TECHNOLOGIES FOR INDIRECT BRANCH TARGET SECURITY
First Claim
1. A computing device for executing an indirect branch instruction, the computing device comprising:
- an indirect branch target module to;
determine an indirect branch target of the indirect branch instruction,load a memory tag associated with a holder of the indirect branch target;
determine whether the memory tag associated with the holder of the indirect branch target is set; and
generate a security fault in response to a determination that the memory tag is not set.
1 Assignment
0 Petitions
Accused Products
Abstract
Technologies for indirect branch target security include a computing device having a processor to execute an indirect branch instruction. The processor may determine an indirect branch target of the indirect branch instruction, load a memory tag associated with the indirect branch target, and determine whether the memory tag is set. The processor may generate a security fault if the memory tag is not set. The processor may load an encrypted indirect branch target, decrypt the encrypted branch target using an activation record key stored in an activation key register, and perform a jump to the indirect branch target. The processor may generate a next activation record coordinate as a function of the activation record key and a return address of a call instruction and generate the next activation record key as a function of the next activation record coordinate. Other embodiments are described and claimed.
-
Citations
25 Claims
-
1. A computing device for executing an indirect branch instruction, the computing device comprising:
an indirect branch target module to; determine an indirect branch target of the indirect branch instruction, load a memory tag associated with a holder of the indirect branch target; determine whether the memory tag associated with the holder of the indirect branch target is set; and generate a security fault in response to a determination that the memory tag is not set. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. One or more computer-readable storage media comprising a plurality of instructions that in response to being executed cause a computing device to:
-
determine an indirect branch target of the indirect branch instruction, load a memory tag associated with a holder of the indirect branch target; determine, by an indirect branch module of the computing device, whether the memory tag associated with the holder of the indirect branch target is set; and generate, by the indirect branch module, a security fault in response to determining the memory tag is not set. - View Dependent Claims (9, 10, 11)
-
-
12. A computing device for executing an indirect branch instruction, the computing device comprising:
a processor comprising; an activation record key register; and an indirect branch target module to;
(i) load an encrypted indirect branch target, (ii) decrypt the encrypted indirect branch target using an activation record key stored in the activation record key register to generate an indirect branch target, (iii) and perform a jump to the indirect branch target.- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
21. One or more computer-readable storage media comprising a plurality of instructions that in response to being executed cause a computing device to:
-
load, by an indirect branch target module of a processor of the computing device, an encrypted indirect branch target; decrypt, by the indirect branch target module, the encrypted indirect branch target using an activation record key stored in an activation record key register of the processor to generate an indirect branch target; and perform a jump to the indirect branch target. - View Dependent Claims (22, 23, 24, 25)
-
Specification