-
1.发明授权Methods, devices, and systems for detecting return oriented programming exploits 有权用于检测返回导向编程漏洞的方法,设备和系统公开(公告)号:US09262627B2
公开(公告)日:2016-02-16
申请号:US14473736
申请日:2014-08-29
发明人: Daniel Komaromy , Alexander Gantman , Brian Rosenberg , Arun Balakrishnan , Renwei Ge , Gregory Rose , Anand Palanigounder
CPC分类号: G06F21/52 , G06F11/3037 , G06F11/3466 , G06F12/0811 , G06F12/0848 , G06F12/0875 , G06F12/14 , G06F21/554 , G06F21/566 , G06F2212/452
摘要: Methods, devices, and systems for detecting return-oriented programming (ROP) exploits are disclosed. A system includes a processor, a main memory, and a cache memory. A cache monitor develops an instruction loading profile by monitoring accesses to cached instructions found in the cache memory and misses to instructions not currently in the cache memory. A remedial action unit terminates execution of one or more of the valid code sequences if the instruction loading profile is indicative of execution of an ROP exploit involving one or more valid code sequences. The instruction loading profile may be a hit/miss ratio derived from monitoring cache hits relative to cache misses. The ROP exploits may include code snippets that each include an executable instruction and a return instruction from valid code sequences.
摘要翻译: 公开了用于检测返回式编程(ROP)漏洞的方法,设备和系统。 系统包括处理器,主存储器和高速缓冲存储器。 高速缓存监视器通过监视对高速缓冲存储器中发现的高速缓存指令的访问来开发指令加载简档,并且错过当前不在高速缓冲存储器中的指令。 如果指令加载简档指示涉及一个或多个有效代码序列的ROP利用的执行,补救动作单元终止一个或多个有效代码序列的执行。 指令加载简档可以是相对于高速缓存未命中从监视高速缓存命中得到的命中/未命中比率。 ROP利用可能包括代码段,每个代码片段都包含可执行指令和来自有效代码序列的返回指令。
搜索结果
1 条记录 (耗时 0.011 秒)
