20240045679. METHOD FOR CONTROL FLOW ISOLATION WITH PROTECTION KEYS AND INDIRECT BRANCH TRACKING simplified abstract (Oracle International Corporation)

From WikiPatents
Jump to navigation Jump to search

METHOD FOR CONTROL FLOW ISOLATION WITH PROTECTION KEYS AND INDIRECT BRANCH TRACKING

Organization Name

Oracle International Corporation

Inventor(s)

Matthias Neugschwandtner of Perchtoldsdorf (AT)

William Blair of Washington DC (US)

METHOD FOR CONTROL FLOW ISOLATION WITH PROTECTION KEYS AND INDIRECT BRANCH TRACKING - A simplified explanation of the abstract

This abstract first appeared for US patent application 20240045679 titled 'METHOD FOR CONTROL FLOW ISOLATION WITH PROTECTION KEYS AND INDIRECT BRANCH TRACKING

Simplified Explanation

The abstract describes an innovative control flow integrity (CFI) technique that uses code generation to protect data access control for subroutines across module boundaries. This approach is unique because it uses data access control to provide access control to the code, even though the code is stored separately from the data.

  • The technique involves generating a prologue at the beginning of a subroutine implemented in machine instructions.
  • The prologue includes a first instruction indicating that it is a target of a control flow branch and a second instruction that verifies the accessibility of a memory address.
  • The generated machine instructions include instructions that limit the accessibility of the memory address when executed by a processor.
  • Some code generation may occur at the start of runtime by a loader or dynamic linker.

Potential applications of this technology:

  • Enhancing security in software systems by protecting against control flow hijacking attacks.
  • Improving access control for subroutines invoked across module boundaries.
  • Strengthening the integrity of code execution in systems where code and data are stored separately.

Problems solved by this technology:

  • Control flow hijacking attacks, where an attacker manipulates the control flow of a program to execute malicious code.
  • Unauthorized access to sensitive data by enforcing access control at the code level.

Benefits of this technology:

  • Increased security and protection against control flow hijacking attacks.
  • Enhanced access control for subroutines, ensuring that only authorized code can access sensitive data.
  • Improved integrity of code execution, reducing the risk of code injection and unauthorized modifications.


Original Abstract Submitted

herein is innovative control flow integrity (cfi) based on code generation techniques that instrument data protection for access control of subroutines invoked across module boundaries. this approach is counterintuitive because, even though code is stored separately from data, access control to the data is used to provide access control to the code. in an embodiment, an instrumentation computer generates, at the beginning of a subroutine that is implemented in machine instructions, a prologue that contains: a first instruction of the subroutine that indicates that the first instruction is a target of a control flow branch and a second instruction of the subroutine that verifies that a memory address is accessible. generated in the machine instructions are instruction(s) that, when executed by a processor, cause the memory address to have limited accessibility. some code generation may be performed at the start of runtime by a loader or a dynamic linker.

Retrieved from "http://wikipatents.org/index.php?title=20240045679._METHOD_FOR_CONTROL_FLOW_ISOLATION_WITH_PROTECTION_KEYS_AND_INDIRECT_BRANCH_TRACKING_simplified_abstract_(Oracle_International_Corporation)&oldid=32236"