Pointguard: method and system for protecting programs against pointer corruption attacks

US 8,631,248 B2
Filed: 10/31/2007
Issued: 01/14/2014
Est. Priority Date: 12/06/2001
Status: Active Grant

First Claim

Patent Images

1. A method of protecting an application computer program against pointer corruption attacks during execution outside of a special environment on a computer while employing a shared library, the application computer program implemented using a programming language, comprising:

in the library, responsive to a function call on the computer, exporting at least two versions of the called function, including a first version and a second version, wherein one of the first and second versions effects pointer protection by encrypting values of all data pointers within the called function each time the values of the data pointers are modified; and

decrypting the encrypted value of at least one pointer each time the pointer is read, so that all pointers within the one of the first and second versions of the called function are protected.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To protect computer programs against security attacks that attempt to corrupt pointers within the address space of the program, the value of a pointer is encrypted each time the pointer is initialized or modified, and then the value is decrypted before use, i.e., each time the pointer is read. Preferably, the encrypting and decrypting steps are effected by instructions generated by a compiler during compilation of the program. One convenient method of implementing the encrypting and decrypting steps is by XOR'"'"'ing the pointer with a predetermined encryption key value, which could be specially selected or selected at random.

36 Citations

View as Search Results

40 Claims

1. A method of protecting an application computer program against pointer corruption attacks during execution outside of a special environment on a computer while employing a shared library, the application computer program implemented using a programming language, comprising:
- in the library, responsive to a function call on the computer, exporting at least two versions of the called function, including a first version and a second version, wherein one of the first and second versions effects pointer protection by encrypting values of all data pointers within the called function each time the values of the data pointers are modified; and
  
  decrypting the encrypted value of at least one pointer each time the pointer is read, so that all pointers within the one of the first and second versions of the called function are protected.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 10, 11, 12)
- - 2. A method according to claim 1, wherein encrypting a value of a pointer includes XOR'"'"'ing the value of the pointer with an encryption key.
  - 3. A method according to claim 2, further comprising initializing the encryption key at program load time.
  - 4. A method according to claim 3, further comprising:
    - loading the computer program for execution;
      
      scanning code being dynamically linked by the program; and
      
      determining if all of the code being linked by the program uses encrypted pointers.
  - 5. A method according to claim 4, further comprising setting the encryption key value to a random value if all of the code being linked by the program uses encrypted pointers.
  - 6. A method according to claim 4, further comprising initializing the encryption key value to zero if at least one library being linked by the program does not use encrypted pointers.
  - 7. A method according to claim 2, further comprising initializing the encryption key at system boot time.
  - 10. A method according to claim 1, wherein exporting at least two versions of the called function includes exporting the at least two versions of the called function, including the first version and the second version, wherein the one of the first and second versions effects pointer protection by encrypting the value of the pointer within the called function each time the value of the pointer is modified;
    - and decrypting the encrypted value of the pointer each time the pointer is read, so that all pointers within the one of the first and second versions of the called function are protected, wherein the encrypting and decrypting are effected by instructions generated by a compiler during compilation of the at least two versions of the called function.
  - 11. A method according to claim 1, wherein exporting at least two versions of the called function includes exporting the at least two versions of the called function, including the first version and the second version, wherein the one of the first and second versions effects pointer protection by encrypting the value of a data pointer within the called function each time the value of the data pointer is modified;
    - and decrypting the encrypted value of the data pointer each time the data pointer is read, so that all data pointers within the one of the first and second versions of the called function are protected.
  - 12. A method according to claim 1, wherein exporting at least two versions of the called function includes exporting the at least two versions of the called function, including the first version and the second version, wherein one of the first and second versions effects pointer protection by encrypting the value of the pointer within the called function each time the value of the pointer is modified;
    - and decrypting the encrypted value of the pointer each time the pointer is read, so that all pointers within the one of the first and second versions of the called function are protected, without requiring access to a source code of the called function.

8. A non-transitory computer readable storage medium containing computer program instructions which when executed cause the performance of a method of protecting a computer program against pointer corruption attacks during execution outside of a special environment on a computer while employing a shared library, the computer program implemented using a programming language, the method comprising:
- exporting, in response to a function call on the computer, at least two versions of the called function, including a first version and a second version, wherein one of the first and second versions effects pointer protection by encrypting values of all data pointers within the called function each time the values of the data pointers are modified; and
  
  decrypting the encrypted value of at least one pointer each time the pointer is read, so that all pointers within the one of the first and second versions of the called function are protected.
- View Dependent Claims (9, 13)
- - 9. A medium according to claim 8, wherein the computer program is linked to the shared library, wherein the encrypted pointers are effected by instructions generated by a compiler during compilation of the at least one of the computer program and the shared library.
  - 13. A medium according to claim 8, wherein at least one of the program and the shared library includes un-encrypted pointers, and at least one of the program and the shared library includes encrypted pointers, without requiring access to a source code of the called function.

14. A system for protecting an application computer program against pointer corruption attacks during execution outside of a special environment on a computer while employing a shared library, the application computer program implemented using a programming language, comprising:
- a computer;
  
  in the library, responsive to a function call on the computer, the computer executes code within the library to cause the library to export at least two versions of the called function, including a first version and a second version, wherein one of the first and second versions effects pointer protection by encrypting values of all data pointers within the called function each time the values of the data pointers are modified; and
  
  decrypting the encrypted value of at least one data pointer each time the pointer is read, so that all pointers within the one of the first and second versions of the called function are protected.
- View Dependent Claims (15, 16, 17, 18)
- - 15. A system according to claim 14, wherein the computer is further programmed to initialize the encryption key at program load time.
  - 16. A system according to claim 15, wherein the computer is further programmed to:
    - load the computer program for execution;
      
      scan code being dynamically linked by the program; and
      
      determine if all of the code being linked by the program uses encrypted pointers.
  - 17. A system according to claim 14, wherein the computer is further programmed to initialize the encryption key at system boot time.
  - 18. A system according to claim 14, wherein exporting at least two versions of the called function includes exporting the first version and the second version, wherein the one of the first and second versions effects pointer protection by encrypting all values of the pointers within the called function each time the values of the pointers are modified;
    - and decrypting the encrypted value of a pointer each time the pointer is read, so that all pointers within the one of the first and second versions of the called function are protected, wherein the encrypting and decrypting are effected by instructions generated by a compiler during compilation of the at least two versions of the called function.

19. A system for protecting a computer program against pointer corruption attacks during execution outside of a special environment while employing a shared library, the computer program implemented using a programming language, comprising:
- a computer, configured to run the computer program being protected against pointer corruption attacks;
  
  a non-transitory computer readable storage medium containing computer program instructions which, when executed, configure the computer to perform a method comprising;
  
  exporting, in response to a function call on the computer, at least two versions of the called function, including a first version and a second version, wherein one of the first and second versions effects pointer protection by encrypting values of all data pointers within the called function each time the values of the data pointers are modified; and
  
  decrypting the encrypted value of at least one pointer each time the pointer is read, so that all pointers within the one of the first and second versions of the called function are protected.
- View Dependent Claims (20)
- - 20. A system according to claim 19, wherein the encrypted pointers are effected by instructions generated by a compiler during compilation of the at least one of the computer program and the shared library.

21. A method of protecting an application computer program against reference to memory address corruption attacks during execution outside of a special environment on a computer while employing a shared library, the application computer program implemented using a programming language, comprising:
- in the library, responsive to a function call on the computer, exporting at least two versions of the called function, including a first version and a second version, wherein one of the first and second versions effects reference to memory address protection by encrypting values of all data references to memory addresses within the called function each time the values of the data references to memory addresses are modified; and
  
  decrypting the encrypted value of at least one reference to a memory address each time the reference to the memory address is read, so that all references to memory addresses within the one of the first and second versions of the called function are protected.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 30, 31, 32)
- - 22. A method according to claim 21, wherein encrypting a value of a reference to a memory address includes XOR'"'"'ing the value of the reference to the memory address with an encryption key.
  - 23. A method according to claim 22, further comprising initializing the encryption key at program load time.
  - 24. A method according to claim 23, further comprising:
    - loading the computer program for execution;
      
      scanning code being dynamically linked by the program; and
      
      determining if all of the code being linked by the program uses encrypted references to memory addresses.
  - 25. A method according to claim 24, further comprising setting the encryption key value to a random value if all of the code being linked by the program uses encrypted references to memory addresses.
  - 26. A method according to claim 24, further comprising initializing the encryption key value to zero if at least one library being linked by the program does not use encrypted references to memory addresses.
  - 27. A method according to claim 22, further comprising initializing the encryption key at system boot time.
  - 30. A method according to claim 21, wherein exporting at least two versions of the called function includes exporting the at least two versions of the called function, including the first version and the second version, wherein the one of the first and second versions effects reference to memory address protection by encrypting the value of the reference to the memory address within the called function each time the value of the reference to the memory address is modified;
    - and decrypting the encrypted value of the reference to the memory address each time the reference to the memory address is read, so that all references to memory addresses within the one of the first and second versions of the called function are protected, wherein the encrypting and decrypting are effected by instructions generated by a compiler during compilation of the at least two versions of the called function.
  - 31. A method according to claim 21, wherein exporting at least two versions of the called function includes exporting the at least two versions of the called function, including the first version and the second version, wherein the one of the first and second versions effects reference to memory address protection by encrypting the value of a data reference to a memory address within the called function each time the value of the data reference to the memory address is modified;
    - and decrypting the encrypted value of the data reference to the memory address each time the data reference to the memory address is read, so that all data references to memory addresses within the one of the first and second versions of the called function are protected.
  - 32. A method according to claim 21, wherein exporting at least two versions of the called function includes exporting the at least two versions of the called function, including the first version and the second version, wherein one of the first and second versions effects reference to memory address protection by encrypting the value of the reference to the memory address within the called function each time the value of the reference to the memory address is modified;
    - and decrypting the encrypted value of the reference to the memory address each time the reference to the memory address is read, so that all references to memory addresses within the one of the first and second versions of the called function are protected, without requiring access to a source code of the called function.

28. A non-transitory computer readable storage medium containing computer program instructions which when executed cause the performance of a method of protecting a computer program against reference to memory address corruption attacks during execution outside of a special environment on a computer while employing a shared library, the computer program implemented using a programming language, the method comprising:
- exporting, in response to a function call on the computer, at least two versions of the called function, including a first version and a second version, wherein one of the first and second versions effects reference to memory address protection by encrypting values of all data references to memory addresses within the called function each time the values of the data references to memory addresses are modified; and
  
  decrypting the encrypted value of at least one reference to a memory address each time the reference to the memory address is read, so that all references to memory addresses within the one of the first and second versions of the called function are protected.
- View Dependent Claims (29, 33)
- - 29. A medium according to claim 28, wherein the computer program is linked to the shared library, wherein the encrypted references to memory addresses are effected by instructions generated by a compiler during compilation of the at least one of the computer program and the shared library.
  - 33. A medium according to claim 28, wherein at least one of the program and the shared library includes un-encrypted references to memory addresses, and at least one of the program and the shared library includes encrypted references to memory addresses, without requiring access to a source code of the called function.

34. A system for protecting an application computer program against reference to memory address corruption attacks during execution outside of a special environment on a computer while employing a shared library, the application computer program implemented using a programming language, comprising:
- a computer;
  
  in the library, responsive to a function call on the computer, the computer executes code within the library to cause the library to export at least two versions of the called function, including a first version and a second version, wherein one of the first and second versions effects reference to memory address protection by encrypting values of all data references to memory addresses within the called function each time the values of the data references to memory addresses are modified; and
  
  decrypting the encrypted value of at least one data reference to a memory address each time the reference to the memory address is read, so that all references to memory addresses within the one of the first and second versions of the called function are protected.
- View Dependent Claims (35, 36, 37, 38)
- - 35. A system according to claim 34, wherein the computer is further programmed to initialize the encryption key at program load time.
  - 36. A system according to claim 35, wherein the computer is further programmed to:
    - load the computer program for execution;
      
      scan code being dynamically linked by the program; and
      
      determine if all of the code being linked by the program uses encrypted references to memory addresses.
  - 37. A system according to claim 34, wherein the computer is further programmed to initialize the encryption key at system boot time.
  - 38. A system according to claim 34, wherein exporting at least two versions of the called function includes exporting the first version and the second version, wherein the one of the first and second versions effects reference to memory address protection by encrypting all values of the references to memory addresses within the called function each time the values of the references to memory addresses are modified;
    - and decrypting the encrypted value of a reference to a memory address each time the reference to the memory address is read, so that all references to memory addresses within the one of the first and second versions of the called function are protected, wherein the encrypting and decrypting are effected by instructions generated by a compiler during compilation of the at least two versions of the called function.

39. A system for protecting a computer program against reference to memory address corruption attacks during execution outside of a special environment while employing a shared library, the computer program implemented using a programming language, comprising:
- a computer, configured to run the computer program being protected against reference to memory address corruption attacks;
  
  a non-transitory computer readable storage medium containing computer program instructions which, when executed, configure the computer to perform a method comprising;
  
  exporting, in response to a function call on the computer, at least two versions of the called function, including a first version and a second version, wherein one of the first and second versions effects reference to memory address protection by encrypting values of all data references to memory addresses within the called function each time the values of the data references to memory addresses are modified; and
  
  decrypting the encrypted value of at least one reference to a memory address each time the reference to the memory address is read, so that all references to memory addresses within the one of the first and second versions of the called function are protected.
- View Dependent Claims (40)
- - 40. A system according to claim 39, wherein the encrypted references to memory addresses are effected by instructions generated by a compiler during compilation of the at least one of the computer program and the shared library.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Cowan, Stanley Crispin, Beattie, Steven Michael, Wagle, Perry Michael, Arnold, Seth Richard
Primary Examiner(s)
Simitoski, Michael
Assistant Examiner(s)
Shayanfar, Ali

Application Number

US11/932,517
Publication Number

US 20080060077A1
Time in Patent Office

2,267 Days
Field of Search

713/190, 711/163, 711/164
US Class Current

713/190
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/125   by manipulating the program...

G06F 21/52   during program execution, e...

G06F 9/4486   Formation of subprogram jum...

Pointguard: method and system for protecting programs against pointer corruption attacks

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

36 Citations

40 Claims

Specification

Use Cases

Quick Links

Others

Pointguard: method and system for protecting programs against pointer corruption attacks

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

40 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others