WO2022265762A1 - Pile fantôme circulaire en mode d'audit - Google Patents
Pile fantôme circulaire en mode d'audit Download PDFInfo
- Publication number
- WO2022265762A1 WO2022265762A1 PCT/US2022/028891 US2022028891W WO2022265762A1 WO 2022265762 A1 WO2022265762 A1 WO 2022265762A1 US 2022028891 W US2022028891 W US 2022028891W WO 2022265762 A1 WO2022265762 A1 WO 2022265762A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- shadow stack
- stack
- thread
- shadow
- computer system
- Prior art date
Links
- 238000012550 audit Methods 0.000 title claims abstract description 55
- 230000000977 initiatory effect Effects 0.000 claims abstract description 24
- 230000004044 response Effects 0.000 claims abstract description 10
- 238000000034 method Methods 0.000 claims description 79
- 230000008569 process Effects 0.000 claims description 17
- 230000001960 triggered effect Effects 0.000 claims description 15
- 238000012545 processing Methods 0.000 description 16
- 230000006870 function Effects 0.000 description 11
- VEMKTZHHVJILDY-UHFFFAOYSA-N resmethrin Chemical compound CC1(C)C(C=C(C)C)C1C(=O)OCC1=COC(CC=2C=CC=CC=2)=C1 VEMKTZHHVJILDY-UHFFFAOYSA-N 0.000 description 11
- 230000005540 biological transmission Effects 0.000 description 6
- 230000006399 behavior Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000008685 targeting Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 229920001690 polydopamine Polymers 0.000 description 1
- 238000011176 pooling Methods 0.000 description 1
- 238000010561 standard procedure Methods 0.000 description 1
- 238000013403 standard screening design Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/48—Program initiating; Program switching, e.g. by interrupt
- G06F9/4806—Task transfer initiation or dispatching
- G06F9/4843—Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
- G06F9/485—Task life-cycle, e.g. stopping, restarting, resuming execution
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0706—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
- G06F11/073—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in a memory management context, e.g. virtual memory or cache management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0766—Error or fault reporting or storing
- G06F11/0775—Content or structure details of the error report, e.g. specific table structure, specific error fields
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0766—Error or fault reporting or storing
- G06F11/0778—Dumping, i.e. gathering error/state information after a fault for later diagnosis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0793—Remedial or corrective actions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/3037—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a memory, e.g. virtual memory, cache
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3409—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment for performance assessment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3612—Software analysis for verifying properties of programs by runtime analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
- G06F2201/81—Threshold
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2101—Auditing as a secondary aspect
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Quality & Reliability (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Executing Machine-Instructions (AREA)
Abstract
L'exécution d'une fonctionnalité de pile fantôme pour un fil dans un mode d'audit comprend l'initiation de l'exécution d'un fil au niveau du processeur. L'exécution du fil comprend l'initiation de l'exécution d'un code exécutable d'un binaire d'application en tant que partie du fil et l'activation d'une fonctionnalité de pile fantôme pour le fil dans un mode d'audit. Sur la base au moins de l'exécution du fil dans le mode d'audit, au moins une partie de la pile fantôme est activée pour se convertir en pile circulaire. En réponse à la détermination du fait que l'utilisation de la pile fantôme a atteint le seuil défini, une ou plusieurs entrées actuellement utilisées de la pile fantôme sont écrasées, empêchant ainsi la pile fantôme de déborder.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP22727629.2A EP4356247A1 (fr) | 2021-06-19 | 2022-05-12 | Pile fantôme circulaire en mode d'audit |
CN202280042717.5A CN117501244A (zh) | 2021-06-19 | 2022-05-12 | 审计模式下的循环影子堆栈 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US17/352,283 | 2021-06-19 | ||
US17/352,283 US11861364B2 (en) | 2020-03-24 | 2021-06-19 | Circular shadow stack in audit mode |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022265762A1 true WO2022265762A1 (fr) | 2022-12-22 |
Family
ID=81927417
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2022/028891 WO2022265762A1 (fr) | 2021-06-19 | 2022-05-12 | Pile fantôme circulaire en mode d'audit |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP4356247A1 (fr) |
CN (1) | CN117501244A (fr) |
WO (1) | WO2022265762A1 (fr) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070192576A1 (en) * | 2006-02-16 | 2007-08-16 | Moore Charles H | Circular register arrays of a computer |
US20160092673A1 (en) * | 2014-09-26 | 2016-03-31 | Michael LeMay | Hardware shadow stack support for legacy guests |
-
2022
- 2022-05-12 EP EP22727629.2A patent/EP4356247A1/fr active Pending
- 2022-05-12 CN CN202280042717.5A patent/CN117501244A/zh active Pending
- 2022-05-12 WO PCT/US2022/028891 patent/WO2022265762A1/fr active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070192576A1 (en) * | 2006-02-16 | 2007-08-16 | Moore Charles H | Circular register arrays of a computer |
US20160092673A1 (en) * | 2014-09-26 | 2016-03-31 | Michael LeMay | Hardware shadow stack support for legacy guests |
Also Published As
Publication number | Publication date |
---|---|
EP4356247A1 (fr) | 2024-04-24 |
CN117501244A (zh) | 2024-02-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10489187B2 (en) | Systems and methods for auditing a virtual machine | |
US10032024B2 (en) | System and method for virtual partition monitoring | |
EP3355226B1 (fr) | Politiques d'appel de système pour contenants | |
US9336018B2 (en) | Mechanism for class data sharing using extension and application class-loaders | |
US11709931B2 (en) | Shadow stack violation enforcement at module granularity | |
CN110612512A (zh) | 保护虚拟执行环境 | |
US8910155B1 (en) | Methods and systems for injecting endpoint management agents into virtual machines | |
WO2018099292A1 (fr) | Procédé et appareil de gestion de processus | |
WO2015113052A1 (fr) | Détection et évitement de l'exécution d'exploits de logiciel | |
US10101915B2 (en) | Methods and apparatus to manage inter-virtual disk relations in a modularized virtualization topology using virtual hard disks | |
US9928010B2 (en) | Methods and apparatus to re-direct detected access requests in a modularized virtualization topology using virtual hard disks | |
JP2005327239A (ja) | セキュリティ関連プログラミング・インターフェース | |
US11861364B2 (en) | Circular shadow stack in audit mode | |
CN109784039B (zh) | 移动终端安全运行空间的构建方法、电子设备、存储介质 | |
US9804789B2 (en) | Methods and apparatus to apply a modularized virtualization topology using virtual hard disks | |
WO2021194633A1 (fr) | Plage d'application de pile fantôme pour code dynamique | |
EP4356247A1 (fr) | Pile fantôme circulaire en mode d'audit | |
CN108241801B (zh) | 处理系统调用的方法和装置 | |
CN115495343A (zh) | 一种安全维护方法、装置、存储介质及电子设备 | |
US10126983B2 (en) | Methods and apparatus to enforce life cycle rules in a modularized virtualization topology using virtual hard disks | |
CN108459899B (zh) | 信息保护方法及装置 | |
CN110806860B (zh) | 安卓环境下的应用封装方法、装置及应用运行方法、装置 | |
CN110795164B (zh) | 应用封装方法、装置及应用运行方法、装置 | |
US20220300315A1 (en) | Supporting execution of a computer program by using a memory page of another computer program | |
US20220300314A1 (en) | Hypervisor-assisted secured memory sharing among host and guest operating system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 22727629 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2022727629 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2022727629 Country of ref document: EP Effective date: 20240119 |