Protecting computer code against ROP attacks

US 10,417,412 B2
Filed: 02/15/2017
Issued: 09/17/2019
Est. Priority Date: 02/15/2017
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

obtaining computer code, wherein the computer code is comprised of code blocks arranged in a first order and providing a functionality, wherein each code block of the code blocks comprises one or more program instructions;

determining, by a processor, at least one constraint on reordering the code blocks in a second order, wherein the at least one constraint ensures that the computer code after the reordering of the code blocks maintains the functionality, whereby a second computer code comprising the code blocks arranged in the second order, when executed, provides the functionality;

providing the at least one constraint to an automatic solver for determining the second order; and

providing the second computer code arranged in the second order based on the at least one constraint.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, computer product and computerized system, the method comprising: obtaining computer code, wherein the computer code is comprised of code blocks arranged in a first order and providing a functionality, wherein each code block of the code blocks comprises one or more program instructions; determining, by a processor, one or more constraints on reordering the code blocks in a second order, such that a second computer code comprising the code blocks arranged in the second order, when executed, provides the functionality; and providing the constraints to an automatic solver for determining the second order.

Citations

14 Claims

1. A method comprising:
- obtaining computer code, wherein the computer code is comprised of code blocks arranged in a first order and providing a functionality, wherein each code block of the code blocks comprises one or more program instructions;
  
  determining, by a processor, at least one constraint on reordering the code blocks in a second order, wherein the at least one constraint ensures that the computer code after the reordering of the code blocks maintains the functionality, whereby a second computer code comprising the code blocks arranged in the second order, when executed, provides the functionality;
  
  providing the at least one constraint to an automatic solver for determining the second order; and
  
  providing the second computer code arranged in the second order based on the at least one constraint.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising:
    - receiving the second order determined by the automatic solver;
      
      generating the second computer code based on the second order; and
      
      executing the second computer code.
  - 3. The method of claim 2, wherein said determining, said generating and said executing are performed by the processor.
  - 4. The method of claim 2, wherein said executing is performed by a computing platform, wherein said executing is performed in response to installation of the computer code in the computing platform.
  - 5. The method of claim 2, wherein said executing is performed by a computing platform having an installed instance of the computer code installed thereon, wherein said executing is performed in response to execution, by the computing platform, of the installed instance of the computer code.
  - 6. The method of claim 1 further comprising identifying the code blocks within the computer code.
  - 7. The method of claim 1 further comprising:
    - executing the automatic solver, obtaining a plurality of orders including the second order;
      
      receiving a request for an order;
      
      selecting a selected order from the plurality of orders; and
      
      returning the selected order, or code modified in accordance with the selected order.
  - 8. The method of claim 7, wherein the request is received by a first computing platform from a second computing platform and the selected order is returned to the second computing platform, wherein the second computing platform is enabled to execute the computer code ordered in accordance with the order.
  - 9. The method of claim 1, wherein the at least one constraint relates to a distance between a branch instruction and a destination address of the branch instruction being consistent with a field size of the destination address.
  - 10. The method of claim 1, wherein the at least one constraint relates to static block having a same location within the second order as in the first order.
  - 11. The method of claim 1, wherein the at least one constraint relates to two code blocks being on a same memory page in a computerized memory device.
  - 12. The method of claim 1, wherein the automatic solver is selected from the group consisting of:
    - a Constraint Satisfaction Problem (CSP) solver, a Boolean Satisfiability solver and a theorem prover.

13. A computerized system having a hardware processor, the hardware processor being adapted to perform the steps of:
- obtaining computer code, wherein the computer code is comprised of code blocks arranged in a first order and providing a functionality, wherein each code block of the code blocks comprises one or more program instructions;
  
  determining, by the hardware processor, at least one constraint on reordering the code blocks in a second order, wherein the at least one constraint ensures that the computer code after the reordering of the code blocks maintains the functionality, whereby a second computer code comprising the code blocks arranged in the second order, when executed, provides the functionality;
  
  providing the at least one constraint to an automatic solver for determining the second order; and
  
  providing the second computer code arranged in the second order based on the at least one constraint.

14. A computer program product comprising a non-transitory computer readable storage medium retaining program instructions configured to cause a processor to perform actions, which program instructions comprise:
- obtaining computer code, wherein the computer code is comprised of code blocks arranged in a first order and providing a functionality, wherein each code block of the code blocks comprises one or more program instructions;
  
  determining, by a processor, at least one constraint on reordering the code blocks in a second order, wherein the at least one constraint ensures that the computer code after the reordering of the code blocks maintains the functionality, whereby a second computer code comprising the code blocks arranged in the second order, when executed, provides the functionality;
  
  providing the at least one constraint to an automatic solver for determining the second order; and
  
  providing the second computer code arranged in the second order based on the at least one constraint.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Copty, Fady, Jarrous, Ayman, Salman, Tamer
Primary Examiner(s)
Tsang, Henry

Application Number

US15/432,954
Publication Number

US 20180232518A1
Time in Patent Office

944 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/52   during program execution, e...

G06F 21/566   Dynamic detection, i.e. det...

G06F 2221/033   Test or assess software

Protecting computer code against ROP attacks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting computer code against ROP attacks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links