Preventing stack buffer overflow attacks
First Claim
1. A method for preventing stack buffer overflow in a computer system, comprising steps of:
- (a) prior to their execution, scanning opcodes for a trigger opcode;
(b) for each trigger opcode found, encrypting an operand associated with the trigger opcode;
(c) at execution of the trigger opcode, using the operand'"'"'s corresponding encrypted value instead of the operand'"'"'s actual value.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and system for preventing stack buffer overflow attacks in a computer system are disclosed. A computer system can prevent stack buffer overflow attacks by encrypting return addresses prior to pushing them onto the runtime stack. When an encrypted return address is popped off the runtime stack, the computer system decrypts the encrypted return address to determine the actual return address. A random encryption key can be used, which can be generated from the CPU'"'"'s clock cycle counter. Multitasking environments can add a seed register to the task state so that each task can use a unique seed to encrypt the return addresses.
-
Citations
30 Claims
-
1. A method for preventing stack buffer overflow in a computer system, comprising steps of:
-
(a) prior to their execution, scanning opcodes for a trigger opcode;
(b) for each trigger opcode found, encrypting an operand associated with the trigger opcode;
(c) at execution of the trigger opcode, using the operand'"'"'s corresponding encrypted value instead of the operand'"'"'s actual value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer system, comprising:
-
a CPU that controls operation of the computer system based on an operating system stored in a memory, wherein the CPU scans each operation code (opcode), prior to their execution, for a trigger opcode;
an encryption module that encrypts a trigger opcode'"'"'s operand before the operand is stored in a runtime memory during execution of a program; and
a decryption module that decrypts the trigger opcode'"'"'s operand when the decrypted operand is read from the runtime memory during execution of the program. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A mobile terminal, comprising:
-
a CPU that controls operation of the mobile terminal based on an operating system stored in a memory, wherein the CPU scans each operation code (opcode), prior to their execution, for a trigger opcode;
an encryption module that encrypts a trigger opcode'"'"'s operand before the operand is stored in a runtime memory during execution of a program; and
a decryption module that decrypts the trigger opcode'"'"'s operand when the decrypted operand is read from the runtime memory during execution of the program. - View Dependent Claims (23, 24, 25, 26, 27, 28)
-
-
29. A method for preventing stack buffer overflow attacks, comprising steps of:
-
(a) prefetching code to be executed on a CPU;
(b) scanning the prefetched code for instances of a ‘
call’
operation code (opcode);
(c) for each found instance of the ‘
call’
opcode, encrypting a return address associated with that instance;
(d) storing each found instance'"'"'s return address and its corresponding encrypted value in a lookup table;
(e) at execution of each instance of the ‘
call’
opcode, looking up its associated return address in the lookup table, and pushing the looked up return address'"'"'s encrypted value onto a runtime stack;
(f) when each encrypted value is read off the runtime stack, decrypting the encrypted value to determine an execution control flow return address. - View Dependent Claims (30)
-
Specification