Identifying exploitable code sequences
US-10423792-B2 · Sep 24, 2019 · US
Compiling techniques for hardening software programs against branching programming exploits
US10635823B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10635823-B2 |
| Application number | US-201815870011-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 12, 2018 |
| Priority date | Jan 12, 2018 |
| Publication date | Apr 28, 2020 |
| Grant date | Apr 28, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Technologies are provided in embodiments for using compiling techniques to harden software programs from branching exploits. One example includes program instructions for execution to obtain a first encoded instruction of a software program, the first encoded instruction including a first opcode in a first field to be performed when the first encoded instruction is executed, identify a vulnerable value in a second field within the first encoded instruction, where the vulnerable value includes a second opcode, determine that the first encoded instruction can be replaced with one or more alternative encoded instructions that do not contain the vulnerable value, and replace the first encoded instruction with the one or more alternative encoded instructions.
First claim
Opening claim text (preview).
What is claimed is: 1. At least one non-transitory machine readable storage medium comprising code for execution that when executed by one or more processors, causes the one or more processors to: obtain a first encoded instruction of a software program, the first encoded instruction including a first opcode in a first field to be performed when the first encoded instruction is executed; identify a vulnerable value in a second field of the first encoded instruction, wherein the vulnerable value includes a second opcode; determine that the first encoded instruction can be replaced with one or more alternative encoded instructions that do not contain the vulnerable value; and replace the first encoded instruction with the one or more alternative encoded instructions, wherein replacing the first encoded instruction with the one or more alternative encoded instructions is to include: swapping a first operand of the first encoded instruction corresponding to a source register with a second operand of the first encoded instruction corresponding to a destination register; and changing a bit in the first encoded instruction that indicates which operand corresponds to the source register and which operand corresponds to the destination register. 2. The at least one non-transitory machine readable storage medium of claim 1 , wherein the second opcode is associated with one of a return operation, a jump operation, or a call operation. 3. The at least one non-transitory machine readable storage medium of claim 1 , wherein the one or more alternative encoded instructions is semantically equivalent to the first encoded instruction. 4. The at least one non-transitory machine readable storage medium of claim 1 , wherein the code, when executed by the one or more processors, causes the one or more processors to: obtain a second encoded instruction of the software program including a third opcode to be performed when the second encoded instruction is executed; identify a second vulnerable value within the second encoded instruction, wherein the second vulnerable value includes a fourth opcode; and replace the second encoded instruction with one or more other alternative encoded instructions that do not contain the second vulnerable value, by: inserting, before the second encoded instruction, a third encoded instruction to exchange a first value in a first register with a second value in a second register; replacing a first register operand corresponding to the first register in the second encoded instruction with a second register operand corresponding to the second register; and inserting, after the second encoded instruction, a fourth encoded instruction to exchange the second value in the first register with a current value in the second register. 5. The at least one non-transitory machine readable storage medium of claim 1 , wherein the code, when executed by the one or more processors, causes the one or more processors to: obtain a second encoded instruction of the software program including a third opcode to be performed when the second encoded instruction is executed; identify a second vulnerable value within the second encoded instruction, wherein the second vulnerable value includes a fourth opcode; and replace the second encoded instruction with one or more other alternative encoded instructions that do not contain the second vulnerable value, by: determining that a value in one field of the second encoded instruction represents a relative offset to a target address; determining that the second vulnerable value is the least significant byte in another field of the second encoded instruction; inserting one or more no operation instructions; and modifying the relative offset based on the one or more no operation instructions. 6. The at least one non-transitory machine readable storage medium of claim 1 , wherein the code, when executed by the one or more processors, causes the one or more processors to: obtain a second encoded instruction of the software program including a third opcode to be performed when the second encoded instruction is executed; identify a second vulnerable value in a particular field of the second encoded instruction, wherein the second vulnerable value includes a fourth opcode; and replace the second encoded instruction with one or more other alternative encoded instructions that do not contain the second vulnerable value, by: determining that, when executed by the processor, the third opcode causes the processor to access an address associated with a value in the particular field of the second encoded instruction based on a condition being met; resolving the condition; and replacing the second encoded instruction with a second third encoded instruction that does not include the condition and, when executed by the processor, causes the processor to access the address. 7. The at least one non-transitory machine readable storage medium of claim 6 , wherein the second vulnerable value is not the least significant byte in the particular field of the second encoded instruction. 8. The at least one non-transitory machine readable storage medium of claim 1 , wherein the code, when executed by the one or more processors, causes the one or more processors to: obtain a second encoded instruction of the software program including a third opcode to be performed when the second encoded instruction is executed; identify a second vulnerable value within the second encoded instruction, wherein the second vulnerable value includes a fourth opcode; and replace the second encoded instruction with one or more other alternative encoded instructions that do not contain the second vulnerable value, by: determining that a value encoded in a particular field of the second encoded instruction represents a relative offset to a target address; determining that the second vulnerable value is not the least significant byte in the particular field of the second encoded instruction; and transforming the second encoded instruction to use an indirect address for the relative offset. 9. The at least one non-transitory machine readable storage medium of claim 8 , wherein to replace the second encoded instruction with the one or more other alternative encoded instructions includes: storing the relative offset in a register, wherein an address of the register is encoded in the particular field of the transformed second encoded instruction. 10. The at least one non-transitory machine readable storage medium of claim 1 , wherein the code, when executed by the one or more processors, causes the one or more processors to: obtain a second encoded instruction of the software program including a third opcode to be performed when the second encoded instruction is executed; identify a second vulnerable value in a particular field of the second encoded instruction, wherein the second vulnerable value includes a fourth opcode; and replace the second encoded instruction with one or more other alternative encoded instructions that do not contain the second vulnerable value, by: determining that the particular field of the second encoded instruction includes an immediate operand; and decomposing the immediate operand into two or more immediate operands, wherein the two or more immediate operands are encoded in two or more of the other alternative encoded instructions, respectively. 11. The at least one non-transitory machine readable storage medium of claim 1 , wherein the first encoded instruction is replaced with the one or more alternative encoded instructions based, at least in part, on determining that an enforce replacement criterion applies to the first encoded instruction
Assignees
Inventors
Classifications
Encoding · CPC title
Test or assess software · CPC title
- G06F21/577Primary
Assessing vulnerabilities and evaluating computer system security · CPC title
Organisation of register space, e.g. banked or distributed register file · CPC title
by adding security routines or objects to programs · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10635823B2 cover?
- Technologies are provided in embodiments for using compiling techniques to harden software programs from branching exploits. One example includes program instructions for execution to obtain a first encoded instruction of a software program, the first encoded instruction including a first opcode in a first field to be performed when the first encoded instruction is executed, identify a vulnerab…
- Who is the assignee on this patent?
- Intel Corp
- What technology area does this patent fall under?
- Primary CPC classification G06F21/577. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Apr 28 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).