CREATING STACK POSITION DEPENDENT CRYPTOGRAPHIC RETURN ADDRESS TO MITIGATE RETURN ORIENTED PROGRAMMING ATTACKS
First Claim
Patent Images
1. A computing device to secure return addresses to mitigate return oriented programming attacks, the computing device comprising:
- a processor comprising call logic,wherein, prior to storage of a return address on a call stack, the call logic is to;
read a secret key from a memory location of the computing device that is readable by the processor;
determine a stack position identifier, the stack position identifier usable to determine a location on the call stack at which the return address is to be stored;
generate security data by execution of a cryptographic algorithm with a plurality of inputs including;
(i) the secret key and (ii) the stack position identifier, the output of the cryptographic algorithm being the security data; and
store the security data in a memory location that is readable by the processor.
1 Assignment
0 Petitions
Accused Products
Abstract
A computing device includes technologies for securing return addresses that are used by a processor to control the flow of execution of a program. The computing device uses a cryptographic algorithm to provide security for a return address in a manner that binds the return address to a location in a stack.
68 Citations
25 Claims
-
1. A computing device to secure return addresses to mitigate return oriented programming attacks, the computing device comprising:
-
a processor comprising call logic, wherein, prior to storage of a return address on a call stack, the call logic is to; read a secret key from a memory location of the computing device that is readable by the processor; determine a stack position identifier, the stack position identifier usable to determine a location on the call stack at which the return address is to be stored; generate security data by execution of a cryptographic algorithm with a plurality of inputs including;
(i) the secret key and (ii) the stack position identifier, the output of the cryptographic algorithm being the security data; andstore the security data in a memory location that is readable by the processor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for securing an address used by a processor of a computing device to control the flow of execution of a program, the method comprising:
prior to storing an address on a stack; reading a secret key from a memory location of the computing device that is readable by the processor; determining a stack position identifier, the stack position identifier usable to determine a location on the stack at which the address is to be stored; generating security data by executing a cryptographic algorithm with a plurality of inputs including;
(i) the secret key and (ii) the stack position identifier, the output of the cryptographic algorithm being the security data; andstoring the security data in a memory location that is readable by the processor. - View Dependent Claims (16, 17, 18)
-
19. One or more non-transitory machine readable storage media comprising a plurality of instructions stored thereon that in response to being executed result in a computing device securing an address used by a processor of a computing device to control the flow of execution of a program, by:
prior to storing an address on a stack; reading a secret key from a memory location of the computing device that is readable by the processor; determining a stack position identifier, the stack position identifier usable to determine a location on the stack at which the address is to be stored; generating security data by executing a cryptographic algorithm with a plurality of inputs including;
(i) the secret key and (ii) the stack position identifier, the output of the cryptographic algorithm being the security data; andstoring the security data in a memory location that is readable by the processor. - View Dependent Claims (20, 21, 22, 23, 24, 25)
Specification