TECHNOLOGIES FOR INDIRECT BRANCH TARGET SECURITY

US 20160170769A1
Filed: 12/15/2014
Published: 06/16/2016
Est. Priority Date: 12/15/2014
Status: Active Grant

First Claim

Patent Images

1. A computing device for executing an indirect branch instruction, the computing device comprising:

an indirect branch target module to;

determine an indirect branch target of the indirect branch instruction,load a memory tag associated with a holder of the indirect branch target;

determine whether the memory tag associated with the holder of the indirect branch target is set; and

generate a security fault in response to a determination that the memory tag is not set.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technologies for indirect branch target security include a computing device having a processor to execute an indirect branch instruction. The processor may determine an indirect branch target of the indirect branch instruction, load a memory tag associated with the indirect branch target, and determine whether the memory tag is set. The processor may generate a security fault if the memory tag is not set. The processor may load an encrypted indirect branch target, decrypt the encrypted branch target using an activation record key stored in an activation key register, and perform a jump to the indirect branch target. The processor may generate a next activation record coordinate as a function of the activation record key and a return address of a call instruction and generate the next activation record key as a function of the next activation record coordinate. Other embodiments are described and claimed.

Citations

25 Claims

1. A computing device for executing an indirect branch instruction, the computing device comprising:
- an indirect branch target module to;
  
  determine an indirect branch target of the indirect branch instruction,load a memory tag associated with a holder of the indirect branch target;
  
  determine whether the memory tag associated with the holder of the indirect branch target is set; and
  
  generate a security fault in response to a determination that the memory tag is not set.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computing device of claim 1, wherein the indirect branch target module is further to:
    - determine whether the indirect branch instruction is a call instruction; and
      
      set a second memory tag associated with a holder of a return address of the call instruction in response to a determination that the indirect branch instruction is a call instruction and in response to a determination that the memory tag is set.
  - 3. The computing device of claim 1, wherein the indirect branch target module is further to:
    - determine whether the indirect branch instruction is a return instruction; and
      
      clear the memory tag associated with a holder of the indirect branch target in response to a determination that the indirect branch instruction is a return instruction and in response to a determination that the memory tag is set.
  - 4. The computing device of claim 1, further comprising a tag memory, wherein the tag memory is not accessible to unprivileged software of the computing device, and wherein to load the memory tag associated with the holder of the indirect branch target comprises to load the memory tag from the tag memory.
  - 5. The computing device of claim 4, wherein the tag memory comprises a dedicated memory other than a main memory of the computing device.
  - 6. The computing device of claim 4, wherein the tag memory comprises a part of a main memory of the computing device.
  - 7. The computing device of claim 1, further comprising a write-monitoring module to:
    - detect a memory store to the holder of the indirect branch target; and
      
      clear the memory tag associated with the holder of the indirect branch target in response to detection of the memory store.

8. One or more computer-readable storage media comprising a plurality of instructions that in response to being executed cause a computing device to:
- determine an indirect branch target of the indirect branch instruction,load a memory tag associated with a holder of the indirect branch target;
  
  determine, by an indirect branch module of the computing device, whether the memory tag associated with the holder of the indirect branch target is set; and
  
  generate, by the indirect branch module, a security fault in response to determining the memory tag is not set.
- View Dependent Claims (9, 10, 11)
- - 9. The one or more computer-readable storage media of claim 8, further comprising a plurality of instructions that in response to being executed cause the computing device to:
    - determine whether the indirect branch instruction is a call instruction; and
      
      set, by the indirect branch module, a second memory tag associated with a holder of a return address of the call instruction in response to determining the indirect branch instruction is a call instruction and in response to determining the memory tag is set.
  - 10. The one or more computer-readable storage media of claim 8, further comprising a plurality of instructions that in response to being executed cause the computing device to:
    - determine whether the indirect branch instruction is a return instruction in response to determining the memory tag is set; and
      
      clear, by the indirect branch module, the memory tag associated with the holder of the indirect branch target in response to determining the indirect branch instruction is a return instruction.
  - 11. The one or more computer-readable storage media of claim 8, further comprising a plurality of instructions that in response to being executed cause the computing device to:
    - detect a memory store to the holder of the indirect branch target; and
      
      clear the memory tag associated with the holder of the indirect branch target in response to detecting the memory store.

12. A computing device for executing an indirect branch instruction, the computing device comprising:
- a processor comprising;
  
  an activation record key register; and
  
  an indirect branch target module to;
  
  (i) load an encrypted indirect branch target, (ii) decrypt the encrypted indirect branch target using an activation record key stored in the activation record key register to generate an indirect branch target, (iii) and perform a jump to the indirect branch target.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The computing device of claim 12, wherein the activation record key register is not accessible to unprivileged software of the computing device.
  - 14. The computing device of claim 12, wherein:
    - the indirect branch module is further to determine whether the indirect branch instruction is a return instruction; and
      
      to load the encrypted indirect branch target comprises to pop an encrypted activation record coordinate from a call stack of the computing device in response to a determination that the indirect branch instruction is a return instruction.
  - 15. The computing device of claim 14, wherein to decrypt the encrypted indirect branch target comprises, in response to the determination that the indirect branch instruction is a return instruction, to:
    - decrypt the encrypted activation record coordinate using the activation record key stored in the activation record key register to generate an activation record coordinate;
      
      extract a return address from the activation record coordinate, wherein the indirect branch target comprises the return address;
      
      extract a parent activation record key from the activation record coordinate; and
      
      set the activation record key register to the parent activation record key.
  - 16. The computing device of claim 15, wherein:
    - to extract the return address comprises to extract a lower 48 bits of the activation record coordinate; and
      
      to extract the parent activation record key comprises to extract an upper 16 bits of the activation record coordinate.
  - 17. The computing device of claim 12, wherein the indirect branch target module is further to:
    - determine whether the indirect branch instruction is a call instruction;
      
      generate, in response to a determination that the indirect branch instruction is a call instruction, a next activation record coordinate as a function of the activation record key stored in the activation record key register and a return address of the call instruction;
      
      determine a next activation record key as a hash function of the next activation record coordinate;
      
      encrypt the next activation record coordinate using the next activation record key to generate an encrypted next activation record coordinate; and
      
      push the encrypted next activation record onto a call stack of the computing device.
  - 18. The computing device of claim 17, wherein to generate the next activation record coordinate comprises to concatenate the activation record key and a lower 48 bits of the return address.
  - 19. The computing device of claim 12, further comprising an activation record authorization delegation module to:
    - load a delegator encrypted indirect branch target;
      
      decrypt the delegator encrypted indirect branch target using a delegator activation record key to generate the indirect branch target; and
      
      encrypt the indirect branch target using the activation record key to generate the encrypted indirect branch target.
  - 20. The computing device of claim 12, further comprising an activation record authorization management module to identify, by privileged software of the computing device, a first activation record coordinate of an active activation record, wherein to identify the first activation record coordinate comprises to search a call stack of the computing device using the activation record key stored in the activation record key register.

21. One or more computer-readable storage media comprising a plurality of instructions that in response to being executed cause a computing device to:
- load, by an indirect branch target module of a processor of the computing device, an encrypted indirect branch target;
  
  decrypt, by the indirect branch target module, the encrypted indirect branch target using an activation record key stored in an activation record key register of the processor to generate an indirect branch target; and
  
  perform a jump to the indirect branch target.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The one or more computer-readable storage media of claim 21, further comprising a plurality of instructions that in response to being executed cause the computing device to determine, by the computing device, whether the indirect branch instruction is a return instruction, wherein:
    - to load the encrypted indirect branch target comprises to pop an encrypted activation record coordinate from a call stack of the computing device in response to determining the indirect branch instruction is a return instruction.
  - 23. The one or more computer-readable storage media of claim 22, wherein to decrypt the encrypted indirect branch target comprises, in response to determining the indirect branch instruction is a return instruction, to:
    - decrypt the encrypted activation record coordinate using the activation record key stored in the activation record key register to generate an activation record coordinate;
      
      extract a return address from the activation record coordinate, wherein the indirect branch target comprises the return address;
      
      extract a parent activation record key from the activation record coordinate; and
      
      set the activation record key register to the parent activation record key.
  - 24. The one or more computer-readable storage media of claim 21, further comprising a plurality of instructions that in response to being executed cause the computing device to:
    - determine whether the indirect branch instruction is a call instruction;
      
      generate, by the indirect branch target module and in response to determining that the indirect branch instruction is a call instruction, a next activation record coordinate as a function of the activation record key stored in the activation record key register and a return address of the call instruction;
      
      determine, by the indirect branch target module, a next activation record key as a hash function of the next activation record coordinate;
      
      encrypt, by the indirect branch target module, the next activation record coordinate using the next activation record key to generate an encrypted next activation record coordinate; and
      
      push, by the indirect branch target module, the encrypted next activation record onto a call stack of the computing device.
  - 25. The one or more computer-readable storage media of claim 21, further comprising a plurality of instructions that in response to being executed cause the computing device to:
    - load a delegator encrypted indirect branch target;
      
      decrypt the delegator encrypted indirect branch target using a delegator activation record key to generate the indirect branch target; and
      
      encrypt the indirect branch target using the activation record key to generate the encrypted indirect branch target.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
LeMay, Michael

Granted Patent

US 9,830,162 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 12/12   Replacement control

G06F 12/1408   by using cryptography for d...

G06F 21/566   Dynamic detection, i.e. det...

G06F 2212/1052   Security improvement

G06F 2212/70   Details relating to dynamic...

G06F 9/30043   LOAD or STORE instructions;...

G06F 9/30054   Unconditional branch instru...

G06F 9/323   for indirect branch instruc...

G06F 9/35   Indirect addressing

G06F 9/3863   using multiple copies of th...

H04L 9/0861   Generation of secret inform...

TECHNOLOGIES FOR INDIRECT BRANCH TARGET SECURITY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

TECHNOLOGIES FOR INDIRECT BRANCH TARGET SECURITY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links