JP7432523B2 - 動的メモリ保護 - Google Patents

動的メモリ保護 Download PDF

Info

Publication number
JP7432523B2
JP7432523B2 JP2020558916A JP2020558916A JP7432523B2 JP 7432523 B2 JP7432523 B2 JP 7432523B2 JP 2020558916 A JP2020558916 A JP 2020558916A JP 2020558916 A JP2020558916 A JP 2020558916A JP 7432523 B2 JP7432523 B2 JP 7432523B2
Authority
JP
Japan
Prior art keywords
code
memory
blocks
allocated
block
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2020558916A
Other languages
English (en)
Japanese (ja)
Other versions
JP2022511170A (ja
JP2022511170A5 (https=
Inventor
ナタリ ツォウヴァ
リアン グラノット
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sternum Ltd
Original Assignee
Sternum Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sternum Ltd filed Critical Sternum Ltd
Publication of JP2022511170A publication Critical patent/JP2022511170A/ja
Publication of JP2022511170A5 publication Critical patent/JP2022511170A5/ja
Application granted granted Critical
Publication of JP7432523B2 publication Critical patent/JP7432523B2/ja
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/1425Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/54Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/0223User address space allocation, e.g. contiguous or non contiguous base addressing
    • G06F12/023Free address space management
    • G06F12/0238Memory management in non-volatile memory, e.g. resistive RAM or ferroelectric memory
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/06Addressing a physical block of locations, e.g. base addressing, module addressing, memory dedication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/41Compilation
    • G06F8/44Encoding
    • G06F8/441Register allocation; Assignment of physical memory space to logical memory space
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5011Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals
    • G06F9/5016Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals the resource being the memory
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1052Security improvement
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Virology (AREA)
  • Bioethics (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
JP2020558916A 2018-10-29 2019-10-02 動的メモリ保護 Active JP7432523B2 (ja)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US201862751774P 2018-10-29 2018-10-29
US62/751,774 2018-10-29
PCT/IL2019/051076 WO2020089885A1 (en) 2018-10-29 2019-10-02 Dynamic memory protection

Publications (3)

Publication Number Publication Date
JP2022511170A JP2022511170A (ja) 2022-01-31
JP2022511170A5 JP2022511170A5 (https=) 2022-10-07
JP7432523B2 true JP7432523B2 (ja) 2024-02-16

Family

ID=70327133

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2020558916A Active JP7432523B2 (ja) 2018-10-29 2019-10-02 動的メモリ保護

Country Status (5)

Country Link
US (2) US11176060B2 (https=)
EP (1) EP3864545B1 (https=)
JP (1) JP7432523B2 (https=)
IL (1) IL273068B2 (https=)
WO (1) WO2020089885A1 (https=)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10860709B2 (en) 2018-06-29 2020-12-08 Intel Corporation Encoded inline capabilities
US11176060B2 (en) 2018-10-29 2021-11-16 Sternum Ltd. Dynamic memory protection
US11853598B2 (en) * 2021-05-10 2023-12-26 Microsoft Technology Licensing, Llc Software memory tagging for heap overflow protection
CN115906014B (zh) * 2021-08-13 2024-07-23 华为技术有限公司 一种数据处理方法及相关装置
US12056387B2 (en) * 2022-06-03 2024-08-06 Bmc Software, Inc. Writing and reading data sets to and from cloud storage for legacy mainframe applications
US12511374B2 (en) * 2023-05-23 2025-12-30 Arm Limited Reconfigurable attack countermeasures deployed in software
US12505256B2 (en) * 2024-04-24 2025-12-23 Dell Products L.P. Method and system for detecting a change in memory
KR102834100B1 (ko) * 2024-11-06 2025-07-16 대한민국 해양자료동화시스템의 관측자료 통합 전처리 시스템 및 방법

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001216161A (ja) 2000-02-04 2001-08-10 Internatl Business Mach Corp <Ibm> メモリ装置、スタック保護システム、コンピュータシステム、コンパイラ、スタック保護方法、記憶媒体及びプログラム伝送装置
US20160026791A1 (en) 2014-07-23 2016-01-28 Grammatech, Inc. Systems and/or methods for automatically protecting against memory corruption vulnerabilities

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6832302B1 (en) * 2001-10-24 2004-12-14 At&T Corp. Methods and apparatus for detecting heap smashing
US7752459B2 (en) 2001-12-06 2010-07-06 Novell, Inc. Pointguard: method and system for protecting programs against pointer corruption attacks
US7673345B2 (en) * 2005-03-31 2010-03-02 Intel Corporation Providing extended memory protection
US8510596B1 (en) 2006-02-09 2013-08-13 Virsec Systems, Inc. System and methods for run time detection and correction of memory corruption
EP1870829B1 (en) 2006-06-23 2014-12-03 Microsoft Corporation Securing software by enforcing data flow integrity
US8434064B2 (en) * 2008-03-28 2013-04-30 Microsoft Corporation Detecting memory errors using write integrity testing
JP5011234B2 (ja) 2008-08-25 2012-08-29 株式会社日立情報システムズ 攻撃ノード群判定装置およびその方法、ならびに情報処理装置および攻撃対処方法、およびプログラム
EP2378452B1 (en) * 2010-04-16 2012-12-19 Thomson Licensing Method, device and computer program support for verification of checksums for self-modified computer code
EP2691861A4 (en) 2011-03-30 2015-01-14 Irdeto Bv PROCEDURE FOR SAFEGUARDING A MEMORY FROM POOR ATTACK
GB201105474D0 (en) 2011-03-31 2011-05-18 Albagaia Ltd Testing apparatus
US20130312058A1 (en) * 2012-01-06 2013-11-21 Optio Labs, Inc. Systems and methods for enhancing mobile security via aspect oriented programming
WO2015038944A1 (en) 2013-09-12 2015-03-19 Virsec Systems, Inc. Automated runtime detection of malware
CN106687971B (zh) 2014-06-24 2020-08-28 弗塞克系统公司 用来减少软件的攻击面的自动代码锁定
US9852052B2 (en) * 2016-03-31 2017-12-26 Intel Corporation Trusted execution of called function
EP3472746B1 (en) * 2016-06-16 2020-05-13 Virsec Systems, Inc. Systems and methods for remediating memory corruption in a computer application
US10310991B2 (en) * 2016-08-11 2019-06-04 Massachusetts Institute Of Technology Timely address space randomization
US10656885B2 (en) 2017-10-30 2020-05-19 Board Of Regents, The University Of Texas System Using object flow integrity to improve software security
US11231948B2 (en) 2018-10-18 2022-01-25 Sternum Ltd. Applying security mitigation measures for stack corruption exploitation in intermediate code files
US11176060B2 (en) 2018-10-29 2021-11-16 Sternum Ltd. Dynamic memory protection
IL269897B2 (en) 2018-11-15 2023-08-01 Sternum Ltd Implementing control flow correctness verification in code intermediate files

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001216161A (ja) 2000-02-04 2001-08-10 Internatl Business Mach Corp <Ibm> メモリ装置、スタック保護システム、コンピュータシステム、コンパイラ、スタック保護方法、記憶媒体及びプログラム伝送装置
US20160026791A1 (en) 2014-07-23 2016-01-28 Grammatech, Inc. Systems and/or methods for automatically protecting against memory corruption vulnerabilities

Also Published As

Publication number Publication date
US10983923B2 (en) 2021-04-20
IL273068B1 (en) 2024-02-01
WO2020089885A1 (en) 2020-05-07
JP2022511170A (ja) 2022-01-31
IL273068A (en) 2020-04-30
EP3864545A4 (en) 2022-06-15
US20200242238A1 (en) 2020-07-30
IL273068B2 (en) 2024-06-01
EP3864545A1 (en) 2021-08-18
EP3864545B1 (en) 2025-02-12
US11176060B2 (en) 2021-11-16
US20200133885A1 (en) 2020-04-30

Similar Documents

Publication Publication Date Title
JP7432523B2 (ja) 動的メモリ保護
JP6704504B2 (ja) 仮想アドレスマッピングを使用したターゲットアプリケーション機能のカーネルベースの検出
JP6218859B2 (ja) 仮想マシンの完全性保護のためのメモリイントロスペクションエンジン
US10795659B1 (en) System and method for live patching processes in user space
US20170161498A1 (en) Systems and methods for detection of malicious code in runtime generated code
KR102684371B1 (ko) 셀프 디버깅
US12517744B2 (en) Applying security mitigation measures for stack corruption exploitation in intermediate code files
US7805717B1 (en) Pre-computed dynamic instrumentation
KR102271273B1 (ko) 네이티브 코드 분석방지 우회를 위한 프로세스 래핑 방법, 이를 수행하기 위한 기록 매체 및 장치
Mihretie Automatic Exploit Generation for Cross-Language Attacks
Ruhland et al. embSFI: An approach for software fault isolation in embedded systems
Saito et al. Safe trans loader: mitigation and prevention of memory corruption attacks for released binaries
HK40003337A (en) Kernel-based detection of target application functionality using offset-based virtual address mapping
HK40005417A (en) Updating virtual memory addresses of target application functionalities for an updated version of application binary code
HK40005784A (en) Kernel-based detection of target application functionality using virtual address mapping

Legal Events

Date Code Title Description
RD01 Notification of change of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7426

Effective date: 20220630

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A821

Effective date: 20220630

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20220929

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20220929

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20230913

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20230926

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20231219

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20240109

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20240205

R150 Certificate of patent or registration of utility model

Ref document number: 7432523

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150