone, and SCP are not directly related to the hardware-based countermeasure against buffer overruns. These features may be valuable for other security measures or hardware platforms, but they do not address the specific requirements for reducing buffer overruns in an embedded environment.