Most common attacks rely on damage of the local stack frame The mechanics of a (simple) stack-based buffer overflow Attacker overflows buffer on stack Note: Buffer is ALWAYS at the same place Overflow overwrites function return address -- fixed value pointer into overflow buffer - execution starts Key point: The pointer is an absolute address. Solution: a random-sized gap at top of stack (8-byte aligned)