发明名称 |
Detection of return oriented programming attacks |
摘要 |
In one embodiment, a processor includes at least one execution unit and Return Oriented Programming (ROP) detection logic. The ROP detection logic may determine a ROP metric based on a plurality of control transfer events. The ROP detection logic may also determine whether the ROP metric exceeds a threshold. The ROP detection logic may also, in response to a determination that the ROP metric exceeds the threshold, provide a ROP attack notification. |
申请公布号 |
US9582663(B2) |
申请公布日期 |
2017.02.28 |
申请号 |
US201514960709 |
申请日期 |
2015.12.07 |
申请人 |
Intel Corporation |
发明人 |
Fischer Stephen A.;Gotze Kevin C.;Bulygin Yuriy;Brannock Kirk D. |
分类号 |
G06F21/50;G06F21/55;G06F21/56;G06F9/30 |
主分类号 |
G06F21/50 |
代理机构 |
Trop, Pruner & Hu, P.C. |
代理人 |
Trop, Pruner & Hu, P.C. |
主权项 |
1. A processor comprising:
a core including a fetch unit to fetch instructions, a decode unit to decode the fetched instructions, at least one execution unit to execute one or more of the decoded instructions and a first logic comprising at least one hardware circuit coupled to the at least one execution unit, the first logic to:
adjust a count in a first direction in response to detection of one or more control transfer events of a first type and adjust the count in a second direction in response to detection of one or more control transfer events of a second type; andin response to a determination that the count exceeds a threshold, notify a protection agent of a possible Return Oriented Programming (ROP) attack. |
地址 |
Santa Clara CA US |