Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Controls employed to protect memory include data execution prevention and address space layout randomization. Data execution prevention controls can either be hardware-enforced or software-enforced with hardware enforcement providing the greater strength of mechanism.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| SI-16 | Memory Protection | Protects | T1055.009 | Proc Memory |
| SI-16 | Memory Protection | Protects | T1543 | Create or Modify System Process |
| SI-16 | Memory Protection | Protects | T1543.002 | Systemd Service |
| SI-16 | Memory Protection | Protects | T1548 | Abuse Elevation Control Mechanism |
| SI-16 | Memory Protection | Protects | T1548.004 | Elevated Execution with Prompt |
| SI-16 | Memory Protection | Protects | T1565 | Data Manipulation |
| SI-16 | Memory Protection | Protects | T1565.001 | Stored Data Manipulation |
| SI-16 | Memory Protection | Protects | T1565.003 | Runtime Data Manipulation |
| SI-16 | Memory Protection | Protects | T1611 | Escape to Host |