Architectural support for software-based protection
First Claim
Patent Images
1. A method of enforcing control-flow integrity (CFI) of a software program operating in conjunction with a microprocessor and associated with a control flow graph (CFG), comprising:
- identifying indirect branches in the software program, and destinations of the indirect branches;
constraining the destinations to a set of targets within the CFG;
annotating each target of each indirect branch with a label; and
for each indirect branch, using a microarchitecture that comprises a CFI integer register that stores information about a checked jump instruction to determine if the destination contains the label, to determine that the indirect branch is valid if the label is present, and to otherwise trigger an exception;
extending an instruction set architecture (ISA) with at least one instruction to embed a label within the software program code at the destination of a branch,wherein the at least one instruction in the ISA is used to embed an immediate label value in the program code,comparing the immediate label value with the contents of the CFI integer register, and resetting the CFI register if the immediate label value equals the contents of the CFI integer register.
2 Assignments
0 Petitions
Accused Products
Abstract
Instruction set architecture (ISA) extension support is described for control-flow integrity (CFI) and for XFI memory protection. ISA replaces CFI guard code with single instructions. ISA support is provided for XFI in the form of bounds-check instructions. Compared to software guards, hardware support for CFI and XFI increases the efficiency and simplicity of enforcement. In addition, the semantics for CFI instructions allows more precise static control-flow graph encodings than were possible with a prior software CFI implementation.
-
Citations
5 Claims
-
1. A method of enforcing control-flow integrity (CFI) of a software program operating in conjunction with a microprocessor and associated with a control flow graph (CFG), comprising:
-
identifying indirect branches in the software program, and destinations of the indirect branches; constraining the destinations to a set of targets within the CFG; annotating each target of each indirect branch with a label; and for each indirect branch, using a microarchitecture that comprises a CFI integer register that stores information about a checked jump instruction to determine if the destination contains the label, to determine that the indirect branch is valid if the label is present, and to otherwise trigger an exception; extending an instruction set architecture (ISA) with at least one instruction to embed a label within the software program code at the destination of a branch, wherein the at least one instruction in the ISA is used to embed an immediate label value in the program code, comparing the immediate label value with the contents of the CFI integer register, and resetting the CFI register if the immediate label value equals the contents of the CFI integer register. - View Dependent Claims (2, 3, 4, 5)
-
Specification