Elevated security execution mode for network-accessible devices
US-2024411878-A1 · Dec 12, 2024 · US
Code pointer authentication for hardware flow control
US2016110545A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016110545-A1 |
| Application number | US-201414517572-A |
| Country | US |
| Kind code | A1 |
| Filing date | Oct 17, 2014 |
| Priority date | Oct 17, 2014 |
| Publication date | Apr 21, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques for enforcing flow control of a software program in a processor are provided. An example method according to these techniques includes analyzing program code of the software program to identify a code pointer in the program code, generating an authentication tag based on the code pointer, and modifying the code pointer in the program code with the authentication tag to generate a tagged code pointer.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method for enforcing flow control of a software program in a processor, the method comprising: analyzing program code of the software program to identify a code pointer in the program code; generating an authentication tag based on the code pointer; and modifying the code pointer in the program code with the authentication tag to generate a tagged code pointer. 2 . The method of claim 1 , wherein modifying the code pointer in the program code with the authentication tag to generate the tagged code pointer further comprises: generating the tagged code pointer by applying a mask to the authentication tag and the code pointer. 3 . The method of claim 2 , wherein generating the tagged code pointer by applying the mask to the authentication tag and the code pointer further comprises: selecting a first set of bits from the authentication tag using the mask; and replacing a second set of bits of the code pointer corresponding to the first set of bits with the first set of bits to generate the tagged code pointer. 4 . The method of claim 2 , further comprising: identifying a plurality of code pointers in the program code; and identifying tag bits common to the plurality of code pointers in the program code to determine the mask. 5 . The method of claim 1 , further comprising: authenticating the tagged code pointer; performing error handling responsive to the authentication tag having been altered; and executing a program instruction at the address associated with the code pointer responsive to the authentication tag having not been altered. 6 . The method of claim 5 , wherein authenticating the tagged code pointer comprises: determining a recovered code pointer value from the tagged code pointer using a mask. 7 . The method of claim 6 , further comprising: extracting an embedded authentication tag value from the tagged code pointer using the mask. 8 . The method of claim 7 , further comprising: generating a recovered authentication tag based at least in part on the recovered code pointer value and a context value. 9 . The method of claim 8 , further comprising: extracting a masked tag value from the recovered authentication tag using the mask. 10 . The method of claim 9 , further comprising: comparing the masked tag value to the embedded authentication tag value to determine whether the tagged code pointer has been altered. 11 . An apparatus for enforcing flow control of a software program in a processor, the apparatus comprising: means for analyzing program code of the software program to identify a code pointer in the program code; means for generating an authentication tag based on the code pointer; and means for modifying the code pointer in the program code with the authentication tag to generate a tagged code pointer. 12 . The apparatus of claim 11 , wherein the means for modifying the code pointer in the program code with the authentication tag to generate the tagged code pointer further comprises: means for generating the tagged code pointer by applying a mask to the authentication tag and the code pointer. 13 . The apparatus of claim 12 , wherein the means for generating the tagged code pointer by applying the mask to the authentication tag and the code pointer further comprises: means for selecting a first set of bits from the authentication tag using the mask; and means for replacing a second set of bits of the code pointer corresponding to the first set of bits with the first set of bits to generate the tagged code pointer. 14 . The apparatus of claim 12 , further comprising: means for identifying a plurality of code pointers in the program code; and means for identifying tag bits common to the plurality of code pointers in the program code to determine the mask. 15 . The apparatus of claim 11 , further comprising: means for authenticating the tagged code pointer; means for performing error handling responsive to the authentication tag having been altered; and means for executing a program instruction at the address associated with the code pointer responsive to the authentication tag having not been altered. 16 . The apparatus of claim 15 , wherein authenticating the tagged code pointer comprises: means for determining a recovered code pointer value from the tagged code pointer using a mask. 17 . An apparatus for enforcing flow control of a software program in a processor, the apparatus comprising: a processor configured to: analyze program code of the software program to identify a code pointer in the program code; generate an authentication tag based on the code pointer; and modify the code pointer in the program code with the authentication tag to generate a tagged code pointer. 18 . The apparatus of claim 17 , wherein the processor being configured to modify the code pointer in the program code with the authentication tag to generate the tagged code pointer is further configured to: generate the tagged code pointer by applying a mask to the authentication tag and the code pointer. 19 . The apparatus of claim 18 , wherein the processor being configured to generate the tagged code pointer by applying the mask to the authentication tag and the code pointer is further configured to: select a first set of bits from the authentication tag using the mask; and replace a second set of bits of the code pointer corresponding to the first set of bits with the first set of bits to generate the tagged code pointer. 20 . The apparatus of claim 18 , wherein the processor is further configured to: identify a plurality of code pointers in the program code; and identify tag bits common to the plurality of code pointers in the program code to determine the mask. 21 . The apparatus of claim 17 , wherein the processor is further configured to: authenticate the tagged code pointer; perform error handling responsive to the authentication tag having been altered; and execute a program instruction at the address associated with the code pointer responsive to the authentication tag having not been altered. 22 . The apparatus of claim 21 , wherein the processor being configured to authenticate the tagged code pointer is further configured to: determine a recovered code pointer value from the tagged code pointer using a mask. 23 . The apparatus of claim 22 , wherein the processor is further configured to: extract an embedded authentication tag value from the tagged code pointer using the mask. 24 . A non-transitory computer-readable medium, having stored thereon computer-readable instructions for enforcing flow control of a software program in a processor, comprising instructions configured to cause a computer to: analyze program code of the software program to identify a code pointer in the program code; generate an authentication tag based on the code pointer; and modify the code pointer in the program code with the authentication tag to generate a tagged code pointer. 25 . The non-transitory computer-readable medium of claim 24 , wherein the instructions configured to cause the computer to modify the code pointer in the program code with the authentication tag to generate the tagged code pointer is further comprise instructions configured to cause the computer to: generate the tagged code pointer by applying a mask to the authentication tag and the code pointer.
Assignees
Inventors
Classifications
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016110545A1 cover?
- Techniques for enforcing flow control of a software program in a processor are provided. An example method according to these techniques includes analyzing program code of the software program to identify a code pointer in the program code, generating an authentication tag based on the code pointer, and modifying the code pointer in the program code with the authentication tag to generate a tag…
- Who is the assignee on this patent?
- Qualcomm Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/52. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Apr 21 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).