WO2022265762A1 - Pile fantôme circulaire en mode d'audit - Google Patents

Pile fantôme circulaire en mode d'audit Download PDF

Info

Publication number
WO2022265762A1
WO2022265762A1 PCT/US2022/028891 US2022028891W WO2022265762A1 WO 2022265762 A1 WO2022265762 A1 WO 2022265762A1 US 2022028891 W US2022028891 W US 2022028891W WO 2022265762 A1 WO2022265762 A1 WO 2022265762A1
Authority
WO
WIPO (PCT)
Prior art keywords
shadow stack
stack
thread
shadow
computer system
Prior art date
Application number
PCT/US2022/028891
Other languages
English (en)
Inventor
Jin Lin
Mehmet Iyigun
Jason Lin
Matthew John WOOLMAN
Original Assignee
Microsoft Technology Licensing, Llc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US17/352,283 external-priority patent/US11861364B2/en
Application filed by Microsoft Technology Licensing, Llc filed Critical Microsoft Technology Licensing, Llc
Priority to EP22727629.2A priority Critical patent/EP4356247A1/fr
Priority to CN202280042717.5A priority patent/CN117501244A/zh
Publication of WO2022265762A1 publication Critical patent/WO2022265762A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4843Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
    • G06F9/485Task life-cycle, e.g. stopping, restarting, resuming execution
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0706Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
    • G06F11/073Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in a memory management context, e.g. virtual memory or cache management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0766Error or fault reporting or storing
    • G06F11/0775Content or structure details of the error report, e.g. specific table structure, specific error fields
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0766Error or fault reporting or storing
    • G06F11/0778Dumping, i.e. gathering error/state information after a fault for later diagnosis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0793Remedial or corrective actions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/3037Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a memory, e.g. virtual memory, cache
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3409Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment for performance assessment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3604Software analysis for verifying properties of programs
    • G06F11/3612Software analysis for verifying properties of programs by runtime analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/81Threshold
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Quality & Reliability (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Executing Machine-Instructions (AREA)

Abstract

L'exécution d'une fonctionnalité de pile fantôme pour un fil dans un mode d'audit comprend l'initiation de l'exécution d'un fil au niveau du processeur. L'exécution du fil comprend l'initiation de l'exécution d'un code exécutable d'un binaire d'application en tant que partie du fil et l'activation d'une fonctionnalité de pile fantôme pour le fil dans un mode d'audit. Sur la base au moins de l'exécution du fil dans le mode d'audit, au moins une partie de la pile fantôme est activée pour se convertir en pile circulaire. En réponse à la détermination du fait que l'utilisation de la pile fantôme a atteint le seuil défini, une ou plusieurs entrées actuellement utilisées de la pile fantôme sont écrasées, empêchant ainsi la pile fantôme de déborder.
PCT/US2022/028891 2021-06-19 2022-05-12 Pile fantôme circulaire en mode d'audit WO2022265762A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP22727629.2A EP4356247A1 (fr) 2021-06-19 2022-05-12 Pile fantôme circulaire en mode d'audit
CN202280042717.5A CN117501244A (zh) 2021-06-19 2022-05-12 审计模式下的循环影子堆栈

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US17/352,283 2021-06-19
US17/352,283 US11861364B2 (en) 2020-03-24 2021-06-19 Circular shadow stack in audit mode

Publications (1)

Publication Number Publication Date
WO2022265762A1 true WO2022265762A1 (fr) 2022-12-22

Family

ID=81927417

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2022/028891 WO2022265762A1 (fr) 2021-06-19 2022-05-12 Pile fantôme circulaire en mode d'audit

Country Status (3)

Country Link
EP (1) EP4356247A1 (fr)
CN (1) CN117501244A (fr)
WO (1) WO2022265762A1 (fr)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070192576A1 (en) * 2006-02-16 2007-08-16 Moore Charles H Circular register arrays of a computer
US20160092673A1 (en) * 2014-09-26 2016-03-31 Michael LeMay Hardware shadow stack support for legacy guests

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070192576A1 (en) * 2006-02-16 2007-08-16 Moore Charles H Circular register arrays of a computer
US20160092673A1 (en) * 2014-09-26 2016-03-31 Michael LeMay Hardware shadow stack support for legacy guests

Also Published As

Publication number Publication date
EP4356247A1 (fr) 2024-04-24
CN117501244A (zh) 2024-02-02

Similar Documents

Publication Publication Date Title
US10489187B2 (en) Systems and methods for auditing a virtual machine
US10032024B2 (en) System and method for virtual partition monitoring
EP3355226B1 (fr) Politiques d'appel de système pour contenants
US9336018B2 (en) Mechanism for class data sharing using extension and application class-loaders
US11709931B2 (en) Shadow stack violation enforcement at module granularity
CN110612512A (zh) 保护虚拟执行环境
US8910155B1 (en) Methods and systems for injecting endpoint management agents into virtual machines
WO2018099292A1 (fr) Procédé et appareil de gestion de processus
WO2015113052A1 (fr) Détection et évitement de l'exécution d'exploits de logiciel
US10101915B2 (en) Methods and apparatus to manage inter-virtual disk relations in a modularized virtualization topology using virtual hard disks
US9928010B2 (en) Methods and apparatus to re-direct detected access requests in a modularized virtualization topology using virtual hard disks
JP2005327239A (ja) セキュリティ関連プログラミング・インターフェース
US11861364B2 (en) Circular shadow stack in audit mode
CN109784039B (zh) 移动终端安全运行空间的构建方法、电子设备、存储介质
US9804789B2 (en) Methods and apparatus to apply a modularized virtualization topology using virtual hard disks
WO2021194633A1 (fr) Plage d'application de pile fantôme pour code dynamique
EP4356247A1 (fr) Pile fantôme circulaire en mode d'audit
CN108241801B (zh) 处理系统调用的方法和装置
CN115495343A (zh) 一种安全维护方法、装置、存储介质及电子设备
US10126983B2 (en) Methods and apparatus to enforce life cycle rules in a modularized virtualization topology using virtual hard disks
CN108459899B (zh) 信息保护方法及装置
CN110806860B (zh) 安卓环境下的应用封装方法、装置及应用运行方法、装置
CN110795164B (zh) 应用封装方法、装置及应用运行方法、装置
US20220300315A1 (en) Supporting execution of a computer program by using a memory page of another computer program
US20220300314A1 (en) Hypervisor-assisted secured memory sharing among host and guest operating system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22727629

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2022727629

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2022727629

Country of ref document: EP

Effective date: 20240119