发明名称 |
Preventing return-oriented programming exploits |
摘要 |
Preventing return-oriented programming exploits by identifying a set of contiguous computer software instructions extending from a first location within a computer memory to a second location within the computer memory, where the set of computer software instructions includes a return-oriented programming gadget, copying the set of computer software instructions to extend from a third location within the computer memory to a fourth location within the computer memory, placing a branching instruction at the first memory location, where the branching instruction branches to the third location, appending a return branching instruction to the copy of the set of computer software instructions, where the return branching instruction branches to a fifth location within the computer memory that immediately follows the second location, and overwriting at least a portion of the return-oriented programming gadget between the first location and the second location. |
申请公布号 |
US9589133(B2) |
申请公布日期 |
2017.03.07 |
申请号 |
US201414454862 |
申请日期 |
2014.08.08 |
申请人 |
International Business Machines Corporation |
发明人 |
Ben-Haim Eldan |
分类号 |
G06F21/54 |
主分类号 |
G06F21/54 |
代理机构 |
|
代理人 |
McLane Christopher;Carpenter Maeve M. |
主权项 |
1. A computer security method comprising:
identifying a set of contiguous computer software instructions extending from a first location within a computer memory to a second location within the computer memory, wherein the set of contiguous computer software instructions includes a return-oriented programming gadget; copying the set of contiguous computer software instructions to extend from a third location within the computer memory to a fourth location within the computer memory; placing a branching instruction at the first location, wherein the branching instruction branches to the third location; appending a return branching instruction to the copy of the set of contiguous computer software instructions, wherein the return branching instruction branches to a fifth location within the computer memory that immediately follows the second location; overwriting at least a portion of the return-oriented programming gadget between the first location and the second location, wherein overwriting comprises overwriting with at least one trap instruction; and configuring a trap handler for the trap instruction to perform a computer-security-related action. |
地址 |
Armonk NY US |