51 results about "Control-flow integrity" patented technology

A method providing simple fine-grain hardware primitives with which software engineers can efficiently implement enforceable separation of programs into modules and constraints on control flow, thereby providing fine-grain locality of causality to the world of software. Additionally, a mechanism is provided to mark some modules, or parts thereof, as having kernel privileges and thereby allows the provision of kernel services through normal function calls, obviating the expensive prior art mechanism of system calls. Together with software changes, Object Oriented encapsulation semantics and control flow integrity in hardware are enforced.

Software control flow integrity is provided by embedding identifying bit patterns at computed control flow instruction sources and destinations. The sources and destinations of computed control flow instructions are determined with reference to a control flow graph. The identifying bit patterns are compared during software execution, and a match between a source and a respective destination ensures control flow consistent with the control flow graph. Security measures are implemented when the comparison results in a mismatch, indicating that control flow has deviated from the anticipated course.

An improved CFI system and method is described that provides security from attacks to hijack computer software. The improved CFI system and method inserts two tags to execute label identification. The first tag is positioned before any instruction that would result in an indirect control flow transfer and requires the program to execute a check. The second tag is located before the first line of any legitimate transfer destination and when discovered by the tag check allows a program to carry out the indirect transfer. This tag orientation does not prevent transfers to targets other than the origin instruction's specific intended destination but limits transfers to destinations that begin with the proper label dedication. Although, an incorrect address may be called, that will be within the software program's assortment of legitimate indirect transfer targets. Attempts to exploit or reroute indirect transfers outside of the established control flow are eliminated.

Some embodiments provide a system that executes a native code module. During operation, the system obtains the native code module. Next, the system loads the native code module into a secure runtime environment. Finally, the system safely executes the native code module in the secure runtime environment by using a set of software fault isolation (SFI) mechanisms that maintain control flow integrity for the native code module and constrain store instructions in the native code module by bounding a valid memory region of the native code module with one or more guard regions.

The invention discloses a scalable secure shadow storage and label management method based on hardware isolation. This method uses Intel SGX's approach to building a secure execution environment to create isolated shadow storage intervals for processes. Shadow storage intervals are used to hold program runtime information. The invention refers to process runtime information as a label. Labels in the shadow storage interval are stored and managed in a paging-like manner and can only be accessed by the corresponding process through specific instructions. Even privileged programs (such as operating systems and virtual machine monitors) cannot be accessed or modified. Based on the secure shadow storage interval, different security rules can be implemented by setting the label data structure, such as control flow integrity, code pointer integrity, user process page access rights and so on.

The invention belongs to the technical field of remote control flow integrity proof methods, and particularly relates to a method for remotely proving control flow integrity of hardware-assisted software. The method comprises the following steps of: when a program is loaded into an internal memory to be operated in an operation system in a process form, executing all the instructions of the program by a processor; recording a control transfer instruction executed by the processor by a BTS hardware characteristic of the processor and recording control transfer information to an appointed position in the internal memory; in order to check whether a BTS record is integral or not by a verification party, extending an integrity fingerprint of the BTS record into a PCR of a TPM; after the verification party put forwards a verification request, submitting the BTS record and the record fingerprint to the verification party by a proof party; and verifying the integrity of the BTS record by theverification party according to the record fingerprint, and verifying control flow integrity of software according to the BTS record and a reference value. According to the method, the efficiency of capturing the control transfer information is improved, the correctness of judging the control flow integrity is improved, and remote proof services can be provided.

The present invention provides an intelligent stamp cloud management system and a stamp use content abnormality identification and control method. The system comprises a cloud management server, cloud smart stamp terminals and cloud management clients; the cloud smart stamp terminals send stamping information and stamped document pictures to the cloud management server for storing the stamping information and the stamped document pictures, and generate search codes; the cloud management clients are used for document stamping application, inquiry, approval and warning and upload original documents which people apply for stamping the cloud management server through a cloud network; and the cloud management server is used for verifying the authenticity of stamped documents and sending verification results to the cloud management clients. According to the intelligent stamp cloud management system and the stamp use content abnormality identification and control method of the invention, the cloud management server of stamps is connected with the cloud smart stamp terminals with intelligent functions and network functions, and the cloud management clients, and therefore, stamp control cloud-based intellectualization and control flow integrity can be realized, and the problems of incomplete management flow monitoring and high control risk caused by the blind zones of a traditional stamp management flow can be solved.

A method providing simple fine-grain hardware primitives with which software engineers can efficiently implement enforceable separation of programs into modules and constraints on control flow, thereby providing fine-grain locality of causality to the world of software. Additionally, a mechanism is provided to mark some modules, or parts thereof, as having kernel privileges and thereby allows the provision of kernel services through normal function calls, obviating the expensive prior art mechanism of system calls. Together with software changes, Object Oriented encapsulation semantics and control flow integrity in hardware are enforced.

The invention relates to an embedded variable-granularity control flow verification method and system based on probability prediction. The embedded variable-granularity control flow verification method is divided into a verification end and a certification end. The method comprise: constructing a trusted path feature set, carrying out vulnerability probability prediction on each function in the target source program, carrying out coarse-fine granularity instrumentation preprocessing on the functions, obtaining all possible dynamic control flow graphs of the target program by using different inputs in a verification end, and replacing and storing the control flow graphs in a database by using Hash values; collecting a dynamic path, the proving end running the processed target program after receiving the request sent by the verification end, and calculating the hash value of the control flow graph in the security world and signing; when the dynamic path is checked, the proving end sending a signature to the verifying end, the verifying end matching a Hash value obtained by decrypting the signature in a database, if the Hash value can be matched, the control flow running at the time being complete, and otherwise, the integrity of the control flow being damaged.

Method of enforcing control flow integrity (CFI) for a monolithic binary using static analysis by: marking evaluated functions as core functions by a chosen heuristic or empirically; generating a binary call graph; merging all function nodes of core functions as a node of highest privilege (set 0); merging all leaf functions in one node without privilege (set n); merging all nodes without privilege that reach functions of privilege i and setting the merged node privilege to i+1; checking if there is a node without privilege besides a trivial function; in a positive case, returning to merging all nodes without privilege and setting the merged node privilege to i+1; and in a negative case, setting the privilege of trivial functions as i+2.

The invention discloses a control flow integrity detection method based on deep learning. The control flow integrity detection method comprises the steps of obtaining a training program and an executable file thereof; disassembling the executable file and constructing a coarse-grained control flow graph; monitoring a control flow of the program and collecting address information; constructing a fine-grained control flow graph of the training program and segmenting the fine-grained control flow graph to obtain training data; training a classifier to obtain a control flow integrity detection classifier; obtaining address information of a to-be-detected program; constructing a gadget chain code of the program to be detected; and adopting the control flow integrity detection classifier to perform detection and complete integrity detection of the control flow of the to-be-detected program. According to the method, an accurate control flow graph is constructed, then the control flow graph issplit for neural network training, branch information is obtained in real time when a program runs, and detection is carried out through a neural network model; according to the invention, program control flow integrity detection can be well carried out, the reliability is high, the detection accuracy is high, and the implementation is convenient.

The embodiment of the invention discloses a control flow integrity checking method and device, and a computer storage medium. The method comprises the following steps that: identifying a first indirect jump instruction in a program to obtain the characteristic information of the first indirect jump instruction; on the basis of the characteristic information, coding the first indirect jump instruction to generate a second indirect jump instruction shown by two bytes, and revising the first indirect jump instruction in the program into the second indirect jump instruction; and on the basis of asupplementary program inserted into the program, when the second indirect jump instruction is executed by the program, through the supplementary program, carrying out control flow integrity checking on the second indirect jump instruction.

The invention discloses a kernel code pointer integrity protection method based on ARM pointer verification. Intelligence protection is provided for all sensitive pointers in a kernel through pointerverification codes. The method comprises the following steps: (1) positioning all sensitive pointers in kernel codes; (2) inserting a pointer verification instruction to enable a pointer verificationcode to be generated and embedded before a sensitive pointer is written into a memory, and checking the pointer verification code after the sensitive pointer is read from the memory; and (3) modifyinga kernel startup code, initializing pointer verification characteristics at the early stage of startup, and then initializing a pointer verification code of the global sensitive pointer. According tothe method, the integrity of the control flow of the kernel is protected, an attacker can be prevented from indirectly tampering the code pointer by tampering the data pointer, and the integrity of the code pointer is comprehensively protected in the kernel.

A method of generating compiled intermediate code files adjusted to apply execution control flow verification comprising receiving intermediate code file(s) generated by a compiler which comprise a plurality of routines and adjusting the intermediate code file(s) prior to generating a respective executable file for execution by one or more processors. The adjustment comprising analyzing the intermediate code file(s) to identify valid execution path(s) describing order of execution of preceding routines executed prior to execution of each critical routine, adding registration code segment(s) configured to register execution of each routine in a runtime execution sequence, adding flow validation code segment(s) configured to verify the runtime execution sequence against the valid execution path(s) before invoking the critical routine(s) and outputting the adjusted intermediate code file(s). In runtime, in case the runtime execution sequence does not match a valid execution path(s), the flow validation code segment causes the processor(s) to initiate predefined action(s).

The invention discloses a code reuse attach detection method based on virtual function table inheritance relation; the method comprises the following steps: pretreatment; virtual function invoke point identification; virtual function table identification; virtual function table inheritance relation identification; protection detection. The method can analyze an executable file, can carry out control flow integrity protection on virtual function invoke points in the code according to the virtual function table inheritance relation, can detect the code reuse attach, can prevent the conventional detection strategy that uses source codes to obtain a valid virtual function set or takes all virtual functions as valid set, thus providing better detection precision and speed, improving code reuse attach detection accuracy, versatility and efficiency.

The invention discloses a control flow integrity protection method, system and device and a readable storage medium, and the method comprises the steps of obtaining a control flow diagram of a to-be-protected program, and recording the position information and source point information of a function pointer; importing the control flow diagram into a to-be-protected program; obtaining context information during program operation by using store instruction instrumentation, and storing the context information in an MPX table; inquiring the MPX table through indirect calling instruction instrumentation, obtaining context information, and verifying legality of a jump target of actual operation of the program. The invention comprises recording position information and source point information of a function pointer by using a control flow diagram; verifying the legality of a control flow jump target through store instruction instrumentation; performing the operation in an intermediate code layer of the program without modifying a program source code. The analysis precision is effectively improved through store instruction instrumentation, the source point information of the function pointer in the composite type can be processed, the instruction for indirect jumping through the function pointer in the global variable is processed, the safety parameter is small, and the safety performance is high.