Method and apparatus for securing indirect function calls by using program counter encoding

US 8,583,939 B2
Filed: 12/16/2010
Issued: 11/12/2013
Est. Priority Date: 07/12/2010
Status: Active Grant

First Claim

Patent Images

1. A method for protecting against manipulation of a code pointer to a library function to be called by a program, the method performed by an apparatus comprising a memory onto which the program is loaded and a processor by which the program is executed, the method comprising:

inserting, by a static linker, a sequence of instructions for decoding an address of the library function into a PLT (Procedure Linkage Table) entry;

storing, by a dynamic linker, an encoded address of the library function into a GOT (Global Offset Table) entry; and

decoding, by the sequence of instructions for decoding inserted in the PLT entry, the encoded address of the library function stored in the GOT entry, when the address of the library function is loaded into the PC (program counter) register of the processor;

wherein the address of the library function is encoded with one or more encoding keys which is generated after the program is loaded onto the memory.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securing indirect function calls by using program counter encoding is provided. The method includes inserting a decoding code for an address of a library function stored in a GOT (Global Offset Table) entry into a PLT (Procedure Linkage Table) entry when an object file is built; generating an encoding key corresponding to the decoding code; and encoding the GOT entry corresponding to the library function by using the encoding key when program execution begins.

38 Citations

View as Search Results

13 Claims

1. A method for protecting against manipulation of a code pointer to a library function to be called by a program, the method performed by an apparatus comprising a memory onto which the program is loaded and a processor by which the program is executed, the method comprising:
- inserting, by a static linker, a sequence of instructions for decoding an address of the library function into a PLT (Procedure Linkage Table) entry;
  
  storing, by a dynamic linker, an encoded address of the library function into a GOT (Global Offset Table) entry; and
  
  decoding, by the sequence of instructions for decoding inserted in the PLT entry, the encoded address of the library function stored in the GOT entry, when the address of the library function is loaded into the PC (program counter) register of the processor;
  
  wherein the address of the library function is encoded with one or more encoding keys which is generated after the program is loaded onto the memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the process of inserting the decoding instructions into the PLT entry includes:
    - generating an executable file of the program by linking object file of the program;
      
      determining the PLT entry corresponding to a library function call in the program; and
      
      inserting a stub function for transferring the control flow of the program to the library function into the PLT entry.
  - 3. The method of claim 1, wherein the GOT entry represents a code pointer for storing the address of the library function, and the decoding instructions decode the value stored in the code pointer.
  - 4. The method of claim 1, further comprising:
    - generating the one or more encoding keys; and
      
      encoding the address in the GOT entry corresponding to the address of the library function by using the one or more encoding keys.
  - 5. The method of claim 1, wherein the process of storing the encoded address of the library function into the GOT entry is performed only when the library function is called for the first time and is not performed when the library function is re-called.
  - 6. The method of claim 1, wherein the process of storing the encoded address of the library function into the GOT entry encodes the address initially stored in the GOT entry when the program is loaded onto the memory.
  - 7. The method of claim 1, wherein the process of storing the encoded address of the library function into the GOT entry is performed when the program is executed, regardless of execution of the library function call.
  - 8. The method of claim 1, wherein the process of storing the encoded address of the library function into the GOT entry is performed by the dynamic linker which encoding the address of the library function plural times using plural encoding keys.

9. An apparatus comprising a memory that a program is loaded onto and a processor which executes the program and a method for protecting against manipulation of a code pointer to a library function to be called by the program, the method comprising:
- inserting, by a static linker, a sequence of instructions for decoding an address of the library function into a PLT (Procedure Linkage Table) entry;
  
  storing, by a dynamic linker, an encoded address of the library function into a GOT (Global Offset Table) entry; and
  
  decoding, by the sequence of instructions for decoding inserted in the PLT entry, the encoded address of the library function stored in the GOT entry, when the address of the library function is loaded into the PC (program counter) register of the processor;
  
  wherein the address of the library function is encoded with one or more encoding keys which is generated after the program is loaded onto the memory.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The apparatus of claim 9, wherein the execution of the program is terminated when the decoded address of the library function is a wrong address of the library function.
  - 11. The apparatus of claim 10, wherein an abnormal call of the library function is notified when the library function is wrong.
  - 12. The apparatus of claim 9, wherein the dynamic linker encodes the address of the library function plural times using plural encoding keys.
  - 13. The apparatus of claim 9, wherein the one or more encoding keys are generated for each library function or a group of library functions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zeus SW Defender, LLC
Original Assignee
Hongik University Industry-Academic Cooperation Foundation, Korea University Research and Business Foundation
Inventors
Lee, Gyungho, Pyo, Chang Woo
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US12/969,688
Publication Number

US 20120011371A1
Time in Patent Office

1,062 Days
Field of Search

726/26, 713/190
US Class Current

713/190
CPC Class Codes

G06F 21/54 by adding security routines...

G06F 9/4486 Formation of subprogram jum...

Method and apparatus for securing indirect function calls by using program counter encoding

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

13 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for securing indirect function calls by using program counter encoding

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

13 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others