IL282388B2 - Applying security mitigation measures for stack corruption exploitation in intermediate code files - Google Patents

Applying security mitigation measures for stack corruption exploitation in intermediate code files

Info

Publication number
IL282388B2
IL282388B2 IL282388A IL28238821A IL282388B2 IL 282388 B2 IL282388 B2 IL 282388B2 IL 282388 A IL282388 A IL 282388A IL 28238821 A IL28238821 A IL 28238821A IL 282388 B2 IL282388 B2 IL 282388B2
Authority
IL
Israel
Prior art keywords
routines
address
code
verification
file
Prior art date
Application number
IL282388A
Other languages
English (en)
Hebrew (he)
Other versions
IL282388A (en
IL282388B1 (en
Inventor
TSHOUVA Natali
GRANOT Lian
Farber Arik
GRANOT Tal
Original Assignee
Sternum Ltd
TSHOUVA Natali
GRANOT Lian
Farber Arik
GRANOT Tal
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sternum Ltd, TSHOUVA Natali, GRANOT Lian, Farber Arik, GRANOT Tal filed Critical Sternum Ltd
Publication of IL282388A publication Critical patent/IL282388A/en
Publication of IL282388B1 publication Critical patent/IL282388B1/en
Publication of IL282388B2 publication Critical patent/IL282388B2/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45504Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
    • G06F9/45508Runtime interpretation or emulation, e g. emulator loops, bytecode interpretation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/54Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30098Register arrangements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/38Concurrent instruction execution, e.g. pipeline or look ahead
    • G06F9/3802Instruction prefetching
    • G06F9/3804Instruction prefetching for branches, e.g. hedging, branch folding
    • G06F9/3806Instruction prefetching for branches, e.g. hedging, branch folding using address prediction, e.g. return stack, branch history buffer
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44589Program code verification, e.g. Java bytecode verification, proof-carrying code
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/448Execution paradigms, e.g. implementations of programming paradigms
    • G06F9/4482Procedural
    • G06F9/4484Executing subprograms
    • G06F9/4486Formation of subprogram jump address
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Devices For Executing Special Programs (AREA)
IL282388A 2018-10-18 2019-10-02 Applying security mitigation measures for stack corruption exploitation in intermediate code files IL282388B2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201862747150P 2018-10-18 2018-10-18
PCT/IL2019/051075 WO2020079676A1 (en) 2018-10-18 2019-10-02 Applying security mitigation measures for stack corruption exploitation in intermediate code files

Publications (3)

Publication Number Publication Date
IL282388A IL282388A (en) 2021-06-30
IL282388B1 IL282388B1 (en) 2023-09-01
IL282388B2 true IL282388B2 (en) 2024-01-01

Family

ID=70279555

Family Applications (1)

Application Number Title Priority Date Filing Date
IL282388A IL282388B2 (en) 2018-10-18 2019-10-02 Applying security mitigation measures for stack corruption exploitation in intermediate code files

Country Status (6)

Country Link
US (2) US11231948B2 (https=)
EP (1) EP3867784B1 (https=)
JP (1) JP2022502723A (https=)
ES (1) ES2988317T3 (https=)
IL (1) IL282388B2 (https=)
WO (1) WO2020079676A1 (https=)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11157611B2 (en) * 2018-01-02 2021-10-26 Blackberry Limited Binary image stack cookie protection
US11231948B2 (en) 2018-10-18 2022-01-25 Sternum Ltd. Applying security mitigation measures for stack corruption exploitation in intermediate code files
US11176060B2 (en) 2018-10-29 2021-11-16 Sternum Ltd. Dynamic memory protection
US12353860B2 (en) * 2022-02-10 2025-07-08 Mitsubishi Electric Corporation Programmable controller system, development support device, and recording medium
US12216761B2 (en) * 2022-03-08 2025-02-04 Denso Corporation Dynamic adaptation of memory elements to prevent malicious attacks

Family Cites Families (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6802056B1 (en) * 1999-06-30 2004-10-05 Microsoft Corporation Translation and transformation of heterogeneous programs
JP2001160080A (ja) * 1999-12-02 2001-06-12 Nec Corp オブジェクト指向言語によるシステムのシミュレーション方法、装置及びそのプログラムを記録した記録媒体
JP3552627B2 (ja) * 2000-02-04 2004-08-11 インターナショナル・ビジネス・マシーンズ・コーポレーション スタック保護システム、コンピュータシステム、コンパイラ、スタック保護方法および記憶媒体
US7752459B2 (en) 2001-12-06 2010-07-06 Novell, Inc. Pointguard: method and system for protecting programs against pointer corruption attacks
US20040045018A1 (en) * 2002-08-27 2004-03-04 Nair Sreekumar R. Using address space bridge in postoptimizer to route indirect calls at runtime
US7356813B2 (en) * 2002-09-26 2008-04-08 Hewlett-Packard Development Company, L.P. System and method for optimizing a program
JP4518564B2 (ja) 2003-09-04 2010-08-04 サイエンスパーク株式会社 不正コード実行の防止方法、不正コード実行の防止用プログラム、及び不正コード実行の防止用プログラムの記録媒体
JP4806204B2 (ja) * 2005-03-30 2011-11-02 株式会社日立国際電気 暗号化データ通信システム
US7913243B2 (en) * 2005-06-21 2011-03-22 International Business Machines Corporation Method and system for generating and applying patches to a computer program concurrently with its execution
US8510596B1 (en) 2006-02-09 2013-08-13 Virsec Systems, Inc. System and methods for run time detection and correction of memory corruption
EP1870829B1 (en) * 2006-06-23 2014-12-03 Microsoft Corporation Securing software by enforcing data flow integrity
US7904881B2 (en) * 2006-07-26 2011-03-08 Intel Corporation Using a virtual stack for fast and composable stack cutting
US20080247532A1 (en) * 2007-04-06 2008-10-09 Waldean Allen Schulz Method and System for Representing Quantitative Properties in a Computer Program and for Validating Dimensional Integrity of Mathematical Expressions
US20090113403A1 (en) * 2007-09-27 2009-04-30 Microsoft Corporation Replacing no operations with auxiliary code
US8996760B2 (en) * 2011-11-03 2015-03-31 Intel Corporation Method to emulate message signaled interrupts with interrupt data
US20150007142A1 (en) * 2012-12-12 2015-01-01 Google Inc. Branch destination tables
WO2015038944A1 (en) 2013-09-12 2015-03-19 Virsec Systems, Inc. Automated runtime detection of malware
US9390264B2 (en) 2014-04-18 2016-07-12 Qualcomm Incorporated Hardware-based stack control information protection
US9390260B2 (en) * 2014-06-09 2016-07-12 Lehigh University Methods for enforcing control flow of a computer program
CN106687971B (zh) 2014-06-24 2020-08-28 弗塞克系统公司 用来减少软件的攻击面的自动代码锁定
US9870469B2 (en) 2014-09-26 2018-01-16 Mcafee, Inc. Mitigation of stack corruption exploits
US9754112B1 (en) * 2014-11-24 2017-09-05 Bluerisc, Inc. Detection and healing of vulnerabilities in computer code
US9569613B2 (en) * 2014-12-23 2017-02-14 Intel Corporation Techniques for enforcing control flow integrity using binary translation
US10289842B2 (en) * 2015-11-12 2019-05-14 Samsung Electronics Co., Ltd. Method and apparatus for protecting kernel control-flow integrity using static binary instrumentation
US10157268B2 (en) * 2016-09-27 2018-12-18 Microsoft Technology Licensing, Llc Return flow guard using control stack identified by processor register
WO2018071450A1 (en) * 2016-10-11 2018-04-19 Green Hills Software, Inc. Systems, methods, and devices for vertically integrated instrumentation and trace reconstruction
US10698668B1 (en) * 2018-05-29 2020-06-30 Amazon Technologies, Inc. Custom code transformations during compilation process
US11231948B2 (en) 2018-10-18 2022-01-25 Sternum Ltd. Applying security mitigation measures for stack corruption exploitation in intermediate code files

Also Published As

Publication number Publication date
ES2988317T3 (es) 2024-11-20
IL282388A (en) 2021-06-30
WO2020079676A1 (en) 2020-04-23
US12517744B2 (en) 2026-01-06
JP2022502723A (ja) 2022-01-11
US20220107827A1 (en) 2022-04-07
EP3867784A4 (en) 2022-07-06
EP3867784B1 (en) 2024-07-24
US11231948B2 (en) 2022-01-25
IL282388B1 (en) 2023-09-01
EP3867784A1 (en) 2021-08-25
US20200125378A1 (en) 2020-04-23

Similar Documents

Publication Publication Date Title
US12517744B2 (en) Applying security mitigation measures for stack corruption exploitation in intermediate code files
Koo et al. Compiler-assisted code randomization
CN109643345B (zh) 用于确定性代码流完整性保护的技术
EP3654215B1 (en) Applying control flow integrity verification in intermediate code files
US10698668B1 (en) Custom code transformations during compilation process
US11176060B2 (en) Dynamic memory protection
JP2019502197A (ja) ランタイム生成コードにおける悪意のあるコードの検出のためのシステムおよび方法
US20150294114A1 (en) Application randomization
Liu et al. Binary code analysis
Saito et al. A survey of prevention/mitigation against memory corruption attacks
US20210150028A1 (en) Method of defending against memory sharing-based side-channel attacks by embedding random value in binaries
US10152592B2 (en) Compiler assisted protection against arbitrary code execution
Kim et al. Towards Sound Reassembly of Modern x86-64 Binaries
Rimsa et al. Binary diffing via library signatures
US12578938B2 (en) Exploit prevention based on generation of random chaotic execution context
US20230418950A1 (en) Methods, Devices, and Systems for Control Flow Integrity
Plach et al. Binary-Level Code Injection for Automated Tool Support on the ESP32 Platform
Davison et al. Kevlar: Transitioning helix for research to practice