| 发明名称 | Detection of return oriented programming attacks | ||
| 摘要 | In one embodiment, a processor includes at least one execution unit and Return Oriented Programming (ROP) detection logic. The ROP detection logic may determine a ROP metric based on a plurality of control transfer events. The ROP detection logic may also determine whether the ROP metric exceeds a threshold. The ROP detection logic may also, in response to a determination that the ROP metric exceeds the threshold, provide a ROP attack notification. | ||
| 申请公布号 | US9251348(B2) | 申请公布日期 | 2016.02.02 |
| 申请号 | US201313799663 | 申请日期 | 2013.03.13 |
| 申请人 | Intel Corporation | 发明人 | Fischer Stephen A.;Gotze Kevin C.;Bulygin Yuriy;Brannock Kirk D. |
| 分类号 | G06F21/50;G06F21/56 | 主分类号 | G06F21/50 |
| 代理机构 | Trop, Pruner & Hu, P.C. | 代理人 | Trop, Pruner & Hu, P.C. |
| 主权项 | 1. A processor comprising: a Return Oriented Programming (ROP) detection unit to: adjust a count in a first direction in response to detection of one or more control transfer events of a first type and adjust the count in a second direction in response to detection of one or more control transfer events of a second type; andin response to a determination that the count exceeds a threshold, provide an indication of a possible ROP attack. | ||
| 地址 | Santa Clara CA US | ||