Hardware assisted branch transfer self-check mechanism

US 10,025,930 B2
Filed: 12/24/2015
Issued: 07/17/2018
Est. Priority Date: 12/24/2015
Status: Active Grant

First Claim

Patent Images

1. A computer program product tangibly embodied on non-transient computer readable media, the computer program product comprising instructions operable when executed to:

receive, from an execution profiler implemented at least partially in hardware, execution control of an indirect branch for a function call in an executable application;

execute a callback to a self-check policy associated with the executable application for the indirect branch, wherein the self-check policy comprises at least one of a defense to a control-flow attack and a white list of authorized memory address locations for the indirect branch; and

determine, by a self-check application module implemented at least partially in hardware, whether to execute the indirect branch based on the self-check policy associated with the executable application, by;

evaluating one or more parameters for the indirect branch provided to the self-check application module by the execution profiler; and

determining whether the one or more parameters are permitted for execution based on the self-check policy;

wherein;

the parameters comprise one or both of a source register location from which the indirect call originated or a destination register location for the indirect branch call; and

the self-check application module determines whether the self-check policy permits an indirect branch from the source register to the destination register.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present disclosure are directed to a self-check application to determine whether an indirect branch execution is permissible for an executable application. The self-check application uses one or more parameters received from an execution profiling module to determine whether the indirect branch execution is permitted by one or more self-check policies.

17 Citations

View as Search Results

5 Claims

1. A computer program product tangibly embodied on non-transient computer readable media, the computer program product comprising instructions operable when executed to:
- receive, from an execution profiler implemented at least partially in hardware, execution control of an indirect branch for a function call in an executable application;
  
  execute a callback to a self-check policy associated with the executable application for the indirect branch, wherein the self-check policy comprises at least one of a defense to a control-flow attack and a white list of authorized memory address locations for the indirect branch; and
  
  determine, by a self-check application module implemented at least partially in hardware, whether to execute the indirect branch based on the self-check policy associated with the executable application, by;
  
  evaluating one or more parameters for the indirect branch provided to the self-check application module by the execution profiler; and
  
  determining whether the one or more parameters are permitted for execution based on the self-check policy;
  
  wherein;
  
  the parameters comprise one or both of a source register location from which the indirect call originated or a destination register location for the indirect branch call; and
  
  the self-check application module determines whether the self-check policy permits an indirect branch from the source register to the destination register.
- View Dependent Claims (2)
- - 2. The computer program product of claim 1, wherein the indirect branch comprises one of a near indirect call, a near indirect jump, or a near return.

3. A system comprising:
- a processor implemented at least partially in hardware;
  
  a memory;
  
  an execution profiler module implemented at least partially in hardware to;
  
  receive, from an execution profiler implemented at least partially in hardware, execution control of an indirect branch for a function call in an executable application; and
  
  determine, by a self-check handler module, whether to execute the indirect branch based on a self-check policy associated with the executable application, wherein the self-check police comprises at least one of a defense to a control-flow attack and a white list of authorized memory address locations for the indirect branch, by;
  
  evaluating one or more parameters for the indirect branch provided to a self-check handler by the execution profiler; and
  
  determining whether the one or more parameters are permitted for execution based on the self-check policy;
  
  wherein;
  
  the parameters comprise one or both of a source register location from which the indirect call originated or a destination register location for the indirect call; and
  
  the self-check handler module determines whether the self-check policies permits an indirect branch from the source register to the destination register.
- View Dependent Claims (4)
- - 4. The system of claim 3, wherein the indirect branch comprises one of a near indirect call, a near indirect jump, or a near return.

5. A system for control flow protection, the system comprising:
- a processor implemented at least partially in hardware;
  
  a memory;
  
  an execution profiler module implemented at least partially in hardware to;
  
  assemble an execution profile of a executable application execution;
  
  monitor the executable application execution for an indirect branch instruction; and
  
  identify one or more parameters associated with the indirect branch instruction; and
  
  a self-check application module implemented at least partially in hardware to determine whether the indirect branch is permitted by performing a self-check using the parameters identified by the execution profiler module, by;
  
  evaluating one or more parameters for the indirect branch provided to a self-check handler by the execution profiler; and
  
  determining whether the one or more parameters are permitted for execution based on a self-check policy, wherein the self-check policy comprises at least one of a defense to a control-flow attack and a white list of authorized memory address locations for the indirect branch;
  
  wherein;
  
  the parameters comprise one or both of a source register location from which the indirect call originated or a destination register location for the indirect call; and
  
  the self-check application module determines whether the self-check policies permits an indirect branch from the source register to the destination register.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, LLC
Inventors
Li, Xiaoning, Lu, Lixin, Sahita, Ravi
Primary Examiner(s)
Waliullah, Mohammed

Application Number

US14/998,155
Publication Number

US 20170185777A1
Time in Patent Office

936 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/52   during program execution, e...

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/567   using dedicated hardware

G06F 2221/034   Test or assess a computer o...

G06F 9/30061   Multi-way branch instructio...

Hardware assisted branch transfer self-check mechanism

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

5 Claims

Specification

Solutions

Use Cases

Quick Links

Hardware assisted branch transfer self-check mechanism

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

5 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links