Predicting indirect branches using problem branch filtering and pattern cache
US-2015363201-A1 · Dec 17, 2015 · US
Technologies for indirect branch target security
US9830162B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9830162-B2 |
| Application number | US-201414570507-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 15, 2014 |
| Priority date | Dec 15, 2014 |
| Publication date | Nov 28, 2017 |
| Grant date | Nov 28, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Technologies for indirect branch target security include a computing device having a processor to execute an indirect branch instruction. The processor may determine an indirect branch target of the indirect branch instruction, load a memory tag associated with the indirect branch target, and determine whether the memory tag is set. The processor may generate a security fault if the memory tag is not set. The processor may load an encrypted indirect branch target, decrypt the encrypted branch target using an activation record key stored in an activation key register, and perform a jump to the indirect branch target. The processor may generate a next activation record coordinate as a function of the activation record key and a return address of a call instruction and generate the next activation record key as a function of the next activation record coordinate. Other embodiments are described and claimed.
First claim
Opening claim text (preview).
The invention claimed is: 1. A computing device for indirect branch execution, the computing device comprising a processor, a tag memory, and one or more non-transitory, computer-readable storage media, wherein: the non-transitory, computer-readable storage media comprises an indirect branch instruction; the processor comprises indirect branch target logic to: determine an indirect branch target of the indirect branch instruction in response to execution of the indirect branch instruction by the processor; load a memory tag associated with a holder of the indirect branch target; determine whether the memory tag associated with the holder of the indirect branch target is set; generate a security fault in response to a determination that the memory tag is not set; determine whether the indirect branch instruction is a return instruction in response to the execution of the indirect branch instruction by the processor; and clear the memory tag associated with the holder of the indirect branch target in response to a determination that the indirect branch instruction is a return instruction and in response to a determination that the memory tag is set; and the tag memory is not accessible to unprivileged software of the computing device, wherein to load the memory tag associated with the holder of the indirect branch target comprises to load the memory tag from the tag memory, and wherein the tag memory comprises a part of a main memory of the computing device. 2. The computing device of claim 1 , wherein the indirect branch target logic is further to: determine whether the indirect branch instruction is a call instruction in response to the execution of the indirect branch instruction by the processor; and set a second memory tag associated with a holder of a return address of the call instruction in response to a determination that the indirect branch instruction is a call instruction and in response to a determination that the memory tag is set. 3. The computing device of claim 1 , wherein the one or more non-transitory, computer-readable storage media further comprise a plurality of instructions that in response to being executed by the processor cause the computing device to: detect a memory store to the holder of the indirect branch target; and clear the memory tag associated with the holder of the indirect branch target in response to detection of the memory store. 4. The computing device of claim 3 , wherein: the one or more non-transitory, computer-readable storage media further comprise a plurality of instructions that in response to being executed by the processor cause the computing device to mark the holder of the indirect branch target as non-writable; the processor further comprises write-monitoring logic to generate a fault in response to the memory store to the holder of the indirect branch target; to detect the memory store comprises to detect the fault by privileged software of the computing device; and to clear the memory tag comprises to clear the memory tag by the privileged software. 5. The computing device of claim 1 , wherein to load the memory tag associated with the holder of the indirect branch target comprises to fault to privileged software to load the memory tag. 6. The computing device of claim 1 , wherein the one or more non-transitory, computer-readable storage media further comprise a plurality of instructions that in response to being executed by the processor cause the computing device to set, by privileged software of the computing device, the memory tag associated with the holder of the indirect branch target. 7. A method for indirect branch execution, the method comprising: executing, by a processor of a computer device, an indirect branch instruction; determining, by the processor, an indirect branch target of the indirect branch instruction in response to executing the indirect branch instruction; loading, by the processor, a memory tag associated with a holder of the indirect branch target from a tag memory of the computing device, wherein the tag memory is not accessible to unprivileged software of the computing device, and wherein the tag memory comprises a part of a main memory of the computing device; determining, by the processor, whether the memory tag associated with the holder of the indirect branch target is set; generating, by the processor, a security fault in response to determining the memory tag is not set; determining, by the processor, whether the indirect branch instruction is a return instruction in response to executing the indirect branch instruction; and clearing, by the processor, the memory tag associated with the holder of the indirect branch target in response to determining the indirect branch instruction is a return instruction and in response to determining the memory tag is set. 8. The method of claim 7 , further comprising: determining, by the processor, whether the indirect branch instruction is a call instruction in response to executing the indirect branch instruction; and setting, by the processor, a second memory tag associated with a holder of a return address of the call instruction in response to determining the indirect branch instruction is a call instruction and in response to determining the memory tag is set. 9. The method of claim 7 , further comprising: detecting, by the computing device, a memory store to the holder of the indirect branch target; and clearing, by the computing device, the memory tag associated with the holder of the indirect branch target in response to detecting the memory store. 10. The method of claim 7 , wherein loading the memory tag associated with the holder of the indirect branch target comprises faulting to privileged software to load the memory tag. 11. The method of claim 9 , further comprising: marking, by the computing device, the holder of the indirect branch target as non-writable, and generating, by the computing device, a fault in response to the memory store to the holder of the indirect branch target; wherein detecting the memory store comprises detecting the fault by privileged software of the computing device; and clearing the memory tag comprises clearing the memory tag by the privileged software.
Assignees
Inventors
Classifications
Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities · CPC title
Security improvement · CPC title
Replacement control · CPC title
- G06F9/3863Primary
using multiple copies of the architectural state, e.g. shadow registers · CPC title
Details relating to dynamic memory management · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9830162B2 cover?
- Technologies for indirect branch target security include a computing device having a processor to execute an indirect branch instruction. The processor may determine an indirect branch target of the indirect branch instruction, load a memory tag associated with the indirect branch target, and determine whether the memory tag is set. The processor may generate a security fault if the memory tag …
- Who is the assignee on this patent?
- Intel Corp
- What technology area does this patent fall under?
- Primary CPC classification G06F9/3863. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Nov 28 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).