ES2988317T3 - Aplicación de medidas de mitigación de seguridad para la explotación de corrupción de pila en archivos de código intermedio - Google Patents

Aplicación de medidas de mitigación de seguridad para la explotación de corrupción de pila en archivos de código intermedio Download PDF

Info

Publication number
ES2988317T3
ES2988317T3 ES19873518T ES19873518T ES2988317T3 ES 2988317 T3 ES2988317 T3 ES 2988317T3 ES 19873518 T ES19873518 T ES 19873518T ES 19873518 T ES19873518 T ES 19873518T ES 2988317 T3 ES2988317 T3 ES 2988317T3
Authority
ES
Spain
Prior art keywords
code
address
stack
code segment
routines
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
ES19873518T
Other languages
English (en)
Spanish (es)
Inventor
Natali Tshouva
Lian Granot
Arik Farber
Tal Granot
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sternum Ltd
Original Assignee
Sternum Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sternum Ltd filed Critical Sternum Ltd
Application granted granted Critical
Publication of ES2988317T3 publication Critical patent/ES2988317T3/es
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/54Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30098Register arrangements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/38Concurrent instruction execution, e.g. pipeline or look ahead
    • G06F9/3802Instruction prefetching
    • G06F9/3804Instruction prefetching for branches, e.g. hedging, branch folding
    • G06F9/3806Instruction prefetching for branches, e.g. hedging, branch folding using address prediction, e.g. return stack, branch history buffer
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44589Program code verification, e.g. Java bytecode verification, proof-carrying code
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/448Execution paradigms, e.g. implementations of programming paradigms
    • G06F9/4482Procedural
    • G06F9/4484Executing subprograms
    • G06F9/4486Formation of subprogram jump address
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45504Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
    • G06F9/45508Runtime interpretation or emulation, e g. emulator loops, bytecode interpretation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Devices For Executing Special Programs (AREA)
ES19873518T 2018-10-18 2019-10-02 Aplicación de medidas de mitigación de seguridad para la explotación de corrupción de pila en archivos de código intermedio Active ES2988317T3 (es)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201862747150P 2018-10-18 2018-10-18
PCT/IL2019/051075 WO2020079676A1 (en) 2018-10-18 2019-10-02 Applying security mitigation measures for stack corruption exploitation in intermediate code files

Publications (1)

Publication Number Publication Date
ES2988317T3 true ES2988317T3 (es) 2024-11-20

Family

ID=70279555

Family Applications (1)

Application Number Title Priority Date Filing Date
ES19873518T Active ES2988317T3 (es) 2018-10-18 2019-10-02 Aplicación de medidas de mitigación de seguridad para la explotación de corrupción de pila en archivos de código intermedio

Country Status (6)

Country Link
US (2) US11231948B2 (https=)
EP (1) EP3867784B1 (https=)
JP (1) JP2022502723A (https=)
ES (1) ES2988317T3 (https=)
IL (1) IL282388B2 (https=)
WO (1) WO2020079676A1 (https=)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11157611B2 (en) * 2018-01-02 2021-10-26 Blackberry Limited Binary image stack cookie protection
US11231948B2 (en) 2018-10-18 2022-01-25 Sternum Ltd. Applying security mitigation measures for stack corruption exploitation in intermediate code files
US11176060B2 (en) 2018-10-29 2021-11-16 Sternum Ltd. Dynamic memory protection
US12353860B2 (en) * 2022-02-10 2025-07-08 Mitsubishi Electric Corporation Programmable controller system, development support device, and recording medium
US12216761B2 (en) * 2022-03-08 2025-02-04 Denso Corporation Dynamic adaptation of memory elements to prevent malicious attacks

Family Cites Families (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6802056B1 (en) * 1999-06-30 2004-10-05 Microsoft Corporation Translation and transformation of heterogeneous programs
JP2001160080A (ja) * 1999-12-02 2001-06-12 Nec Corp オブジェクト指向言語によるシステムのシミュレーション方法、装置及びそのプログラムを記録した記録媒体
JP3552627B2 (ja) * 2000-02-04 2004-08-11 インターナショナル・ビジネス・マシーンズ・コーポレーション スタック保護システム、コンピュータシステム、コンパイラ、スタック保護方法および記憶媒体
US7752459B2 (en) 2001-12-06 2010-07-06 Novell, Inc. Pointguard: method and system for protecting programs against pointer corruption attacks
US20040045018A1 (en) * 2002-08-27 2004-03-04 Nair Sreekumar R. Using address space bridge in postoptimizer to route indirect calls at runtime
US7356813B2 (en) * 2002-09-26 2008-04-08 Hewlett-Packard Development Company, L.P. System and method for optimizing a program
JP4518564B2 (ja) 2003-09-04 2010-08-04 サイエンスパーク株式会社 不正コード実行の防止方法、不正コード実行の防止用プログラム、及び不正コード実行の防止用プログラムの記録媒体
JP4806204B2 (ja) * 2005-03-30 2011-11-02 株式会社日立国際電気 暗号化データ通信システム
US7913243B2 (en) * 2005-06-21 2011-03-22 International Business Machines Corporation Method and system for generating and applying patches to a computer program concurrently with its execution
US8510596B1 (en) 2006-02-09 2013-08-13 Virsec Systems, Inc. System and methods for run time detection and correction of memory corruption
EP1870829B1 (en) * 2006-06-23 2014-12-03 Microsoft Corporation Securing software by enforcing data flow integrity
US7904881B2 (en) * 2006-07-26 2011-03-08 Intel Corporation Using a virtual stack for fast and composable stack cutting
US20080247532A1 (en) * 2007-04-06 2008-10-09 Waldean Allen Schulz Method and System for Representing Quantitative Properties in a Computer Program and for Validating Dimensional Integrity of Mathematical Expressions
US20090113403A1 (en) * 2007-09-27 2009-04-30 Microsoft Corporation Replacing no operations with auxiliary code
US8996760B2 (en) * 2011-11-03 2015-03-31 Intel Corporation Method to emulate message signaled interrupts with interrupt data
US20150007142A1 (en) * 2012-12-12 2015-01-01 Google Inc. Branch destination tables
WO2015038944A1 (en) 2013-09-12 2015-03-19 Virsec Systems, Inc. Automated runtime detection of malware
US9390264B2 (en) 2014-04-18 2016-07-12 Qualcomm Incorporated Hardware-based stack control information protection
US9390260B2 (en) * 2014-06-09 2016-07-12 Lehigh University Methods for enforcing control flow of a computer program
CN106687971B (zh) 2014-06-24 2020-08-28 弗塞克系统公司 用来减少软件的攻击面的自动代码锁定
US9870469B2 (en) 2014-09-26 2018-01-16 Mcafee, Inc. Mitigation of stack corruption exploits
US9754112B1 (en) * 2014-11-24 2017-09-05 Bluerisc, Inc. Detection and healing of vulnerabilities in computer code
US9569613B2 (en) * 2014-12-23 2017-02-14 Intel Corporation Techniques for enforcing control flow integrity using binary translation
US10289842B2 (en) * 2015-11-12 2019-05-14 Samsung Electronics Co., Ltd. Method and apparatus for protecting kernel control-flow integrity using static binary instrumentation
US10157268B2 (en) * 2016-09-27 2018-12-18 Microsoft Technology Licensing, Llc Return flow guard using control stack identified by processor register
WO2018071450A1 (en) * 2016-10-11 2018-04-19 Green Hills Software, Inc. Systems, methods, and devices for vertically integrated instrumentation and trace reconstruction
US10698668B1 (en) * 2018-05-29 2020-06-30 Amazon Technologies, Inc. Custom code transformations during compilation process
US11231948B2 (en) 2018-10-18 2022-01-25 Sternum Ltd. Applying security mitigation measures for stack corruption exploitation in intermediate code files

Also Published As

Publication number Publication date
IL282388A (en) 2021-06-30
WO2020079676A1 (en) 2020-04-23
US12517744B2 (en) 2026-01-06
JP2022502723A (ja) 2022-01-11
US20220107827A1 (en) 2022-04-07
EP3867784A4 (en) 2022-07-06
IL282388B2 (en) 2024-01-01
EP3867784B1 (en) 2024-07-24
US11231948B2 (en) 2022-01-25
IL282388B1 (en) 2023-09-01
EP3867784A1 (en) 2021-08-25
US20200125378A1 (en) 2020-04-23

Similar Documents

Publication Publication Date Title
ES2988317T3 (es) Aplicación de medidas de mitigación de seguridad para la explotación de corrupción de pila en archivos de código intermedio
Koo et al. Compiler-assisted code randomization
Pewny et al. Control-flow restrictor: Compiler-based CFI for iOS
CN109643345B (zh) 用于确定性代码流完整性保护的技术
Williams-King et al. Shuffler: fast and deployable continuous code {re-randomization}
Bounov et al. Protecting C++ Dynamic Dispatch Through VTable Interleaving.
Pappas et al. Smashing the gadgets: Hindering return-oriented programming using in-place code randomization
Crane et al. It's a TRaP: Table randomization and protection against function-reuse attacks
Homescu et al. Librando: transparent code randomization for just-in-time compilers
US9250937B1 (en) Code randomization for just-in-time compilers
EP3654215B1 (en) Applying control flow integrity verification in intermediate code files
Maisuradze et al. What Cannot Be Read, Cannot Be Leveraged? Revisiting Assumptions of {JIT-ROP} Defenses
US11176060B2 (en) Dynamic memory protection
JP2019502197A (ja) ランタイム生成コードにおける悪意のあるコードの検出のためのシステムおよび方法
Saito et al. A survey of prevention/mitigation against memory corruption attacks
Moreira et al. DROP THE ROP fine-grained control-flow integrity for the Linux kernel
Sun et al. Blender: Self-randomizing address space layout for android apps
Pappas et al. Practical software diversification using in-place code randomization
Houy et al. Twenty years later: Evaluating the adoption of control flow integrity
Pappas Defending against return-oriented programming
Xie et al. Pointerscope: Understanding pointer patching for code randomization
WO2022169661A1 (en) Method and device of protecting a first software application to generate a protected software application
Lebedev USING Х86 MODE SWITCHING FOR PROGRAM CODE PROTECTION
Stratton Bypassing modern CPU protections with function-oriented programming
US20230418950A1 (en) Methods, Devices, and Systems for Control Flow Integrity