| 发明名称 |
Methods, devices, and systems for detecting return-oriented programming exploits |
| 摘要 |
Methods, devices, and systems for detecting return-oriented programming (ROP) exploits are disclosed. A system includes a processor, a main memory, and a cache memory. A cache monitor develops an instruction loading profile by monitoring accesses to cached instructions found in the cache memory and misses to instructions not currently in the cache memory. A remedial action unit terminates execution of one or more of the valid code sequences if the instruction loading profile is indicative of execution of an ROP exploit involving one or more valid code sequences. The instruction loading profile may be a hit/miss ratio derived from monitoring cache hits relative to cache misses. The ROP exploits may include code snippets that each include an executable instruction and a return instruction from valid code sequences. |
| 申请公布号 |
US8839429(B2) |
申请公布日期 |
2014.09.16 |
| 申请号 |
US201113290932 |
申请日期 |
2011.11.07 |
| 申请人 |
QUALCOMM Incorporated |
发明人 |
Komaromy Daniel;Gantman Alex;Rosenberg Brian M.;Balakrishnan Arun;Ge Renwei;Rose Gregory G.;Palanigounder Anand |
| 分类号 |
G06F11/30;G06F12/14;G06F21/52;G06F21/56;G06F21/55;G06F11/34;G06F12/08 |
主分类号 |
G06F11/30 |
| 代理机构 |
|
代理人 |
Kim Won Tae |
| 主权项 |
1. A method operational in a processing circuit including cache memory, comprising:
loading at least portions of an executable code sequence in the cache memory; performing instruction fetches of the executable code sequence from the cache memory; detecting one or more instruction fetch cache misses in response to the instruction fetches, where an individual instruction fetch cache miss represents a fetched instruction absent from the cache memory for a corresponding instruction fetch of the executable code sequence; and monitoring the instruction fetches relative to the one or more instruction fetch cache misses in order to dynamically detect anomalous instruction fetch cache miss activity. |
| 地址 |
San Diego CA US |
