Creating stack position dependent cryptographic return address to mitigate return oriented programming attacks

US 9,514,285 B2
Filed: 09/26/2014
Issued: 12/06/2016
Est. Priority Date: 09/26/2014
Status: Active Grant

First Claim

Patent Images

1. A computing device to secure return addresses to mitigate return oriented programming attacks, the computing device comprising:

a processor comprising call logic,wherein, prior to storage of a return address on a call stack, the call logic is to;

read a secret key from a memory location of the computing device that is readable by the processor;

determine a stack position identifier, the stack position identifier usable to determine a location on the call stack at which the return address is to be stored;

generate security data indicative of the return address by execution of a cryptographic algorithm such that the security data is based on both of;

(i) the secret key and (ii) the stack position identifier;

modify the return address indicated in the security data to reference a non-canonical location in memory; and

store the security data in a memory location that is readable by the processor.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing device includes technologies for securing return addresses that are used by a processor to control the flow of execution of a program. The computing device uses a cryptographic algorithm to provide security for a return address in a manner that binds the return address to a location in a stack.

18 Citations

View as Search Results

23 Claims

1. A computing device to secure return addresses to mitigate return oriented programming attacks, the computing device comprising:
- a processor comprising call logic,wherein, prior to storage of a return address on a call stack, the call logic is to;
  
  read a secret key from a memory location of the computing device that is readable by the processor;
  
  determine a stack position identifier, the stack position identifier usable to determine a location on the call stack at which the return address is to be stored;
  
  generate security data indicative of the return address by execution of a cryptographic algorithm such that the security data is based on both of;
  
  (i) the secret key and (ii) the stack position identifier;
  
  modify the return address indicated in the security data to reference a non-canonical location in memory; and
  
  store the security data in a memory location that is readable by the processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The computing device of claim 1, wherein the stack position identifier comprises one of:
    - a stack pointer indicative of the top of the stack, an instruction pointer indicative of a memory address of a currently executing instruction, a page identifier representative of a range of memory addresses including the address, and a tracking counter indicative of one or more of;
      
      a number of calls executed by the call logic and a number of returns executed by the return logic.
  - 3. The computing device of claim 1, wherein the processor is further to:
    - determine whether the computing device is to enter a sleep mode;
      
      transmit, in response to the determination that the computing device is to enter a sleep mode, the secret key to a remote device; and
      
      restore the secret key from the remote device after the sleep mode has ended.
  - 4. The computing device of claim 1, wherein the call logic is to:
    - compute the security data by execution of a message authentication code algorithm, such that the security data comprises a message authentication code; and
      
      store the security data in address bits that are within an unused range of memory addresses.
  - 5. The computing device of claim 4, wherein the processor comprises return logic and wherein, prior to return of program execution control to a return address on the call stack, the return logic is to:
    - obtain the message authentication code from the unusable memory location;
      
      obtain a current return address from the top of the call stack;
      
      compute second security data by execution of the message authentication code algorithm with (i) the secret key and (ii) the stack position identifier, as inputs;
      
      compare the second security data to the security data; and
      
      if the second security data and the security data match, transfer program execution control to the address of the current return address.
  - 6. The computing device of claim 1, wherein the call logic is to encrypt at least a portion of the stack position identifier by execution of an encryption algorithm with the security key.
  - 7. The computing device of claim 6, wherein the call logic is to modify the return address by combination of at least a portion of the return address with the encrypted stack position identifier.
  - 8. The computing device of claim 7, wherein the call logic is to combine the return address with the encrypted stack position identifier by execution of an exclusive-or (XOR) operation, a reduced round cipher, or a full round cipher.
  - 9. The computing device of claim 8, wherein the call logic is to:
    - compute a predicted stack position identifier representative of a range of memory addresses ahead or behind the range of memory addresses of the stack position identifier, and encrypt the predicted stack position identifier in parallel with the combination of the return address with the encrypted stack position identifier.
  - 10. The computing device of claim 1, wherein the cryptographic algorithm comprises an encryption algorithm, the plurality of inputs to the cryptographic algorithm further includes (iii) at least a portion of the return address, and the call logic is to execute the cryptographic algorithm with the stack position identifier as a tweak, and the call logic is to store the modified return address on the call stack.
  - 11. The computing device of claim 10, wherein the processor comprises return address descrambling logic to:
    - determine if the modified return address has been modified to fall within an unused range of memory addresses; and
      
      if the modified return address has been modified to fall within an unused range of memory addresses, decrypt the encrypted portion of the return address by execution of a decryption algorithm with the stack position identifier as the tweak.
  - 12. The computing device of claim 10, wherein the encryption algorithm comprises a tweakable block cipher.
  - 13. The computing device of claim 10, wherein the processor comprises return logic and wherein, prior to return of program execution control to a return address on the call stack, the return logic is to:
    - obtain the modified return address from the call stack;
      
      decrypt the encrypted portion of the return address by execution of a decryption algorithm with the stack position identifier as the tweak; and
      
      transfer program execution control to the address of the decrypted return address.
  - 14. The computing device of claim 13, wherein the return logic is to obtain the modified return address from the call stack, and manipulate the return address to restore the modified return address to its original format.

15. A method for securing an address used by a processor of a computing device to control the flow of execution of a program, the method comprising:
- prior to storing an address on a stack;
  
  reading a secret key from a memory location of the computing device that is readable by the processor;
  
  determining a stack position identifier, the stack position identifier usable to determine a location on the stack at which the address is to be stored;
  
  generating security data indicative of the address by executing a cryptographic algorithm such that the security data is based on both of;
  
  (i) the secret key and (ii) the stack position identifier;
  
  modifying the address indicated in the security data to reference a non-canonical location in memory; and
  
  storing the security data in a memory location that is readable by the processor.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15, wherein the cryptographic algorithm comprises an encryption algorithm, the plurality of inputs to the cryptographic algorithm further includes (iii) at least a portion of the address, and the method comprises executing the cryptographic algorithm using the stack position identifier as a tweak, and storing the modified address on the stack.
  - 17. The method of claim 15, comprising, prior to directing program execution control to an address on the stack:
    - obtaining the modified address from the stack;
      
      manipulating the modified address to restore the modified address to its original format.

18. One or more non-transitory machine readable storage media comprising a plurality of instructions stored thereon that in response to being executed result in a computing device securing an address used by a processor of a computing device to control the flow of execution of a program, by:
- prior to storing an address on a stack;
  
  reading a secret key from a memory location of the computing device that is readable by the processor;
  
  determining a stack position identifier, the stack position identifier usable to determine a location on the stack at which the address is to be stored;
  
  generating security data indicative of the return address by executing a cryptographic algorithm such that the security data is based on both of;
  
  (i) the secret key and (ii) the stack position identifier;
  
  modifying the return address indicated in the security data to reference a non-canonical location in memory; and
  
  storing the security data in a memory location that is readable by the processor.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The one or more non-transitory machine readable storage media of claim 18, wherein the cryptographic algorithm comprises an encryption algorithm, the plurality of inputs to the cryptographic algorithm further includes (iii) at least a portion of the address, and the instructions result in the computing device executing the cryptographic algorithm using the stack position identifier as a tweak, and storing the modified address on the stack.
  - 20. The one or more non-transitory machine readable storage media of claim 18, wherein the instructions result in the computing device:
    - computing the security data by executing a message authentication code algorithm, such that the security data comprises a message authentication code; and
      
      storing the security data in a memory location that is within an unused range of memory addresses.
  - 21. The one or more non-transitory machine readable storage media of claim 18, wherein the instructions result in the computing device computing a predicted stack position identifier representing a range of memory addresses ahead or behind a range of memory addresses of the stack position identifier, and encrypting the predicted stack position identifier in parallel with the combining of the address with the encrypted stack position identifier.
  - 22. The one or more non-transitory machine readable storage media of claim 18, wherein the instructions result in the computing device, prior to directing program execution control to an address on the stack:
    - obtaining the modified address from the stack;
      
      manipulating the modified address to restore the modified address to its original format.
  - 23. The one or more non-transitory machine readable storage media of claim 22, wherein the instructions result in the computing device:
    - determining if the modified address has been modified to fall within an unused range of memory addresses; and
      
      if the modified address has been modified to fall within an unused range of memory addresses, decrypting the encrypted portion of the address by executing a decryption algorithm using the stack position identifier as the tweak.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Durham, David M., Patel, Baiju V.
Primary Examiner(s)
Lipman, Jacob

Application Number

US14/498,521
Publication Number

US 20160094552A1
Time in Patent Office

802 Days
Field of Search

713/171, 713/190
US Class Current

1/1
CPC Class Codes

G06F 21/00 Security arrangements for p...

G06F 21/52 during program execution, e...

Creating stack position dependent cryptographic return address to mitigate return oriented programming attacks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Creating stack position dependent cryptographic return address to mitigate return oriented programming attacks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links