| 发明名称 |
CONTROL-FLOW INTEGRITY WITH MANAGED CODE AND UNMANAGED CODE |
| 摘要 |
A data processing system (DPS) supports control-flow integrity (CFI). The DPS comprises a processing element with a CFI enforcement mechanism that supports one or more CFI instructions. The DPS also comprises at least one machine-accessible medium responsive to the processing element. Managed code in the machine-accessible medium is configured (a) to execute in a managed runtime environment (MRE) in the data processing system, and (b) to transfer control out from the MRE to unmanaged code, in response to a transfer control statement in the managed code. The machine-accessible medium also comprises a binary translator which, when executed, converts unmanaged code in the data processing system into hardened unmanaged code (HUC) by including CFI features in the HUC. The CFI features comprise one or more CFI instructions to utilize the CFI enforcement mechanism of the processing element for transfers of control initiated by the HUC. Other embodiments are described and claimed. |
| 申请公布号 |
US2016283712(A1) |
申请公布日期 |
2016.09.29 |
| 申请号 |
US201514671194 |
申请日期 |
2015.03.27 |
| 申请人 |
INTEL CORPORATION |
发明人 |
Kanhere Abhay S.;Caprioli Paul |
| 分类号 |
G06F21/54 |
主分类号 |
G06F21/54 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A data processing system with features for enforcing control-flow integrity, the data processing system comprising:
a processing element with a control-flow integrity (CFI) enforcement mechanism that supports one or more CFI instructions; at least one machine-accessible medium responsive to the processing element; managed code in the machine-accessible medium, wherein the managed code is configured (a) to execute in a managed runtime environment (MRE) in the data processing system, and (b) to transfer control out from the MRE to unmanaged code, in response to a transfer control statement in the managed code; and a binary translator in the machine-accessible medium, wherein the binary translator, when executed, converts unmanaged code in the data processing system into hardened unmanaged code (HUC) by including CFI features in the HUC, wherein the CFI features comprise one or more CFI instructions to utilize the CFI enforcement mechanism of the processing element for transfers of control initiated by the HUC. |
| 地址 |
Santa Clara CA US |
