CN106164872A - 基于硬件的堆栈控制信息保护 - Google Patents

基于硬件的堆栈控制信息保护 Download PDF

Info

Publication number
CN106164872A
CN106164872A CN201580019549.8A CN201580019549A CN106164872A CN 106164872 A CN106164872 A CN 106164872A CN 201580019549 A CN201580019549 A CN 201580019549A CN 106164872 A CN106164872 A CN 106164872A
Authority
CN
China
Prior art keywords
control information
stack
protected
processor
generate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201580019549.8A
Other languages
English (en)
Chinese (zh)
Inventor
C·E·阿卡尔
埃里希·詹姆士·普罗恩德克
罗伯特·J·图尔纳
B·B·布伦利
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qualcomm Inc
Original Assignee
Qualcomm Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qualcomm Inc filed Critical Qualcomm Inc
Publication of CN106164872A publication Critical patent/CN106164872A/zh
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Prevention of errors by analysis, debugging or testing of software
    • G06F11/3604Analysis of software for verifying properties of programs
    • G06F11/3612Analysis of software for verifying properties of programs by runtime analysis
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/54Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Quality & Reliability (AREA)
  • Storage Device Security (AREA)
CN201580019549.8A 2014-04-18 2015-04-14 基于硬件的堆栈控制信息保护 Pending CN106164872A (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US14/256,681 2014-04-18
US14/256,681 US9390264B2 (en) 2014-04-18 2014-04-18 Hardware-based stack control information protection
PCT/US2015/025685 WO2015160759A1 (en) 2014-04-18 2015-04-14 Hardware-based stack control information protection

Publications (1)

Publication Number Publication Date
CN106164872A true CN106164872A (zh) 2016-11-23

Family

ID=53039622

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201580019549.8A Pending CN106164872A (zh) 2014-04-18 2015-04-14 基于硬件的堆栈控制信息保护

Country Status (7)

Country Link
US (1) US9390264B2 (enExample)
EP (1) EP3132374A1 (enExample)
JP (1) JP2017518661A (enExample)
KR (1) KR20160145014A (enExample)
CN (1) CN106164872A (enExample)
BR (1) BR112016024245A2 (enExample)
WO (1) WO2015160759A1 (enExample)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109785537A (zh) * 2018-12-29 2019-05-21 360企业安全技术(珠海)有限公司 一种atm机的安全防护方法及装置

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2993605A1 (en) * 2014-09-02 2016-03-09 Gemalto Sa System and method for protecting a device against attacks on processing flow using a code pointer complement
US10248434B2 (en) * 2015-10-27 2019-04-02 Blackberry Limited Launching an application
US10157268B2 (en) 2016-09-27 2018-12-18 Microsoft Technology Licensing, Llc Return flow guard using control stack identified by processor register
US10360373B2 (en) * 2016-09-28 2019-07-23 Intel Corporation Return address encryption
US10409981B2 (en) 2017-04-21 2019-09-10 International Business Machines Corporation In-process stack memory protection
US10740452B2 (en) * 2017-09-15 2020-08-11 Arm Limited Call path dependent authentication
US11231948B2 (en) 2018-10-18 2022-01-25 Sternum Ltd. Applying security mitigation measures for stack corruption exploitation in intermediate code files
US20200210626A1 (en) * 2018-12-28 2020-07-02 Samsung Electronics Co., Ltd. Secure branch predictor with context-specific learned instruction target address encryption
US11232195B2 (en) * 2019-07-29 2022-01-25 Intertrust Technologies Corporation Systems and methods for managing state
US20220277072A1 (en) * 2019-08-16 2022-09-01 Regents Of The University Of Michigan Thwarting control plane attacks with displaced and dilated address spaces
US11784786B2 (en) * 2020-08-14 2023-10-10 Intel Corporation Mitigating security vulnerabilities with memory allocation markers in cryptographic computing systems
US12164921B2 (en) * 2020-12-16 2024-12-10 International Business Machines Corporation Comparing hash values computed at function entry and exit for increased security
JP2023101334A (ja) * 2022-01-07 2023-07-20 ソニーセミコンダクタソリューションズ株式会社 情報処理装置および情報処理方法
GB2618116B (en) * 2022-04-28 2025-10-22 Advanced Risc Mach Ltd Exception return state lock parameter
GB2620125A (en) * 2022-06-28 2024-01-03 Advanced Risc Mach Ltd Methods and apparatus for pointer security

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030065929A1 (en) * 2001-09-28 2003-04-03 Milliken Walter Clark Method and program for inhibiting attack upon a computer
US20030182572A1 (en) * 2001-12-06 2003-09-25 Cowan Stanley Crispin Pointguard: method and system for protecting programs against pointer corruption attacks
CN1778092A (zh) * 2003-04-25 2006-05-24 皇家飞利浦电子股份有限公司 通信堆栈中的开销降低和地址保护

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7086088B2 (en) 2002-05-15 2006-08-01 Nokia, Inc. Preventing stack buffer overflow attacks
US7856538B2 (en) * 2005-12-12 2010-12-21 Systex, Inc. Methods, systems and computer readable medium for detecting memory overflow conditions
US8509431B2 (en) 2010-09-20 2013-08-13 Interdigital Patent Holdings, Inc. Identity management on a wireless device
DE102012203521A1 (de) 2011-03-28 2012-10-04 International Business Machines Corp. Architektur mit zwei Vertrauenswürdigkeitsstufen
US8839429B2 (en) 2011-11-07 2014-09-16 Qualcomm Incorporated Methods, devices, and systems for detecting return-oriented programming exploits
US8776223B2 (en) 2012-01-16 2014-07-08 Qualcomm Incorporated Dynamic execution prevention to inhibit return-oriented programming
US10210349B2 (en) 2012-02-08 2019-02-19 Arm Limited Data processing apparatus and method using secure domain and less secure domain
US20140173290A1 (en) * 2012-12-17 2014-06-19 Advanced Micro Devices, Inc. Return address tracking mechanism
US9037872B2 (en) * 2012-12-17 2015-05-19 Advanced Micro Devices, Inc. Hardware based return pointer encryption
CA2809516C (en) * 2013-03-13 2016-11-08 Khalid Nawaf Alharbi Preventing stack buffer overflow attacks
US9218467B2 (en) * 2013-05-29 2015-12-22 Raytheon Cyber Products, Llc Intra stack frame randomization for protecting applications against code injection attack

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030065929A1 (en) * 2001-09-28 2003-04-03 Milliken Walter Clark Method and program for inhibiting attack upon a computer
US20030182572A1 (en) * 2001-12-06 2003-09-25 Cowan Stanley Crispin Pointguard: method and system for protecting programs against pointer corruption attacks
CN1778092A (zh) * 2003-04-25 2006-05-24 皇家飞利浦电子股份有限公司 通信堆栈中的开销降低和地址保护

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109785537A (zh) * 2018-12-29 2019-05-21 360企业安全技术(珠海)有限公司 一种atm机的安全防护方法及装置
CN109785537B (zh) * 2018-12-29 2022-09-30 奇安信安全技术(珠海)有限公司 一种atm机的安全防护方法及装置

Also Published As

Publication number Publication date
US9390264B2 (en) 2016-07-12
BR112016024245A2 (pt) 2017-08-15
JP2017518661A (ja) 2017-07-06
KR20160145014A (ko) 2016-12-19
US20150302195A1 (en) 2015-10-22
EP3132374A1 (en) 2017-02-22
WO2015160759A1 (en) 2015-10-22

Similar Documents

Publication Publication Date Title
US9390264B2 (en) Hardware-based stack control information protection
US9514305B2 (en) Code pointer authentication for hardware flow control
TWI567580B (zh) 用於防止惡意軟體執行的方法與系統
US8397082B2 (en) System and method for thwarting buffer overflow attacks using encrypted process pointers
CN111052115B (zh) 取决于调用路径的认证的数据处理装置和方法
CN107077562B (zh) 用于动态控制代码执行的计算机实现的方法和系统
KR102820165B1 (ko) 메모리 무결성 검사를 위한 무결성 트리
EP3642721B1 (en) A cache unit useful for secure execution
US20200082088A1 (en) User/Enterprise Data Protection Preventing Non-Authorized Firmware Modification
WO2017000648A1 (zh) 一种被加固软件的认证方法及装置
US20170046280A1 (en) Data processing device and method for protecting a data processing device against attacks
US9003201B2 (en) Hardware protection for encrypted strings and protection of security parameters
US20160299854A1 (en) Techniques for preventing physical attacks on contents of memory
US20240080193A1 (en) Counter integrity tree
US7913074B2 (en) Securely launching encrypted operating systems
CN114547651B (zh) 一种基于链式加密的操作系统中断上下文保护方法
KR102871354B1 (ko) 컨테이너 실행 바이너리 검증 시스템 및 방법
CN106233266A (zh) 安全的存储器系统及其方法

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
AD01 Patent right deemed abandoned
AD01 Patent right deemed abandoned

Effective date of abandoning: 20190910