18326910. Pointer Authentication simplified abstract (Apple Inc.)
Contents
Pointer Authentication
Organization Name
Inventor(s)
Yin Zin Mark Lam of Milpitas CA (US)
Jeff Gonion of Campbell CA (US)
Pointer Authentication - A simplified explanation of the abstract
This abstract first appeared for US patent application 18326910 titled 'Pointer Authentication
Simplified Explanation
The patent application describes a processor with hardware circuitry that can detect if a return address has been modified since it was generated. If a modification is detected, the processor can signal an exception or initiate error handling to prevent execution at the modified return address.
- The processor performs a cryptographic signature operation on the return address to generate a signed return address.
- The signature of the return address is verified before it is used as a return target.
Potential Applications
- This technology can be applied in computer systems and processors to enhance security and prevent unauthorized execution at modified return addresses.
- It can be used in operating systems, virtual machines, and other software environments to protect against attacks that manipulate return addresses.
Problems Solved
- The technology addresses the problem of detecting and preventing execution at modified return addresses, which can be a common technique used in various cyber attacks.
- It helps in ensuring the integrity and security of software execution by verifying the authenticity of return addresses.
Benefits
- By detecting modifications to return addresses, the processor can prevent the execution of malicious code or unauthorized instructions.
- The cryptographic signature operation adds an extra layer of security by verifying the integrity of return addresses.
- The technology helps in protecting against return-oriented programming attacks and other techniques that exploit modified return addresses.
Original Abstract Submitted
In an embodiment, a processor includes hardware circuitry which may be used to detect that a return address has been modified since it was generated. In response to detecting the modification, the processor may be configured to signal an exception or otherwise initiate error handling to prevent execution at the modified return address. In an embodiment, the processor may perform a cryptographic signature operation on the return address to generate a signed return address, and the signature may be verified before the address is used as a return target.
