Pointguard: method and system for protecting programs against pointer corruption attacks
First Claim
1. A method of protecting an application computer program against pointer corruption attacks during execution outside of a special environment on a computer while employing a shared library, the application computer program implemented using a programming language, comprising:
- in the library, responsive to a function call on the computer, exporting at least two versions of the called function, including a first version and a second version, wherein one of the first and second versions effects pointer protection by encrypting values of all data pointers within the called function each time the values of the data pointers are modified; and
decrypting the encrypted value of at least one pointer each time the pointer is read, so that all pointers within the one of the first and second versions of the called function are protected.
7 Assignments
0 Petitions
Accused Products
Abstract
To protect computer programs against security attacks that attempt to corrupt pointers within the address space of the program, the value of a pointer is encrypted each time the pointer is initialized or modified, and then the value is decrypted before use, i.e., each time the pointer is read. Preferably, the encrypting and decrypting steps are effected by instructions generated by a compiler during compilation of the program. One convenient method of implementing the encrypting and decrypting steps is by XOR'"'"'ing the pointer with a predetermined encryption key value, which could be specially selected or selected at random.
36 Citations
40 Claims
-
1. A method of protecting an application computer program against pointer corruption attacks during execution outside of a special environment on a computer while employing a shared library, the application computer program implemented using a programming language, comprising:
-
in the library, responsive to a function call on the computer, exporting at least two versions of the called function, including a first version and a second version, wherein one of the first and second versions effects pointer protection by encrypting values of all data pointers within the called function each time the values of the data pointers are modified; and decrypting the encrypted value of at least one pointer each time the pointer is read, so that all pointers within the one of the first and second versions of the called function are protected. - View Dependent Claims (2, 3, 4, 5, 6, 7, 10, 11, 12)
-
-
8. A non-transitory computer readable storage medium containing computer program instructions which when executed cause the performance of a method of protecting a computer program against pointer corruption attacks during execution outside of a special environment on a computer while employing a shared library, the computer program implemented using a programming language, the method comprising:
-
exporting, in response to a function call on the computer, at least two versions of the called function, including a first version and a second version, wherein one of the first and second versions effects pointer protection by encrypting values of all data pointers within the called function each time the values of the data pointers are modified; and decrypting the encrypted value of at least one pointer each time the pointer is read, so that all pointers within the one of the first and second versions of the called function are protected. - View Dependent Claims (9, 13)
-
-
14. A system for protecting an application computer program against pointer corruption attacks during execution outside of a special environment on a computer while employing a shared library, the application computer program implemented using a programming language, comprising:
-
a computer; in the library, responsive to a function call on the computer, the computer executes code within the library to cause the library to export at least two versions of the called function, including a first version and a second version, wherein one of the first and second versions effects pointer protection by encrypting values of all data pointers within the called function each time the values of the data pointers are modified; and
decrypting the encrypted value of at least one data pointer each time the pointer is read, so that all pointers within the one of the first and second versions of the called function are protected. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A system for protecting a computer program against pointer corruption attacks during execution outside of a special environment while employing a shared library, the computer program implemented using a programming language, comprising:
-
a computer, configured to run the computer program being protected against pointer corruption attacks; a non-transitory computer readable storage medium containing computer program instructions which, when executed, configure the computer to perform a method comprising; exporting, in response to a function call on the computer, at least two versions of the called function, including a first version and a second version, wherein one of the first and second versions effects pointer protection by encrypting values of all data pointers within the called function each time the values of the data pointers are modified; and decrypting the encrypted value of at least one pointer each time the pointer is read, so that all pointers within the one of the first and second versions of the called function are protected. - View Dependent Claims (20)
-
-
21. A method of protecting an application computer program against reference to memory address corruption attacks during execution outside of a special environment on a computer while employing a shared library, the application computer program implemented using a programming language, comprising:
-
in the library, responsive to a function call on the computer, exporting at least two versions of the called function, including a first version and a second version, wherein one of the first and second versions effects reference to memory address protection by encrypting values of all data references to memory addresses within the called function each time the values of the data references to memory addresses are modified; and decrypting the encrypted value of at least one reference to a memory address each time the reference to the memory address is read, so that all references to memory addresses within the one of the first and second versions of the called function are protected. - View Dependent Claims (22, 23, 24, 25, 26, 27, 30, 31, 32)
-
-
28. A non-transitory computer readable storage medium containing computer program instructions which when executed cause the performance of a method of protecting a computer program against reference to memory address corruption attacks during execution outside of a special environment on a computer while employing a shared library, the computer program implemented using a programming language, the method comprising:
-
exporting, in response to a function call on the computer, at least two versions of the called function, including a first version and a second version, wherein one of the first and second versions effects reference to memory address protection by encrypting values of all data references to memory addresses within the called function each time the values of the data references to memory addresses are modified; and decrypting the encrypted value of at least one reference to a memory address each time the reference to the memory address is read, so that all references to memory addresses within the one of the first and second versions of the called function are protected. - View Dependent Claims (29, 33)
-
-
34. A system for protecting an application computer program against reference to memory address corruption attacks during execution outside of a special environment on a computer while employing a shared library, the application computer program implemented using a programming language, comprising:
-
a computer; in the library, responsive to a function call on the computer, the computer executes code within the library to cause the library to export at least two versions of the called function, including a first version and a second version, wherein one of the first and second versions effects reference to memory address protection by encrypting values of all data references to memory addresses within the called function each time the values of the data references to memory addresses are modified; and
decrypting the encrypted value of at least one data reference to a memory address each time the reference to the memory address is read, so that all references to memory addresses within the one of the first and second versions of the called function are protected. - View Dependent Claims (35, 36, 37, 38)
-
-
39. A system for protecting a computer program against reference to memory address corruption attacks during execution outside of a special environment while employing a shared library, the computer program implemented using a programming language, comprising:
-
a computer, configured to run the computer program being protected against reference to memory address corruption attacks; a non-transitory computer readable storage medium containing computer program instructions which, when executed, configure the computer to perform a method comprising; exporting, in response to a function call on the computer, at least two versions of the called function, including a first version and a second version, wherein one of the first and second versions effects reference to memory address protection by encrypting values of all data references to memory addresses within the called function each time the values of the data references to memory addresses are modified; and decrypting the encrypted value of at least one reference to a memory address each time the reference to the memory address is read, so that all references to memory addresses within the one of the first and second versions of the called function are protected. - View Dependent Claims (40)
-
Specification