DYNAMIC MEMORY PROTECTION

US 20200133885A1
Filed: 10/02/2019
Published: 04/30/2020
Est. Priority Date: 10/29/2018
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method of generating code files adjusted to apply dynamic memory protection, comprising:

receiving at least one code file comprising a plurality of routines, the at least one code file was created for execution by at least one processor using a dynamic memory region supporting run-time dynamic allocation of memory blocks;

adjusting the at least one code file by;

analyzing the at least one code file to identify at least one exploitation vulnerable routine of the plurality of routines, andadding a memory integrity code segment configured to detect, upon execution completion of the at least one vulnerable routine, a write operation exceeding from a memory space of at least one of a subset of most recently allocated blocks of a plurality of blocks allocated in the dynamic memory region to a memory space of an adjacent one of the plurality of blocks using at least one of a plurality of markers inserted in the dynamic memory region in at least one boundary of each of the blocks of the subset; and

outputting the at least one adjusted code file;

wherein, in runtime, in case the write operation is detected, the memory integrity code segment causes the at least one processor to initiate at least one predefined action.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Presented herein are methods and systems for adjusting code files to apply memory protection for dynamic memory regions supporting run-time dynamic allocation of memory blocks. The code file(s), comprising a plurality of routines, are created for execution by one or more processors using the dynamic memory. Adjusting the code file(s) comprises analyzing the code file(s) to identify exploitation vulnerable routine(s) and adding a memory integrity code segment configured to detect, upon execution completion of each vulnerable routine, a write operation exceeding from a memory space of one or more of a subset of most recently allocated blocks allocated in the dynamic memory to a memory space of an adjacent block using marker(s) inserted in the dynamic memory in the boundary(s) of each of the subset'"'"'s blocks. In runtime, in case the write operation is detected, the memory integrity code segment causes the processor(s) to initiate one or more predefined actions.

Citations

34 Claims

1. A computer implemented method of generating code files adjusted to apply dynamic memory protection, comprising:
- receiving at least one code file comprising a plurality of routines, the at least one code file was created for execution by at least one processor using a dynamic memory region supporting run-time dynamic allocation of memory blocks;
  
  adjusting the at least one code file by;
  
  analyzing the at least one code file to identify at least one exploitation vulnerable routine of the plurality of routines, andadding a memory integrity code segment configured to detect, upon execution completion of the at least one vulnerable routine, a write operation exceeding from a memory space of at least one of a subset of most recently allocated blocks of a plurality of blocks allocated in the dynamic memory region to a memory space of an adjacent one of the plurality of blocks using at least one of a plurality of markers inserted in the dynamic memory region in at least one boundary of each of the blocks of the subset; and
  
  outputting the at least one adjusted code file;
  
  wherein, in runtime, in case the write operation is detected, the memory integrity code segment causes the at least one processor to initiate at least one predefined action.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 2. The method of claim 1, wherein the at least one code file is a source code file adjusted prior to compilation by a compiler adapted to create at least one respective intermediate code file used for the generation of at least one respective executable code file for execution by the at least one processor.
  - 3. The method of claim 1, wherein the at least one code file is an intermediate code file generated by a compiler prior to the generation of at least one respective executable code file for execution by the at least one processor, the at least one intermediate code file is a member of a group consisting of:
    - an object file and an archive file.
  - 4. The method of claim 1, wherein the at least one code file is an executable file comprising machine code generated for execution by the at least one processor.
  - 5. The method of claim 1, wherein each of the plurality of routines is a member of a group consisting of:
    - a routine, a sub-routine and a function.
  - 6. The method of claim 1, wherein the at least one vulnerable routine is manually defined by at least one expert, the expert is a member of a group consisting of:
    - a developer, an operator and a user.
  - 7. The method of claim 1, wherein the at least one vulnerable routine is automatically defined based on the analysis of the at least one code file.
  - 8. The method of claim 1, wherein the write operation is detected by checking a data overrun in a memory location in which the at least one marker is inserted.
  - 9. The method of claim 1, wherein in case the at least one code file is an intermediate code file, the memory integrity code segment is added by adding a trampoline branch function which is invoked instead of the at least one vulnerable routine and configured to first invoke the at least one vulnerable routine followed by invocation of the memory integrity code segment after the at least one vulnerable routine completes execution.
  - 10. The method of claim 1, wherein in case the at least one code file is an intermediate code file, the memory integrity code segment is added by adding a branch instruction at the end of the at least one vulnerable routine to invoke the memory integrity code segment immediately after the at least one vulnerable routine completes execution.
  - 11. The method of claim 1, wherein in case the at least one code file is an executable code file, the memory integrity code segment is added by creating at least one dynamically preloaded library configured to include a replacement routine for the at least one vulnerable routine, the replacement routine is configured to first invoke the at least one vulnerable routine followed by invocation of the memory integrity code segment after the at least one vulnerable routine completes execution.
  - 12. The method of claim 1, wherein the memory integrity code segment is added to at least one memory management routine inherent to an operating system executed by the at least one processor.
  - 13. The method of claim 1, wherein the memory integrity code segment is further configured to invoke prior to invocation of the at least one vulnerable routine to detect a potential imminent write operation to be performed by the at least one vulnerable routine which exceeds from the memory space of at least one of the subset of most recently allocated blocks, the memory integrity code segment detects the exceeding write operation by analyzing an address range transferred to the at least one vulnerable routine for processing to determine whether the transferred address range crosses the at least one boundary.
  - 14. The method of claim 1, further comprising the subset includes all blocks allocated in the dynamic memory region.
  - 15. The method of claim 1, wherein context switches and interrupts are disabled upon invocation of the memory integrity code segment.
  - 16. The method of claim 1, wherein the memory integrity code segment identifies members of the subset of most recently allocated blocks by traversing at least one recent allocation list, each of the most recently allocated blocks is associated in the at least one recent allocation list with a pointer to the respective most recently allocated block, a respective one of the plurality of markers and a size of the respective most recently allocated block, wherein a maximum number of most recently allocated blocks listed in the at least one recent allocation list is predefined.
  - 17. The method of claim 16, wherein the memory integrity code segment detects the write operation by detecting that the value of the at least one marker inserted in the dynamic memory region in the at least one boundary of the most recently allocated block does not match the value of the at least one marker associated with the most recently allocated block in the at least one recent allocation list.
  - 18. The method of claim 16, wherein the at least one recent allocation list is maintained by at least one adjusted memory management routine of the plurality of routines configured to conduct at least one memory allocation operation which is a member of a group consisting of:
    - allocating a block in the dynamic memory region and releasing a block in the dynamic memory region, the at least one adjusted memory management routine is adjusted to invoke an allocation tracking code segment added to the at least one code file, the allocation tracking code segment is configured to;
      
      add a newly allocated block to the at least one recent allocation list upon allocation of the newly allocated block by;
      
      updating the at least one recent allocation list to add an entry for the newly allocated block, the added entry associates the newly allocated block with a respective unique marker, a pointer to the newly allocated block and a size of the newly allocated block, andinserting the respective unique marker in the at least one boundary of the newly allocated block; and
      
      remove an allocated block from the at least one recent allocation list by;
      
      validating the removed allocated block by determining whether an exceeding write operation occurred to the memory space of the removed allocated block by comparing between the unique marker inserted in the at least one boundary of the removed allocated block and the unique marker of the removed allocated block in the at least one recent allocation list, andremoving the entry mapping the removed allocated block from the at least one recent allocation list.
  - 19. The method of claim 18, wherein the allocation tracking code segment is further configured to insert the size of the newly allocated block in at least one boundary of the newly allocated block to serve as another one of the plurality of markers.
  - 20. The method of claim 18, wherein the respective unique marker is randomly selected for the allocated block upon the allocation.
  - 21. The method of claim 18, wherein in case an allocation of another newly allocated block is required while the at least one recent allocation list is full, the allocation tracking code segment removes a least recently allocated block from the at least one recent allocation list by:
    - validating the least recently allocated block, andremoving the entry mapping the least recently allocated block from the at least one recent allocation list.
  - 22. The method of claim 21, wherein the allocation tracking code segment is further configured to:
    - replace the respective unique marker located in the at least one boundary of the least recently allocated block with a global marker, the global marker is randomly selected during at least one of;
      
      every startup event of the at least one processor and every initiation of at least one process by the at least one processor, andinsert a size of the least recently allocated block in a top boundary of the least recently allocated block.
  - 23. The method of claim 21, wherein the allocation tracking code segment is further configured to validate each released allocated block which is not listed in the at least one recent allocation list by determining whether an exceeding write operation occurred to the memory space of the released allocated block based on verification of the global marker inserted in the at least one boundary of the released block, the allocation tracking code segment retrieves the global marker using the size of the released allocated block inserted in the top boundary of the released allocated block.
  - 24. The method of claim 18, wherein in case the at least one code file is an intermediate code file, the allocation tracking code segment is added by adding a trampoline branch function which is invoked instead of the at least one memory management routine and configured to invoke the allocation tracking code segment prior and following execution of the at least one memory management routine.
  - 25. The method of claim 18, wherein in case the at least one code file is an intermediate code file, the allocation tracking code segment is added by adding a branch instruction at the beginning and at the end of the at least one memory management routine to invoke the allocation tracking code segment at the start of and at the end of execution of the at least one memory management routine.
  - 26. The method of claim 18, wherein in case the at least one code file is an executable code file, the allocation tracking code segment is added by creating at least one dynamically preloaded library configured to include a replacement routine for the at least one memory management routine, the replacement routine is configured to invoke the allocation tracking code segment prior and following execution of the at least one memory management routine.
  - 27. The method of claim 1, wherein the memory integrity code segment is further configured to detect, upon execution completion of the at least one vulnerable routine, the write operation exceeding from a memory space of one of a subset of exploitation susceptible blocks of the plurality of blocks to a memory space of an adjacent one of the plurality of blocks using at least one of the plurality of markers, each of the subset of exploitation susceptible blocks was previously allocated in the dynamic memory for use by the at least one vulnerable routine.
  - 28. The method of claim 27, wherein the subset of exploitation susceptible blocks is listed in a susceptible blocks list, each of the exploitation susceptible blocks is associated in the susceptible blocks list with a pointer to the respective exploitation susceptible block, a respective one of the plurality of markers and a size of the respective exploitation susceptible block, wherein a maximum number of exploitation susceptible blocks listed in the susceptible blocks list is predefined.
  - 29. The method of claim 1, further comprising adjusting the at least one code file to invoke execution of the memory integrity code segment prior to invocation of at least one critical routine.
  - 30. The method of claim 1, wherein the at least one predefined action is a member of a group consisting of:
    - crashing execution of the at least one processor, halting execution of the at least one processor, causing the at least one processor to branch to a predefined address, preventing the at least one processor from executing at least one potentially malicious code instruction and generating an indication of an dynamic memory overrun.
  - 31. The method of claim 1, further comprising, in case the at least one code file is an intermediate code file, the at least one intermediate code file is adjusted to amend at least one of:
    - an instruction and a data element affected by the addition of the added code segments.
  - 32. The method of claim 1, further comprising, in case the at least one code file is an intermediate code file, the at least one intermediate code file is amended to update its symbol table to reflect inclusion of the added code segments and an increase to size of the adjusted routines.

33. A system for generating code files adjusted to apply dynamic memory protection, comprising:
- a program store storing a code; and
  
  at least one processor coupled to the program store for executing the stored code, the code comprising;
  
  code instructions to receive at least one code file comprising a plurality of routines, the at least one code file was created for execution by at least one processor using a dynamic memory region supporting run-time dynamic allocation of memory blocks;
  
  code instructions to adjust the at least one code file by;
  
  analyzing the at least one code file to identify at least one exploitation vulnerable routine of the plurality of routines, andadding a memory integrity code segment configured to detect, upon execution completion of the at least one vulnerable routine, a write operation exceeding from a memory space of at least one of a subset of most recently allocated blocks of a plurality of blocks allocated in the dynamic memory region to a memory space of an adjacent one of the plurality of blocks using at least one of a plurality of markers inserted in the dynamic memory region in at least one boundary of each of the blocks of the subset; and
  
  code instructions to output the at least one adjusted code file;
  
  wherein, in runtime, in case the write operation is detected, the memory integrity code segment causes the at least one processor to initiate at least one predefined action.

34. A computer program executable file generated from at least one code file adjusted to support dynamic memory protection, comprising:
- a non-transitory computer readable storage medium; and
  
  a plurality of program instructions each of a respective one of a plurality of routines of an executable file generated from at least one adjusted code file for execution by at least one processor using a dynamic memory region supporting run-time dynamic allocation of memory blocks, the at least one adjusted code file is adjusted to support dynamic memory protection by adding a memory integrity code segment configured to detect, upon execution completion of at least one exploitation vulnerable routine of the plurality of routines, a write operation exceeding from a memory space of at least one of a subset of most recently allocated blocks of a plurality of blocks allocated in the dynamic memory region to a memory space of an adjacent one of the plurality of blocks using at least one of a plurality of markers inserted in the dynamic memory region in at least one boundary of each of the blocks of the subset;
  
  wherein the plurality of program instructions are executed by the at least one processor from the non-transitory computer readable storage medium.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sternum Ltd.
Original Assignee
Sternum Ltd.
Inventors
TSHOUVA, Natali, Granot, Lian

Granted Patent

US 11,176,060 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 12/0238   Memory management in non-vo...

G06F 12/06   Addressing a physical block...

G06F 12/1425   the protection being physic...

G06F 21/52   during program execution, e...

G06F 21/54   by adding security routines...

G06F 21/563   by source code analysis

G06F 21/577   Assessing vulnerabilities a...

G06F 21/64   Protecting data integrity, ...

G06F 21/78   to assure secure storage of...

G06F 2212/1052   Security improvement

G06F 2221/033   Test or assess software

G06F 8/441   Register allocation; Assign...

G06F 9/5016   the resource being the memory

DYNAMIC MEMORY PROTECTION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

DYNAMIC MEMORY PROTECTION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links