JP2022502723A - スタック破損のエクスプロイトに対する中間コードファイルにおけるセキュリティ緩和手段の適用 - Google Patents

スタック破損のエクスプロイトに対する中間コードファイルにおけるセキュリティ緩和手段の適用 Download PDF

Info

Publication number
JP2022502723A
JP2022502723A JP2020558936A JP2020558936A JP2022502723A JP 2022502723 A JP2022502723 A JP 2022502723A JP 2020558936 A JP2020558936 A JP 2020558936A JP 2020558936 A JP2020558936 A JP 2020558936A JP 2022502723 A JP2022502723 A JP 2022502723A
Authority
JP
Japan
Prior art keywords
code
stack
address
routines
intermediate code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
JP2020558936A
Other languages
English (en)
Japanese (ja)
Other versions
JP2022502723A5 (https=
Inventor
ナタリ ツォウヴァ
リアン グラノット
アリク ファーバー
タル グラノット
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sternum Ltd
Original Assignee
Sternum Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sternum Ltd filed Critical Sternum Ltd
Publication of JP2022502723A publication Critical patent/JP2022502723A/ja
Publication of JP2022502723A5 publication Critical patent/JP2022502723A5/ja
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/54Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30098Register arrangements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/38Concurrent instruction execution, e.g. pipeline or look ahead
    • G06F9/3802Instruction prefetching
    • G06F9/3804Instruction prefetching for branches, e.g. hedging, branch folding
    • G06F9/3806Instruction prefetching for branches, e.g. hedging, branch folding using address prediction, e.g. return stack, branch history buffer
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44589Program code verification, e.g. Java bytecode verification, proof-carrying code
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/448Execution paradigms, e.g. implementations of programming paradigms
    • G06F9/4482Procedural
    • G06F9/4484Executing subprograms
    • G06F9/4486Formation of subprogram jump address
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45504Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
    • G06F9/45508Runtime interpretation or emulation, e g. emulator loops, bytecode interpretation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Devices For Executing Special Programs (AREA)
JP2020558936A 2018-10-18 2019-10-02 スタック破損のエクスプロイトに対する中間コードファイルにおけるセキュリティ緩和手段の適用 Pending JP2022502723A (ja)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US201862747150P 2018-10-18 2018-10-18
US62/747,150 2018-10-18
PCT/IL2019/051075 WO2020079676A1 (en) 2018-10-18 2019-10-02 Applying security mitigation measures for stack corruption exploitation in intermediate code files

Publications (2)

Publication Number Publication Date
JP2022502723A true JP2022502723A (ja) 2022-01-11
JP2022502723A5 JP2022502723A5 (https=) 2022-10-12

Family

ID=70279555

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2020558936A Pending JP2022502723A (ja) 2018-10-18 2019-10-02 スタック破損のエクスプロイトに対する中間コードファイルにおけるセキュリティ緩和手段の適用

Country Status (6)

Country Link
US (2) US11231948B2 (https=)
EP (1) EP3867784B1 (https=)
JP (1) JP2022502723A (https=)
ES (1) ES2988317T3 (https=)
IL (1) IL282388B2 (https=)
WO (1) WO2020079676A1 (https=)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11157611B2 (en) * 2018-01-02 2021-10-26 Blackberry Limited Binary image stack cookie protection
US11231948B2 (en) 2018-10-18 2022-01-25 Sternum Ltd. Applying security mitigation measures for stack corruption exploitation in intermediate code files
US11176060B2 (en) 2018-10-29 2021-11-16 Sternum Ltd. Dynamic memory protection
US12353860B2 (en) * 2022-02-10 2025-07-08 Mitsubishi Electric Corporation Programmable controller system, development support device, and recording medium
US12216761B2 (en) * 2022-03-08 2025-02-04 Denso Corporation Dynamic adaptation of memory elements to prevent malicious attacks

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001216161A (ja) * 2000-02-04 2001-08-10 Internatl Business Mach Corp <Ibm> メモリ装置、スタック保護システム、コンピュータシステム、コンパイラ、スタック保護方法、記憶媒体及びプログラム伝送装置
US20090113403A1 (en) * 2007-09-27 2009-04-30 Microsoft Corporation Replacing no operations with auxiliary code

Family Cites Families (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6802056B1 (en) * 1999-06-30 2004-10-05 Microsoft Corporation Translation and transformation of heterogeneous programs
JP2001160080A (ja) * 1999-12-02 2001-06-12 Nec Corp オブジェクト指向言語によるシステムのシミュレーション方法、装置及びそのプログラムを記録した記録媒体
US7752459B2 (en) 2001-12-06 2010-07-06 Novell, Inc. Pointguard: method and system for protecting programs against pointer corruption attacks
US20040045018A1 (en) * 2002-08-27 2004-03-04 Nair Sreekumar R. Using address space bridge in postoptimizer to route indirect calls at runtime
US7356813B2 (en) * 2002-09-26 2008-04-08 Hewlett-Packard Development Company, L.P. System and method for optimizing a program
JP4518564B2 (ja) 2003-09-04 2010-08-04 サイエンスパーク株式会社 不正コード実行の防止方法、不正コード実行の防止用プログラム、及び不正コード実行の防止用プログラムの記録媒体
JP4806204B2 (ja) * 2005-03-30 2011-11-02 株式会社日立国際電気 暗号化データ通信システム
US7913243B2 (en) * 2005-06-21 2011-03-22 International Business Machines Corporation Method and system for generating and applying patches to a computer program concurrently with its execution
US8510596B1 (en) 2006-02-09 2013-08-13 Virsec Systems, Inc. System and methods for run time detection and correction of memory corruption
EP1870829B1 (en) * 2006-06-23 2014-12-03 Microsoft Corporation Securing software by enforcing data flow integrity
US7904881B2 (en) * 2006-07-26 2011-03-08 Intel Corporation Using a virtual stack for fast and composable stack cutting
US20080247532A1 (en) * 2007-04-06 2008-10-09 Waldean Allen Schulz Method and System for Representing Quantitative Properties in a Computer Program and for Validating Dimensional Integrity of Mathematical Expressions
US8996760B2 (en) * 2011-11-03 2015-03-31 Intel Corporation Method to emulate message signaled interrupts with interrupt data
US20150007142A1 (en) * 2012-12-12 2015-01-01 Google Inc. Branch destination tables
WO2015038944A1 (en) 2013-09-12 2015-03-19 Virsec Systems, Inc. Automated runtime detection of malware
US9390264B2 (en) 2014-04-18 2016-07-12 Qualcomm Incorporated Hardware-based stack control information protection
US9390260B2 (en) * 2014-06-09 2016-07-12 Lehigh University Methods for enforcing control flow of a computer program
CN106687971B (zh) 2014-06-24 2020-08-28 弗塞克系统公司 用来减少软件的攻击面的自动代码锁定
US9870469B2 (en) 2014-09-26 2018-01-16 Mcafee, Inc. Mitigation of stack corruption exploits
US9754112B1 (en) * 2014-11-24 2017-09-05 Bluerisc, Inc. Detection and healing of vulnerabilities in computer code
US9569613B2 (en) * 2014-12-23 2017-02-14 Intel Corporation Techniques for enforcing control flow integrity using binary translation
US10289842B2 (en) * 2015-11-12 2019-05-14 Samsung Electronics Co., Ltd. Method and apparatus for protecting kernel control-flow integrity using static binary instrumentation
US10157268B2 (en) * 2016-09-27 2018-12-18 Microsoft Technology Licensing, Llc Return flow guard using control stack identified by processor register
WO2018071450A1 (en) * 2016-10-11 2018-04-19 Green Hills Software, Inc. Systems, methods, and devices for vertically integrated instrumentation and trace reconstruction
US10698668B1 (en) * 2018-05-29 2020-06-30 Amazon Technologies, Inc. Custom code transformations during compilation process
US11231948B2 (en) 2018-10-18 2022-01-25 Sternum Ltd. Applying security mitigation measures for stack corruption exploitation in intermediate code files

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001216161A (ja) * 2000-02-04 2001-08-10 Internatl Business Mach Corp <Ibm> メモリ装置、スタック保護システム、コンピュータシステム、コンパイラ、スタック保護方法、記憶媒体及びプログラム伝送装置
US20090113403A1 (en) * 2007-09-27 2009-04-30 Microsoft Corporation Replacing no operations with auxiliary code

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ONARLIOGLU, KAAN ET AL.: "G-Free: Defeating Return-Oriented Programming through Gadget-less Binaries", ACSAC'10, JPN7023003646, 10 December 2010 (2010-12-10), pages 49 - 58, ISSN: 0005275023 *

Also Published As

Publication number Publication date
ES2988317T3 (es) 2024-11-20
IL282388A (en) 2021-06-30
WO2020079676A1 (en) 2020-04-23
US12517744B2 (en) 2026-01-06
US20220107827A1 (en) 2022-04-07
EP3867784A4 (en) 2022-07-06
IL282388B2 (en) 2024-01-01
EP3867784B1 (en) 2024-07-24
US11231948B2 (en) 2022-01-25
IL282388B1 (en) 2023-09-01
EP3867784A1 (en) 2021-08-25
US20200125378A1 (en) 2020-04-23

Similar Documents

Publication Publication Date Title
Williams-King et al. Egalito: Layout-agnostic binary recompilation
JP2022502723A (ja) スタック破損のエクスプロイトに対する中間コードファイルにおけるセキュリティ緩和手段の適用
US7376970B2 (en) System and method for proactive computer virus protection
US10223528B2 (en) Technologies for deterministic code flow integrity protection
JP6837064B2 (ja) ランタイム生成コードにおける悪意のあるコードの検出のためのシステムおよび方法
Yadavalli et al. Raising binaries to LLVM IR with MCTOLL (WIP paper)
US20170372068A1 (en) Method to identify known compilers functions, libraries and objects inside files and data items containing an executable code
US8429637B2 (en) System and method for conditional expansion obfuscation
JP7432523B2 (ja) 動的メモリ保護
US10762199B2 (en) Compiler assisted protection against arbitrary code execution
CN109829313B (zh) 一种基于代码复用编程防御sgx侧信道攻击的方法及装置
EP3147781A1 (en) Wrapper calls identification
Pappas et al. Practical software diversification using in-place code randomization
Nurmukhametov et al. Application of compiler transformations against software vulnerabilities exploitation
US11687440B2 (en) Method and device of protecting a first software application to generate a protected software application
WO2019149630A1 (en) Method for protecting an executable code
KR20200017120A (ko) 코스 스프레잉을 이용한 코드 보호 방법 및 시스템
Kananizadeh et al. Development of dynamic protection against timing channels
US12481732B2 (en) Protection, obfuscation, and optimization of binary executables using recompilation
KR20200017121A (ko) 원타임 코드를 이용한 코드 보호 방법 및 시스템
Davison et al. Kevlar: Transitioning helix for research to practice
Kannan Sandboxing the Firefox JIT compiler
WO2022044021A1 (en) Exploit prevention based on generation of random chaotic execution context

Legal Events

Date Code Title Description
RD01 Notification of change of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7426

Effective date: 20220630

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A821

Effective date: 20220630

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20221003

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20221003

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20230914

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20231003

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20231227

A02 Decision of refusal

Free format text: JAPANESE INTERMEDIATE CODE: A02

Effective date: 20240305