公开(公告)号：US20200081847A1

公开(公告)日：2020-03-12

申请号：US16564502

申请日：2019-09-09

Applicant: Apple Inc.

Inventor： Julien Oster ,  Thomas G. Holland ,  Bernard J. Semeria ,  Jason A. Harmening ,  Pierre-Olivier J. Martel ,  Gregory D. Hughes ,  P. Love Hornquist Astrand ,  Jacques Fortier ,  Ryan P. Nielson ,  Simon P. Cooper

IPC: G06F12/1009 ,  G06F21/62 ,  G06F9/455

Abstract: In an embodiment, a computer system comprises a page protection layer. The page protection layer may be the component in the system which manages the page tables for virtual to physical page mappings. Transactions to the page protection layer are used to create/manage mappings created in the page tables. The page protection layer may enforce dynamic security policies in the system (i.e. security policies that may not be enforced using only a static hardware configuration). In an embodiment, the page protection layer may ensure that it is the only component which is able to modify the page tables. The page protection layer may ensure than no component in the system is able to modify a page that is marked executable in any process' address space. The page protection may ensure that any page that is marked executable has code with a verified code signature, in an embodiment.

公开(公告)号：US20170024559A1

公开(公告)日：2017-01-26

申请号：US14807609

申请日：2015-07-23

Applicant: Apple Inc.

Inventor： Gregory D. Hughes ,  Conrado Blasco ,  Gerard R. Williams, III ,  Jacques Anthony Vidrine ,  Jeffry E. Gonion ,  Timothy R. Paaske ,  Tristan F. Schaap

IPC: G06F21/54

CPC classification number: G06F21/54

Abstract: Systems, apparatuses, methods, and computer-readable mediums for preventing return oriented programming (ROP) attacks. A compiler may insert landing pads adjacent to valid return targets in an instruction sequence. When a return instruction is executed, the processor may treat the return as suspicious if the target of the return instruction does not have an adjacent landing pad. Additionally, each landing pad may be encoded with a color, and a colored launch pad may be inserted into the instruction stream next to each return instruction. When a return instruction is executed, the processor may determine if the target of the return has a landing pad with the same color as the launch pad of the return instruction. Return-target pairs with color mismatches may be treated as suspicious and the offending process may be killed.

Abstract translation: 用于防止返回定向编程（ROP）攻击的系统，装置，方法和计算机可读介质。 编译器可以在指令序列中插入与有效返回目标相邻的着陆焊盘。 当执行返回指令时，如果返回指令的目标没有相邻的着陆垫，则处理器可以将返回值视为可疑。 此外，每个着陆垫可以用颜色编码，并且彩色的发射板可以插入每个返回指令旁边的指令流中。 当执行返回指令时，处理器可以确定返回目标是否具有与返回指令的发射台相同颜色的着陆键盘。 具有颜色不匹配的返回目标对可能被视为可疑的，并且违规进程可能被杀死。

公开(公告)号：US20200034527A1

公开(公告)日：2020-01-30

申请号：US16409654

申请日：2019-05-10

Applicant: Apple Inc.

Inventor： Jacques A. Vidrine ,  Nicholas C. Allegra ,  Simon P. Cooper ,  Gregory D. Hughes

IPC: G06F21/52 ,  G06F12/02

Abstract: A data processing system can use a method of fine-grained address space layout randomization to mitigate the system's vulnerability to return oriented programming security exploits. The randomization can occur at the sub-segment level by randomizing clumps of virtual memory pages. The randomized virtual memory can be presented to processes executing on the system. The mapping between memory spaces can be obfuscated using several obfuscation techniques to prevent the reverse engineering of the shuffled virtual memory mapping.

公开(公告)号：US10303885B2

公开(公告)日：2019-05-28

申请号：US15275000

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Gregory D. Hughes ,  Ivan Krstic ,  Oliver J. Hunt

IPC: G06F21/00 ,  G06F21/57 ,  G06F9/455 ,  G06F21/53 ,  G06F3/06 ,  G06F12/10

Abstract: Methods and systems for securely executing untrusted software are described. In one embodiment, two virtual memory mappings are used (one readable/writeable-RW and the other readable/executable-RX). In one embodiment, compiled software is used at run time through pointers to the RX virtual memory space and a compiler causes the storage of the compiled software in the RW virtual memory space through the use of an executable function (e.g. a memory copy like function) stored in an executable only memory region.

公开(公告)号：US11188638B2

公开(公告)日：2021-11-30

申请号：US16409654

申请日：2019-05-10

Applicant: Apple Inc.

Inventor： Jacques A. Vidrine ,  Nicholas C. Allegra ,  Simon P. Cooper ,  Gregory D. Hughes

IPC: G06F21/52 ,  G06F12/02

Abstract: A data processing system can use a method of fine-grained address space layout randomization to mitigate the system's vulnerability to return oriented programming security exploits. The randomization can occur at the sub-segment level by randomizing clumps of virtual memory pages. The randomized virtual memory can be presented to processes executing on the system. The mapping between memory spaces can be obfuscated using several obfuscation techniques to prevent the reverse engineering of the shuffled virtual memory mapping.

公开(公告)号：US10311227B2

公开(公告)日：2019-06-04

申请号：US14503195

申请日：2014-09-30

Applicant: Apple Inc.

Inventor： Gregory D. Hughes ,  Simon P. Cooper ,  Jacques A. Vidrine ,  Nicholas C. Allegra

IPC: G06F21/52 ,  G06F21/53 ,  G06F12/14

Abstract: A data processing system can use a method of fine-grained address space layout randomization to mitigate the system's vulnerability to return oriented programming security exploits. The randomization can occur at the sub-segment level by randomizing clumps of virtual memory pages. The randomized virtual memory can be presented to processes executing on the system. The mapping between memory spaces can be obfuscated using several obfuscation techniques to prevent the reverse engineering of the shuffled virtual memory mapping.

公开(公告)号：US20160092674A1

公开(公告)日：2016-03-31

申请号：US14503195

申请日：2014-09-30

Applicant: Apple Inc.

Inventor： Gregory D. Hughes ,  Simon P. Cooper ,  Jacques A. Vidrine ,  Nicholas C. Allegra

IPC: G06F21/52 ,  G06F21/53

CPC classification number: G06F21/52 ,  G06F21/53 ,  G06F2221/033

Abstract: A data processing system can use a method of fine-grained address space layout randomization to mitigate the system's vulnerability to return oriented programming security exploits. The randomization can occur at the sub-segment level by randomizing clumps of virtual memory pages. The randomized virtual memory can be presented to processes executing on the system. The mapping between memory spaces can be obfuscated using several obfuscation techniques to prevent the reverse engineering of the shuffled virtual memory mapping.

Abstract translation: 数据处理系统可以使用细粒度的地址空间布局随机化方法来减轻系统的漏洞，从而导致面向对象的编程安全漏洞。 随机化可以通过随机分组虚拟内存页面在子分段级别进行。 随机虚拟内存可以呈现给在系统上执行的进程。 可以使用几种混淆技术来模糊存储空间之间的映射，以防止混洗的虚拟内存映射的反向工程。

公开(公告)号：US11188477B2

公开(公告)日：2021-11-30

申请号：US16564502

申请日：2019-09-09

Applicant: Apple Inc.

Inventor： Julien Oster ,  Thomas G. Holland ,  Bernard J. Semeria ,  Jason A. Harmening ,  Pierre-Olivier J. Martel ,  Gregory D. Hughes ,  P. Love Hornquist Astrand ,  Jacques Fortier ,  Ryan P. Nielson ,  Simon P. Cooper

IPC: G06F12/1009 ,  G06F21/62 ,  G06F9/455

Abstract: In an embodiment, a computer system comprises a page protection layer. The page protection layer may be the component in the system which manages the page tables for virtual to physical page mappings. Transactions to the page protection layer are used to create/manage mappings created in the page tables. The page protection layer may enforce dynamic security policies in the system (i.e. security policies that may not be enforced using only a static hardware configuration). In an embodiment, the page protection layer may ensure that it is the only component which is able to modify the page tables. The page protection layer may ensure than no component in the system is able to modify a page that is marked executable in any process' address space. The page protection may ensure that any page that is marked executable has code with a verified code signature, in an embodiment.

公开(公告)号：US10311228B2

公开(公告)日：2019-06-04

申请号：US14503212

申请日：2014-09-30

Applicant: Apple Inc.

Inventor： Jacques A. Vidrine ,  Nicholas C. Allegra ,  Simon P. Cooper ,  Gregory D. Hughes

IPC: G06F21/52 ,  G06F12/02

Abstract: A data processing system can use a method of fine-grained address space layout randomization to mitigate the system's vulnerability to return oriented programming security exploits. The randomization can occur at the sub-segment level by randomizing clumps of virtual memory pages. The randomized virtual memory can be presented to processes executing on the system. The mapping between memory spaces can be obfuscated using several obfuscation techniques to prevent the reverse engineering of the shuffled virtual memory mapping.

公开(公告)号：US20170255780A1

公开(公告)日：2017-09-07

申请号：US15275000

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Gregory D. Hughes ,  Ivan Krstic ,  Oliver J. Hunt

IPC: G06F21/57 ,  G06F12/10 ,  G06F9/45 ,  G06F3/06 ,  G06F9/455 ,  G06F21/53

CPC classification number: G06F21/575 ,  G06F3/0622 ,  G06F3/0631 ,  G06F3/0634 ,  G06F3/065 ,  G06F9/4552 ,  G06F12/10 ,  G06F21/53 ,  G06F2212/1052 ,  G06F2221/033

Abstract: Methods and systems for securely executing untrusted software are described. In one embodiment, two virtual memory mappings are used (one readable/writeable-RW and the other readable/executable-RX). In one embodiment, compiled software is used at run time through pointers to the RX virtual memory space and a compiler causes the storage of the compiled software in the RW virtual memory space through the use of an executable function (e.g. a memory copy like function) stored in an executable only memory region.