METHOD FOR CONTROL FLOW ISOLATION WITH PROTECTION KEYS AND INDIRECT BRANCH TRACKING

Organization Name

ORACLE INTERNATIONAL CORPORATION

Inventor(s)

Matthias Neugschwandtner of Perchtoldsdorf (AT)

William Blair of Washington DC (US)

METHOD FOR CONTROL FLOW ISOLATION WITH PROTECTION KEYS AND INDIRECT BRANCH TRACKING - A simplified explanation of the abstract

This abstract first appeared for US patent application 20240231825 titled 'METHOD FOR CONTROL FLOW ISOLATION WITH PROTECTION KEYS AND INDIRECT BRANCH TRACKING

Simplified Explanation: The patent application describes an innovative control flow integrity (CFI) technique based on code generation to protect data access control for subroutines across module boundaries.

Key Features and Innovation:

• Instrumentation computer generates a prologue at the beginning of a subroutine to indicate it as a control flow branch target and verify memory address accessibility.
• Machine instructions limit memory address accessibility when executed by a processor.
• Code generation may occur at the start of runtime by a loader or dynamic linker.

Potential Applications: This technology can be applied in cybersecurity, software development, and system architecture to enhance data protection and access control mechanisms.

Problems Solved: The technology addresses the challenge of ensuring secure access control to data by using innovative code generation techniques to protect subroutines invoked across module boundaries.

Benefits:

• Improved control flow integrity for enhanced data protection.
• Enhanced access control mechanisms for subroutines.
• Increased security in software systems.

Commercial Applications: The technology can be utilized in industries such as cybersecurity, software development, and system architecture to enhance data protection and access control mechanisms, potentially leading to more secure and reliable systems.

Prior Art: Readers can explore prior research on control flow integrity, code generation techniques, and data protection mechanisms in software systems to understand the evolution of this technology.

Frequently Updated Research: Stay updated on the latest advancements in control flow integrity, code generation, and data protection in software systems to leverage cutting-edge technologies for enhanced security measures.

Questions about Control Flow Integrity: 1. How does control flow integrity contribute to enhancing data protection in software systems? 2. What are the key differences between traditional access control mechanisms and the innovative approach described in the patent application?

Question 1: What are the potential implications of this technology in the field of cybersecurity?

Answer 1: The technology can significantly enhance cybersecurity measures by providing robust data protection and access control mechanisms, reducing the risk of unauthorized access and potential security breaches.

Original Abstract Submitted

herein is innovative control flow integrity (cfi) based on code generation techniques that instrument data protection for access control of subroutines invoked across module boundaries. this approach is counterintuitive because, even though code is stored separately from data, access control to the data is used to provide access control to the code. in an embodiment, an instrumentation computer generates, at the beginning of a subroutine that is implemented in machine instructions, a prologue that contains: a first instruction of the subroutine that indicates that the first instruction is a target of a control flow branch and a second instruction of the subroutine that verifies that a memory address is accessible. generated in the machine instructions are instruction(s) that, when executed by a processor, cause the memory address to have limited accessibility. some code generation may be performed at the start of runtime by a loader or a dynamic linker.