Attack protection for valid gadget control transfers

US 10,445,494 B2
Filed: 07/25/2017
Issued: 10/15/2019
Est. Priority Date: 10/20/2014
Status: Active Grant

First Claim

Patent Images

1. At least one non-transitory computer readable medium including instructions that when executed enable a system to:

during execution of a process on a processor of the system and prior to a call to a function, store a first value in a first register of a plurality of registers of the processor, the first value comprising a random value;

responsive to a control transfer termination (CTT) instruction encountered after a control transfer operation that returns from the function, determine whether a current value of the first register equals the first value;

if so, continue execution of the process, and otherwise raise a violation; and

set a page to an execute only status, the page including the instructions to store the random value in the first register via immediate parameters.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a processor comprises: a first register to store a first bound value for a stack to be stored in a memory; a second register to store a second bound value for the stack; a checker logic to determine, prior to an exit point at a conclusion of a function to be executed on the processor, whether a value of a stack pointer is within a range between the first bound value and the second bound value; and a logic to prevent a return to a caller of the function if the stack pointer value is not within the range. Other embodiments are described and claimed.

81 Citations

View as Search Results

17 Claims

1. At least one non-transitory computer readable medium including instructions that when executed enable a system to:
- during execution of a process on a processor of the system and prior to a call to a function, store a first value in a first register of a plurality of registers of the processor, the first value comprising a random value;
  
  responsive to a control transfer termination (CTT) instruction encountered after a control transfer operation that returns from the function, determine whether a current value of the first register equals the first value;
  
  if so, continue execution of the process, and otherwise raise a violation; and
  
  set a page to an execute only status, the page including the instructions to store the random value in the first register via immediate parameters.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The at least one non-transitory computer readable medium of claim 1, further comprising instructions that when executed enable the system to, during execution of the function, store the first value of the first register to a storage, use the first register to store a first function value and, prior to a termination of the function, to restore the first value from the storage to the first register.
  - 3. The at least one non-transitory computer readable medium of claim 1, wherein to raise the violation comprises a fault to indicate presence of a malware attack in which the function is at least one of improperly entered or improperly exited.
  - 4. The at least one non-transitory computer readable medium of claim 1, further comprising instructions that when executed enable the system, responsive to the violation, to perform one or more of termination of the process, shutdown of the system, and shutdown of a guest that caused the violation.
  - 5. The at least one non-transitory computer readable medium of claim 1, wherein the processor comprises an interlock register, the interlock register corresponding to the first register.
  - 6. The at least one non-transitory computer readable medium of claim 1, wherein to raise the violation comprises insertion of a CTT fault micro-operation into a pipeline of the processor.
  - 7. The at least one non-transitory computer readable medium of claim 1, further comprising instructions that when executed enable the system to save a value of the first register to a stack before the call to the function.
  - 8. The at least one non-transitory computer readable medium of claim 7, further comprising instructions that when executed enable the system to restore the value of the first register from the stack to the first register upon the continued process execution.
  - 9. The at least one non-transitory computer readable medium of claim 1, further comprising instructions that when executed enable the system to update an extended page table entry associated with the page to the execute only status, wherein an entry associated with the page in a first page table is set to a read execute status.

10. An apparatus comprising:
- a decode circuit to decode instructions;
  
  an execution circuit to execute at least some of the decoded instructions;
  
  a hardware stack to store return addresses;
  
  a plurality of registers; and
  
  wherein the execution circuit is to;
  
  during execution of a process and prior to a call to a function, store a first value in a first register of the plurality of registers, the first value comprising a random value;
  
  responsive to a control transfer termination (CTT) instruction encountered after a control transfer operation that returns from the function, determine whether a current value of the first register equals the first value;
  
  if so, continue execution of the process, and otherwise raise a violation, andset a page to an execute only status, the page including at least one instruction to store the random value in the first register via immediate parameters.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The apparatus of claim 10, wherein the execution circuit comprises a pseudorandom number generator to generate the random value.
  - 12. The apparatus of claim 10, wherein the first register comprises an interlock register.
  - 13. The apparatus of claim 10, wherein the execution circuit comprises a comparison logic to compare the current value and the first value.
  - 14. The apparatus of claim 10, wherein the execution circuit, during execution of the function, is to obtain the first value from the hardware stack and restore the first value to the first register.

15. A method comprising:
- during execution of a process on a processor of a system and prior to a call to a function, storing a first value in a first register of a plurality of registers of the processor, the first value comprising a random value;
  
  responsive to a control transfer termination (CTT) instruction encountered after a control transfer operation that returns from the function, determining whether a current value of the first register equals the first value;
  
  if so, continuing execution of the process, and otherwise raising a violation; and
  
  setting a page to an execute only status, the page including at least one instruction to store the random value in the first register via immediate parameters.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15, wherein raising the violation comprises inserting a CTT fault micro-operation into a pipeline of the processor.
  - 17. The method of claim 15, further comprising updating an extended page table entry associated with the page to the execute only status, wherein an entry associated with the page in a first page table is set to a read execute status.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Shanbhogue, Vedvyas, Sahita, Ravi L., Bulygin, Yuriy, Li, Xiaoning, Brandt, Jason W.
Primary Examiner(s)
King, John B

Application Number

US15/658,699
Publication Number

US 20170329961A1
Time in Patent Office

812 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/52   during program execution, e...

G06F 9/30021   Compare instructions, e.g. ...

G06F 9/30054   Unconditional branch instru...

G06F 9/30076   to perform miscellaneous co...

G06F 9/30134   Register stacks; shift regi...

G06F 9/3861   Recovery, e.g. branch miss-...

G06F 9/4484   Executing subprograms

Attack protection for valid gadget control transfers

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

81 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Attack protection for valid gadget control transfers

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

81 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links