Secure execution of a computer program
First Claim
1. A method for securing a computing system having a processor, the method comprising:
- analyzing control transfers of a program as the program executes on said computing system, said program comprising instructions, each of the instructions being machine code of the processor, and said control transfers each caused by execution of corresponding control transfer instructions, the control transfer instructions causing a break in sequential flow of program execution, thereby determining a next instruction of the program to execute, said analyzing of the control transfers being performed prior to the execution of the control transfer instructions; and
ensuring that each said control transfer complies with a security policy, said security policy comprising a set of rules against which each of the control transfers is separately evaluated during the analyzing, the ensuring comprising announcing or handling a security violation when the control transfer does not comply with the security policy.
4 Assignments
0 Petitions
Accused Products
Abstract
Hijacking of an application is prevented by monitoring control flow transfers during program execution in order to enforce a security policy. At least three basic techniques are used. The first technique, Restricted Code Origins (RCO), can restrict execution privileges on the basis of the origins of instruction executed. This distinction can ensure that malicious code masquerading as data is never executed, thwarting a large class of security attacks. The second technique, Restricted Control Transfers (RCT), can restrict control transfers based on instruction type, source, and target. The third technique, Un-Circumventable Sandboxing (UCS), guarantees that sandboxing checks around any program operation will never be bypassed.
-
Citations
53 Claims
-
1. A method for securing a computing system having a processor, the method comprising:
-
analyzing control transfers of a program as the program executes on said computing system, said program comprising instructions, each of the instructions being machine code of the processor, and said control transfers each caused by execution of corresponding control transfer instructions, the control transfer instructions causing a break in sequential flow of program execution, thereby determining a next instruction of the program to execute, said analyzing of the control transfers being performed prior to the execution of the control transfer instructions; and ensuring that each said control transfer complies with a security policy, said security policy comprising a set of rules against which each of the control transfers is separately evaluated during the analyzing, the ensuring comprising announcing or handling a security violation when the control transfer does not comply with the security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 28, 29, 30, 31, 32, 33, 34, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
-
-
15. A method for securing a computing system having a processor, the method comprising:
-
accessing a set of rules for transferring control of a program on said computing system; analyzing control transfers of said program as the program executes on said computing system, said program comprising instructions, each of the instructions being a member of an instruction set of the processor, and said control transfers each caused by execution of corresponding control transfer instructions, the transfer instruction causing a break in sequential flow of program execution, thereby determining a next instruction of the program to execute, said analyzing of the control transfers being performed prior to the execution of the control transfer instruction; and enforcing said rules for said control transfers for said program, said enforcing comprising; evaluating, during the analyzing, each of the control transfers against the rules; and announcing or handling a security violation instead of a target of the control transfer instruction when the control transfer instruction does not comply with the rules. - View Dependent Claims (16, 17, 18, 19, 20, 35, 36, 37, 38, 39, 40, 41, 53)
-
-
21. One or more processor readable storage devices having processor readable code embodied on said storage devices, said processor readable code for programming one or more processors to perform a method comprising:
-
analyzing control transfers of a program as said program executes on a computing system, said program comprising instructions, each instruction is native code of the one or more processors, said control transfers each being caused by execution of corresponding control transfer instructions causing a break in sequential flow of program execution, thereby determining a next instruction of the program to execute, said analyzing of the control transfers being performed prior to the execution of the control transfer instructions; and ensuring that each said control transfer complies with a security policy, said security policy comprising a set of rules against which each of the control transfers is separately evaluated as part of the analyzing, the ensuring comprising announcing or handling a security violation when the control transfer instruction does not comply with the security policy. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
Specification