公开(公告)号：US10395033B2

公开(公告)日：2019-08-27

申请号：US15281825

申请日：2016-09-30

Applicant: Intel Corporation

Inventor： Tugrul Ince ,  Koichi Yamada ,  Ajay Harikumar ,  Alex Nayshtut

IPC: G06F21/56 ,  G06F11/36 ,  G06F21/52

Abstract: In one embodiment, a binary translator to perform binary translation of code is to: perform a first binary analysis of a first code block to determine whether a second control transfer instruction is included in the first code block, where the first code block includes a return target of a first control transfer instruction; perform a second binary analysis of a second code block to determine whether the second code block includes the first control transfer instruction, where the second code block includes a call target of the second control transfer instruction; and store an address pair associated with the first control transfer instruction in a whitelist if the second control transfer instruction is included in the first code block and the first control transfer instruction is included in the second code block. Other embodiments are described and claimed.

公开(公告)号：US20180096147A1

公开(公告)日：2018-04-05

申请号：US15281825

申请日：2016-09-30

Applicant: Intel Corporation

Inventor： Tugrul Ince ,  Koichi Yamada ,  Ajay Harikumar ,  Alex Nayshtut

IPC: G06F21/56 ,  G06F11/36 ,  G06F21/52

CPC classification number: G06F21/566 ,  G06F11/3604 ,  G06F21/52 ,  G06F2221/033

Abstract: In one embodiment, a binary translator to perform binary translation of code is to: perform a first binary analysis of a first code block to determine whether a second control transfer instruction is included in the first code block, where the first code block includes a return target of a first control transfer instruction; perform a second binary analysis of a second code block to determine whether the second code block includes the first control transfer instruction, where the second code block includes a call target of the second control transfer instruction; and store an address pair associated with the first control transfer instruction in a whitelist if the second control transfer instruction is included in the first code block and the first control transfer instruction is included in the second code block. Other embodiments are described and claimed.

公开(公告)号：US20220113952A1

公开(公告)日：2022-04-14

申请号：US17561544

申请日：2021-12-23

Applicant: Intel Corporation

Inventor： Tugrul Ince ,  Koichi Yamada

IPC: G06F8/52 ,  G06F9/455

Abstract: A disclosed example includes generating a binary translation of a native code section in response to a determination that the binary translation of the native code section is not present in a translation cache; storing the binary translation of the native code section in the translation cache; determining that a stop has occurred during the generation of the binary translation; subsequent to the determination that the stop has occurred, generating a binary translation state map of at least a portion of the binary translation; storing, for at least a portion of a duration of the stop, the binary translation state map in memory; and discarding the binary translation state map from the memory upon termination of the stop, the binary translation state map to not exist after the discard of the binary translation state map.

公开(公告)号：US10565379B2

公开(公告)日：2020-02-18

申请号：US15609369

申请日：2017-05-31

Applicant: Intel Corporation

Inventor： Koichi Yamada ,  Tugrul Ince ,  Paul A. Campbell ,  Jiunn-Yeu Chen

IPC: H04L29/06 ,  G06F21/56 ,  G06F21/55

Abstract: In one embodiment, an apparatus includes an execution monitor to monitor an application in execution, identify a code region, generate region information for the code region, and analyze the code region to identify potential malicious behavior, and if the potential malicious behavior is identified, to alert a security agent, and otherwise to enable the code region to execute, where the execution monitor is isolated from the application. Other embodiments are described and claimed.

公开(公告)号：US11210074B2

公开(公告)日：2021-12-28

申请号：US15194262

申请日：2016-06-27

Applicant: Intel Corporation

Inventor： Tugrul Ince ,  Koichi Yamada

IPC: G06F8/52 ,  G06F9/455

Abstract: The present disclosure is directed to a system for on-demand binary translation state map generation. Instead of interpreting the native code to be executed, binary translation circuitry (BT circuitry) may execute a binary translation (BT) in place of the native code. When a stop occurs (e.g., due to an interrupt, a modification of the native code, etc.), the BT circuitry may generate a binary translation state map (BT state map) that allows the location of the stop to be mapped back to the native code. Generation of the BT state map may involve determining a location and offset for the stop, performing region formation based on the location, loading instructions from the region (e.g., while accounting for the need to emulate instructions), forming the BT state map based at least on the size of the loaded instructions, and then mapping the stop back to the native code utilizing the offset.

公开(公告)号：US10162616B2

公开(公告)日：2018-12-25

申请号：US14752440

申请日：2015-06-26

Applicant: Intel Corporation

Inventor： Tugrul Ince ,  Koichi Yamada

IPC: G06F9/45 ,  G06F8/52 ,  G06F8/33 ,  G06F9/455 ,  G06F21/00

Abstract: The present disclosure is directed to a system for binary translation version protection. Activity occurring in a device that may potentially cause native code to be altered may cause the device to prevent binary translations corresponding to the native code from being executed until a determination is made as to whether the binary translation needs to be regenerated. The native code may be stored in a memory page having an access permission that does not permit writes. Attempts to alter the native code would require the access permission of the memory page to be set to writable, which may cause a binary translation (BT) module to be notified of the potential change. The BT module may mark any binary translations corresponding to the native code as stale, and may cause a page permission control module to update memory pages including the binary translations to have an access permission of non-executable.

公开(公告)号：US09477453B1

公开(公告)日：2016-10-25

申请号：US14748363

申请日：2015-06-24

Applicant: Intel Corporation

Inventor： Tugrul Ince ,  Koichi Yamada ,  Paul Caprioli ,  Jiwei Lu

IPC: G06F9/45 ,  G06F12/08

CPC classification number: G06F8/52 ,  G06F9/4486 ,  G06F12/08 ,  G06F2212/451

Abstract: Technologies for shadow stack management include a computing device that, when executing a translated call routine in a translated binary, pushes a native return address on to a native stack of the computing device, adds a constant offset to a stack pointer of the computing device, executes a native call instruction to a translated call target, and, after executing the native call instruction, subtracts the constant offset from the stack pointer. Executing the native call instruction pushes a translated return address onto a shadow stack of the computing device. The computing device may map two or more virtual memory pages of the shadow stack onto a single physical memory page. The computing device may execute a translated return routine that pops the native return address from the native stack, adds the constant offset to the stack pointer, and executes a native return instruction. Other embodiments are described and claimed.

Abstract translation: 用于阴影堆栈管理的技术包括计算设备，当在翻译的二进制文件中执行转换的调用例程时，将本地返回地址推送到计算设备的本机堆栈，向计算设备的堆栈指针添加恒定偏移量， 对转换后的呼叫目标执行本机调用指令，执行本地调用指令后，从堆栈指针中减去常量偏移量。 执行本地调用指令将转换后的返回地址推送到计算设备的影子栈上。 计算设备可以将阴影栈的两个或多个虚拟存储器页面映射到单个物理存储器页面上。 计算设备可以执行翻译的返回例程，其从本机堆栈弹出本地返回地址，将常量偏移量添加到堆栈指针，并执行本地返回指令。 描述和要求保护其他实施例。