No silver bullet


Any one mechanism may be insufficient to stop an attack, e.g.

People are finding (rare) ways to get around AMD64 PAE NX 
Propolice does not protect all stack frames
Too much entropy --> too much fragmentation

No mathematical proof that a collection of mechanism
blocks attacks

But that is not same as saying "Don't try to block attacks"

(And we are targetting the specific low-level features that
attackers use)

What follows is a list of such mechanisms...