METHOD AND APPARATUS FOR SECURING INDIRECT FUNCTION CALLS BY USING PROGRAM COUNTER ENCODING

US 20120011371A1
Filed: 12/16/2010
Published: 01/12/2012
Est. Priority Date: 07/12/2010
Status: Active Grant

First Claim

Patent Images

1. A method for securing an indirect function call by a security apparatus using program counter encoding, the method comprising:

inserting a decoding code for an address of a library function stored in a GOT (Global Offset Table) entry into a PLT (Procedure Linkage Table) entry when an object file is built;

generating an encoding key corresponding to the decoding code; and

encoding the GOT entry corresponding to the library function by using the encoding key when program execution begins.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securing indirect function calls by using program counter encoding is provided. The method includes inserting a decoding code for an address of a library function stored in a GOT (Global Offset Table) entry into a PLT (Procedure Linkage Table) entry when an object file is built; generating an encoding key corresponding to the decoding code; and encoding the GOT entry corresponding to the library function by using the encoding key when program execution begins.

Citations

12 Claims

1. A method for securing an indirect function call by a security apparatus using program counter encoding, the method comprising:
- inserting a decoding code for an address of a library function stored in a GOT (Global Offset Table) entry into a PLT (Procedure Linkage Table) entry when an object file is built;
  
  generating an encoding key corresponding to the decoding code; and
  
  encoding the GOT entry corresponding to the library function by using the encoding key when program execution begins.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the process of inserting the decoding code into the PLT entry includes:
    - generating an executable file by linking the object file;
      
      determining an address of the PLT entry indicating the address of the library function within the executable file; and
      
      inserting the decoding code into the PLT entry.
  - 3. The method of claim 1, wherein the decoding code decodes the encoded GOT entry corresponding to at least one of an initial address stored in the GOT entry after an executable file is loaded and the library function.
  - 4. The method of claim 1, further comprising:
    - generating an executable file by linking the object files,wherein the process of encoding the GOT entry includes;
      
      loading the executable file onto a memory;
      
      generating the encoding key corresponding to the library function;
      
      searching the GOT entry corresponding to the library function; and
      
      encoding the address in GOT entry corresponding to the address of the searched library function by using the encoding key.
  - 5. The method of claim 1, wherein the process of encoding the GOT entry is performed when the library function is called for a first time and is not performed when the library function is re-called.
  - 6. The method of claim 1, wherein in the process of encoding the GOT entry, an initial address of the GOT entry is encoded when an executable file is loaded onto a memory.
  - 7. The method of claim 1, wherein the process of encoding the GOT entry is performed when an executable file is executed, regardless of a call for the library function.
  - 8. The method of claim 1, wherein the process of inserting the decoding code is performed when a static linker is operated.
  - 9. The method of claim 1, wherein the process of encoding the GOT entry is performed when a loader and a dynamic linker are operated.

10. An apparatus for securing an indirect function call by using program counter encoding, the apparatus comprising:
- a decoding code inserting unit that inserts a decoding code for decoding an address of a library function stored in a GOT entry into a PLT entry;
  
  an encoding key generating unit that generates an encoding key for the address of the library function; and
  
  an encoding unit that encodes the address of the library function to be recorded in the GOT entry by using the encoding key.
- View Dependent Claims (11, 12)
- - 11. The apparatus of claim 10, wherein execution of an executable file that calls the library function is terminated during the execution of the executable file when the library function is called without using the address of the library function encoded using a correct key.
  - 12. The apparatus of claim 11, wherein an abnormal call of the library function is notified by an input/output device when the library function is called in an invalid way.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zeus SW Defender, LLC
Original Assignee
Hongik University Industry-Academic Cooperation Foundation, Korea University Research and Business Foundation (Korea University)
Inventors
Pyo, Chang Woo, Lee, Gyungho

Granted Patent

US 8,583,939 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/190
CPC Class Codes

G06F 21/54 by adding security routines...

G06F 9/4486 Formation of subprogram jum...

METHOD AND APPARATUS FOR SECURING INDIRECT FUNCTION CALLS BY USING PROGRAM COUNTER ENCODING

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR SECURING INDIRECT FUNCTION CALLS BY USING PROGRAM COUNTER ENCODING

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links