Secure pointers

US 20040193814A1
Filed: 03/27/2003
Published: 09/30/2004
Est. Priority Date: 03/27/2003
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

mapping a pointer to a target indirectly via a pointer map.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, apparatus, system, and signal-bearing medium that in an embodiment map a pointer to a target indirectly via a pointer map. In an embodiment, the pointer map is stored in a reserved area and an entry for the pointer in the pointer map includes a back-pointer containing an address of the pointer and a target-address containing the address of the target. When the pointer is accessed, the pointer is checked to ensure its contents point at the entry in the pointer map in the reserved area and that the back-pointer in the pointer map entry points back at the pointer. In this way, pointers are protected from being modified illegitimately.

334 Citations

26 Claims

1. A method comprising:
- mapping a pointer to a target indirectly via a pointer map.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the pointer points at an entry in the pointer map, the entry points at the target, and the entry points back at the pointer.
  - 3. The method of claim 2, wherein the mapping further comprises:
    - receiving an address of the pointer;
      
      finding the entry based on contents located at the address of the pointer; and
      
      verifying that the entry points back at the pointer.
  - 4. The method of claim 2, wherein the mapping further comprises:
    - verifying that the entry is located within a reserved address range.
  - 5. The method of claim 2, wherein the mapping further comprises:
    - receiving an address of the target; and
      
      storing the address of the target in a target-pointer field in the entry.
  - 6. The method of claim 2, wherein the mapping further comprises:
    - receiving an address of the pointer; and
      
      storing the address of the pointer in a back-pointer field in the entry.
  - 7. The method of claim 2, wherein the mapping further comprises:
    - receiving an address of the pointer; and
      
      storing an address of the entry at a location indicated by the address of the pointer.

8. An apparatus comprising:
- means for storing a target-address in an entry of a pointer-map;
  
  means for storing a pointer-address in the entry of the pointer-map; and
  
  means for storing an address of the entry in a location indicated by the pointer-address.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The apparatus of claim 8, further comprising:
    - means for storing control information in the entry of the pointer-map.
  - 10. The apparatus of claim 9, wherein the control information is selected from a group consisting of:
    - a context, a process, a local/global scope, and a profile.
  - 11. The apparatus of claim 9, further comprising:
    - means for verifying that a process associated with the pointer-address has attributes that satisfy the control information.
  - 12. The apparatus of claim 8, further comprising:
    - means for determining whether a pointer is valid based on the pointer-address.

13. A signal-bearing medium encoded with instructions, wherein the instructions when executed comprise:
- receiving a pointer-address and a target-address;
  
  determining whether a pointer has a valid entry in a pointer map based on the pointer-address;
  
  when the valid entry does not exist, creating a new entry in the pointer map for the pointer; and
  
  storing the target-address in the new entry.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The signal-bearing medium of claim 13, wherein the instructions further comprise:
    - storing the pointer-address in the new entry.
  - 15. The signal-bearing medium of claim 13, wherein the instructions further comprise:
    - storing control information in the new entry.
  - 16. The signal-bearing medium of claim 15, wherein the control information is selected from a group consisting of:
    - context, process, local/global scope, and profile.
  - 17. The signal-bearing medium of claim 13, wherein the determining further comprises:
    - verifying whether content at the pointer-address comprises an address within a reserved range.

18. A signal-bearing medium encoded with a data structure accessed by a controller that is to be executed by a processor, wherein the data structure comprises at least one entry, wherein the entry comprises:
- a back-pointer, wherein the controller is to set an address of a pointer in the back-pointer; and
  
  a target-address, wherein the controller is to set an address of a target of the pointer in the target-address.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The signal-bearing medium of claim 18, where the at least one entry further comprises:
    - control information, wherein the pointer controller is further to set the control information.
  - 20. The signal-bearing medium of claim 18, wherein the controller is further to:
    - store an address of the entry at a location indicated by the address of the pointer.
  - 21. The signal-bearing medium of claim 18, wherein the controller is further to:
    - receive the address of the pointer; and
      
      determine whether the entry is valid based on content at a location indicated by the address of the pointer.
  - 22. The signal-bearing medium of claim 18, wherein the controller is further to:
    - receive the address of the pointer;
      
      find the entry based on the address of the pointer;
      
      find the address of the target based on the entry; and
      
      return the address of the target.

23. An electronic device comprising:
- a processor; and
  
  a storage device encoded with instructions, wherein the instructions when executed on the processor comprise;
  
  receiving a pointer-address and a target-address, determining whether a pointer has an entry that is valid in a pointer map based on the pointer-address, when the pointer has the entry that is valid, storing the target-address in the valid entry.
- View Dependent Claims (24, 25, 26)
- - 24. The electronic device of claim 23, wherein the instructions further comprise:
    - storing the pointer-address in the valid entry.
  - 25. The electronic device of claim 23, wherein the determining further comprises:
    - verifying whether content at the pointer-address comprises an address of the entry within a reserved range.
  - 26. The electronic device of claim 23, wherein the determining further comprises:
    - verifying whether a back-pointer in the entry points at the pointer-address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
McCarthy, Patrick J., Erickson, Kevin J., Plaetzer, Scott A., Kirkman, Richard K.

Granted Patent

US 7,181,580 B2
Time in Patent Office

Days
Field of Search
US Class Current

711/156
CPC Class Codes

G06F 12/1458   by checking the subject acc...

G06F 21/52   during program execution, e...

G06F 2221/2105   Dual mode as a secondary as...

Secure pointers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

334 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

Secure pointers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

334 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others