RETURN ADDRESS ENCRYPTION
First Claim
1. A system for preventing malicious code execution in a processor, the system comprising:
- a processor;
a memory, the memory communicatively coupled to the processor and comprising instructions, which when performed by the processor, causing the processor to perform operations comprising;
receiving a call instruction;
responsive to receiving the call instruction;
determining a return address based upon a current instruction pointer;
performing an XOR operation on the return address using a cryptographic key to create an encrypted return address; and
pushing the encrypted return address onto a stack.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed in some examples are methods, systems, and machine readable media for encrypting return addresses with a cryptographic key. The call and return operations may be changed to incorporate an XOR operation on the return address with the cryptographic key. Upon calling a function, the return address may be XORed with the key which encrypts the return address. The encrypted return address may then be placed upon the stack. Upon returning from the function, the return address may be retrieved from the stack and XORed with the cryptographic key which then decrypts the return address. The processor may then return control to the address indicated by the unencrypted return address. This method makes modifications of the return address useless as an attack vector because the result of modifying the return address will be unpredictable to the attacker as a result of the XOR operation done on the return address.
9 Citations
25 Claims
-
1. A system for preventing malicious code execution in a processor, the system comprising:
-
a processor; a memory, the memory communicatively coupled to the processor and comprising instructions, which when performed by the processor, causing the processor to perform operations comprising; receiving a call instruction; responsive to receiving the call instruction; determining a return address based upon a current instruction pointer; performing an XOR operation on the return address using a cryptographic key to create an encrypted return address; and pushing the encrypted return address onto a stack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for preventing malicious code execution in a processor, the method comprising:
-
receiving a call instruction; responsive to receiving the call instruction; determining a return address based upon a current instruction pointer; performing an XOR operation on the return address using a cryptographic key to create an encrypted return address; and pushing the encrypted return address onto a stack. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. At least one machine-readable medium for preventing malicious code execution in a processor, the machine-readable medium including instructions, which when performed by a machine causes the machine to execute a malicious code execution prevention process that performs operations comprising:
-
receiving a call instruction; responsive to receiving the call instruction; determining a return address based upon a current instruction pointer; performing an XOR operation on the return address using a cryptographic key to create an encrypted return address; and pushing the encrypted return address onto a stack. - View Dependent Claims (20, 21, 22, 23, 24, 25)
-
Specification