IN2014CN03071A - - Google Patents

Info

Publication number
IN2014CN03071A
IN2014CN03071A IN3071CHN2014A IN2014CN03071A IN 2014CN03071 A IN2014CN03071 A IN 2014CN03071A IN 3071CHN2014 A IN3071CHN2014 A IN 3071CHN2014A IN 2014CN03071 A IN2014CN03071 A IN 2014CN03071A
Authority
IN
India
Prior art keywords
cache
instruction
rop
code sequences
loading profile
Prior art date
Application number
Inventor
Daniel Komaromy
Alex Gantman
Brian M Rosenberg
Arun Balakrishnan
Renwei Ge
Gregory G Rose
Anand Palanigounder
Original Assignee
Qualcomm Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qualcomm Inc filed Critical Qualcomm Inc
Publication of IN2014CN03071A publication Critical patent/IN2014CN03071A/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/3037Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a memory, e.g. virtual memory, cache
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3466Performance evaluation by tracing or monitoring
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/0802Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches
    • G06F12/0806Multiuser, multiprocessor or multiprocessing cache systems
    • G06F12/0811Multiuser, multiprocessor or multiprocessing cache systems with multilevel cache hierarchies
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/0802Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches
    • G06F12/0875Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches with dedicated cache, e.g. instruction or stack
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/0802Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches
    • G06F12/0844Multiple simultaneous or quasi-simultaneous cache accessing
    • G06F12/0846Cache with multiple tag or data arrays being simultaneously accessible
    • G06F12/0848Partitioned cache, e.g. separate instruction and operand caches
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/45Caching of specific data in cache memory
    • G06F2212/452Instruction code

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • Mathematical Physics (AREA)
  • Debugging And Monitoring (AREA)
  • Advance Control (AREA)
  • Memory System Of A Hierarchy Structure (AREA)
  • Stored Programmes (AREA)
  • Measurement Of Radiation (AREA)
  • Passenger Equipment (AREA)
  • Fishing Rods (AREA)

Abstract

Methods devices and systems for detecting return oriented programming (ROP) exploits are disclosed. A system includes a processor a main memory and a cache memory. A cache monitor develops an instruction loading profile by monitoring accesses to cached instructions found in the cache memory and misses to instructions not currently in the cache memory. A remedial action unit terminates execution of one or more of the valid code sequences if the instruction loading profile is indicative of execution of an ROP exploit involving one or more valid code sequences. The instruction loading profile may be a hit/miss ratio derived from monitoring cache hits relative to cache misses. The ROP exploits may include code snippets that each include an executable instruction and a return instruction from valid code sequences.
IN3071CHN2014 2011-11-07 2012-11-07 IN2014CN03071A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US13/290,932 US8839429B2 (en) 2011-11-07 2011-11-07 Methods, devices, and systems for detecting return-oriented programming exploits
PCT/US2012/063953 WO2013070773A2 (en) 2011-11-07 2012-11-07 Methods, devices, and systems for detecting return-oriented programming exploits

Publications (1)

Publication Number Publication Date
IN2014CN03071A true IN2014CN03071A (en) 2015-07-31

Family

ID=47428964

Family Applications (1)

Application Number Title Priority Date Filing Date
IN3071CHN2014 IN2014CN03071A (en) 2011-11-07 2012-11-07

Country Status (6)

Country Link
US (2) US8839429B2 (en)
EP (2) EP2776971B1 (en)
JP (1) JP5944520B2 (en)
CN (1) CN103946855B (en)
IN (1) IN2014CN03071A (en)
WO (1) WO2013070773A2 (en)

Families Citing this family (44)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9268945B2 (en) * 2010-03-19 2016-02-23 Contrast Security, Llc Detection of vulnerabilities in computer systems
US8839429B2 (en) 2011-11-07 2014-09-16 Qualcomm Incorporated Methods, devices, and systems for detecting return-oriented programming exploits
US20130179869A1 (en) * 2012-01-10 2013-07-11 Telcordia Technologies, Inc. Adaptive Diversity for Compressible Return Oriented Programs
US9256730B2 (en) * 2012-09-07 2016-02-09 Crowdstrike, Inc. Threat detection for return oriented programming
US9177147B2 (en) * 2012-09-28 2015-11-03 Intel Corporation Protection against return oriented programming attacks
US9223979B2 (en) 2012-10-31 2015-12-29 Intel Corporation Detection of return oriented programming attacks
US10114643B2 (en) 2013-05-23 2018-10-30 Intel Corporation Techniques for detecting return-oriented programming
US10310863B1 (en) * 2013-07-31 2019-06-04 Red Hat, Inc. Patching functions in use on a running computer system
US9292684B2 (en) 2013-09-06 2016-03-22 Michael Guidry Systems and methods for security in computer systems
US9465936B2 (en) 2013-11-06 2016-10-11 Bitdefender IPR Management Ltd. Systems and methods for detecting return-oriented programming (ROP) exploits
CA2944578C (en) * 2014-03-31 2023-12-12 Cfph, Llc Resource allocation
US9390264B2 (en) 2014-04-18 2016-07-12 Qualcomm Incorporated Hardware-based stack control information protection
US20160196427A1 (en) * 2014-07-08 2016-07-07 Leviathan, Inc. System and Method for Detecting Branch Oriented Programming Anomalies
US9904780B2 (en) * 2014-07-31 2018-02-27 Nec Corporation Transparent detection and extraction of return-oriented-programming attacks
US9589133B2 (en) * 2014-08-08 2017-03-07 International Business Machines Corporation Preventing return-oriented programming exploits
CN104268471B (en) * 2014-09-10 2017-04-26 珠海市君天电子科技有限公司 Method and device for detecting return-oriented programming attack
EP2996034B1 (en) * 2014-09-11 2018-08-15 Nxp B.V. Execution flow protection in microcontrollers
US9519773B2 (en) * 2014-09-12 2016-12-13 Intel Corporation Returning to a control transfer instruction
WO2016041592A1 (en) * 2014-09-17 2016-03-24 Irdeto B.V. Generating and executing protected items of software
US9465938B2 (en) * 2014-09-22 2016-10-11 Qualcomm Incorporated Integrated circuit and method for detection of malicious code in a first level instruction cache
US9501637B2 (en) * 2014-09-26 2016-11-22 Intel Corporation Hardware shadow stack support for legacy guests
US9646154B2 (en) * 2014-12-12 2017-05-09 Microsoft Technology Licensing, Llc Return oriented programming (ROP) attack protection
US9940484B2 (en) * 2014-12-23 2018-04-10 Intel Corporation Techniques for detecting false positive return-oriented programming attacks
CN104732139A (en) * 2015-02-04 2015-06-24 深圳市中兴移动通信有限公司 Internal storage monitoring method and terminal
SG10201500921QA (en) * 2015-02-06 2016-09-29 Huawei Internat Pte Ltd Method for obfuscation of code using return oriented programming
US9842209B2 (en) * 2015-05-08 2017-12-12 Mcafee, Llc Hardened event counters for anomaly detection
SG10201504066QA (en) * 2015-05-25 2016-12-29 Huawei Internat Pte Ltd Method and system for defense against return oriented programming (rop) based attacks
US11227056B2 (en) 2015-08-18 2022-01-18 The Trustees Of Columbia University In The City Of New York Inhibiting memory disclosure attacks using destructive code reads
US10019572B1 (en) * 2015-08-27 2018-07-10 Amazon Technologies, Inc. Detecting malicious activities by imported software packages
US10032031B1 (en) 2015-08-27 2018-07-24 Amazon Technologies, Inc. Detecting unknown software vulnerabilities and system compromises
US10282224B2 (en) 2015-09-22 2019-05-07 Qualcomm Incorporated Dynamic register virtualization
US20170091454A1 (en) * 2015-09-25 2017-03-30 Vadim Sukhomlinov Lbr-based rop/jop exploit detection
US9576138B1 (en) * 2015-09-30 2017-02-21 International Business Machines Corporation Mitigating ROP attacks
US9767292B2 (en) 2015-10-11 2017-09-19 Unexploitable Holdings Llc Systems and methods to identify security exploits by generating a type based self-assembling indirect control flow graph
US10437998B2 (en) * 2015-10-26 2019-10-08 Mcafee, Llc Hardware heuristic-driven binary translation-based execution analysis for return-oriented programming malware detection
US10419423B2 (en) 2015-10-30 2019-09-17 Mcafee, Llc Techniques for identification of location of relevant fields in a credential-seeking web page
US10878091B2 (en) * 2016-02-24 2020-12-29 Nippon Telegraph And Telephone Corporation Attack code detection device, attack code detection method, and attack code detection program
US10423792B2 (en) 2016-09-23 2019-09-24 Red Hat, Inc. Identifying exploitable code sequences
US10437990B2 (en) 2016-09-30 2019-10-08 Mcafee, Llc Detection of return oriented programming attacks in a processor
US10489592B1 (en) * 2017-03-21 2019-11-26 Symantec Corporation Creating an execution safety container for unreliable exploits
DE102017124805B4 (en) * 2017-10-24 2019-05-29 Infineon Technologies Ag MEMORY ARRANGEMENT AND METHOD FOR INTERMEDIATELY STORING MEMORY CONTENT
US11403107B2 (en) * 2018-12-05 2022-08-02 Micron Technology, Inc. Protection against timing-based security attacks by randomly adjusting reorder buffer capacity
CN112395598B (en) * 2019-08-15 2024-04-19 奇安信安全技术(珠海)有限公司 Protection method, device and equipment for damaged instruction execution sequence
US11445225B2 (en) * 2020-10-27 2022-09-13 Akamai Technologies, Inc. Measuring and improving origin offload and resource utilization in caching systems

Family Cites Families (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5956477A (en) * 1996-11-25 1999-09-21 Hewlett-Packard Company Method for processing information in a microprocessor to facilitate debug and performance monitoring
US6047363A (en) * 1997-10-14 2000-04-04 Advanced Micro Devices, Inc. Prefetching data using profile of cache misses from earlier code executions
US6134710A (en) * 1998-06-26 2000-10-17 International Business Machines Corp. Adaptive method and system to minimize the effect of long cache misses
EP1331539B1 (en) 2002-01-16 2016-09-28 Texas Instruments France Secure mode for processors supporting MMU and interrupts
US7086088B2 (en) * 2002-05-15 2006-08-01 Nokia, Inc. Preventing stack buffer overflow attacks
WO2004044745A1 (en) * 2002-11-13 2004-05-27 Fujitsu Limited Scheduling method in multithreading processor and multithreading processor
US7954102B2 (en) 2002-11-13 2011-05-31 Fujitsu Limited Scheduling method in multithreading processor, and multithreading processor
GB0226875D0 (en) * 2002-11-18 2002-12-24 Advanced Risc Mach Ltd Control of access to a memory by a device
US7134029B2 (en) 2003-11-06 2006-11-07 International Business Machines Corporation Computer-component power-consumption monitoring and control
US7392370B2 (en) 2004-01-14 2008-06-24 International Business Machines Corporation Method and apparatus for autonomically initiating measurement of secondary metrics based on hardware counter values for primary metrics
KR100586500B1 (en) 2004-03-18 2006-06-07 학교법인고려중앙학원 Method for sensing and recovery against buffer overflow attacks and apparatus thereof
FR2877118B1 (en) * 2004-10-22 2007-01-19 Oberthur Card Syst Sa PROTECTION AGAINST ATTACKS BY GENERATING FAULTS ON JUMPING INSTRUCTIONS
US7730531B2 (en) 2005-04-15 2010-06-01 Microsoft Corporation System and method for detection of artificially generated system load
US7818747B1 (en) 2005-11-03 2010-10-19 Oracle America, Inc. Cache-aware scheduling for a chip multithreading processor
US20070150881A1 (en) * 2005-12-22 2007-06-28 Motorola, Inc. Method and system for run-time cache logging
JP4915774B2 (en) 2006-03-15 2012-04-11 株式会社日立製作所 Storage system and storage system control method
US20080263324A1 (en) 2006-08-10 2008-10-23 Sehat Sutardja Dynamic core switching
US8447962B2 (en) * 2009-12-22 2013-05-21 Intel Corporation Gathering and scattering multiple data elements
JP2009217385A (en) * 2008-03-07 2009-09-24 Toshiba Corp Processor and multiprocessor
US8490061B2 (en) * 2009-05-07 2013-07-16 International Business Machines Corporation Profiling application performance according to data structure
US8689201B2 (en) * 2010-01-27 2014-04-01 Telcordia Technologies, Inc. Automated diversity using return oriented programming
CN101924761B (en) 2010-08-18 2013-11-06 北京奇虎科技有限公司 Method for detecting malicious program according to white list
US8997218B2 (en) * 2010-12-22 2015-03-31 F-Secure Corporation Detecting a return-oriented programming exploit
US8839429B2 (en) 2011-11-07 2014-09-16 Qualcomm Incorporated Methods, devices, and systems for detecting return-oriented programming exploits

Also Published As

Publication number Publication date
US9262627B2 (en) 2016-02-16
US20130117843A1 (en) 2013-05-09
JP5944520B2 (en) 2016-07-05
EP2776971B1 (en) 2019-01-16
CN103946855A (en) 2014-07-23
EP3062259A1 (en) 2016-08-31
EP2776971A2 (en) 2014-09-17
JP2014532944A (en) 2014-12-08
WO2013070773A3 (en) 2013-12-12
US8839429B2 (en) 2014-09-16
CN103946855B (en) 2017-03-08
WO2013070773A2 (en) 2013-05-16
US20140372701A1 (en) 2014-12-18

Similar Documents

Publication Publication Date Title
IN2014CN03071A (en)
GB2497470A (en) Method and apparatus for reducing power consumption in a processor by powering down an instruction fetch unit
EP2581834A4 (en) Multi-core processor system, cache coherency control method, and cache coherency control program
GB201319170D0 (en) Malware detection
GB2495361B (en) Managing a register cache based on an architected computer instruction set
GB201303300D0 (en) Data Processing
GB2514501A (en) Adaptive cache promotions in a two level caching System
GB201303302D0 (en) Data processing
BR112013003596A2 (en) information processing apparatus and information processing system
EP2746954A3 (en) Method and system for inserting cache blocks into a cache queue
IN2014CN04649A (en)
GB2499168B (en) Cache coherency control method, system, and program
WO2018132269A3 (en) Efficient breakpoint detection via caches
ATE368891T1 (en) METHOD AND DEVICES FOR STRIDE PROFILING OF A SOFTWARE APPLICATION
BR112015003676A2 (en) system, system for predicting a vehicle identity detected by multiple sensors and method for vehicle monitoring
GB2519017A (en) Next instruction access intent instruction
BR112016002377A2 (en) monitoring system of an elevator facility
MX2012005122A (en) Refrigerant leak detection system and method.
IN2014CN02619A (en)
ATE513261T1 (en) METHOD AND DEVICE FOR LOW COMPLEXITY COMMAND PRELOADING SYSTEM
GB2494331A (en) Hardware assist thread
IL206848A0 (en) Extract cache attribute facility and instruction therefore
GB201211273D0 (en) Multilevel cache system
GB2518785A (en) Concurrent control for a page miss handler
GB2525831A (en) Prefetching for parent core in multi-core chip