公开(公告)号：US20190228149A1

公开(公告)日：2019-07-25

申请号：US16367530

申请日：2019-03-28

Applicant: Samsung Electronics Co., Ltd.

Inventor： James GLEESON ,  Ahmed AZAB ,  Wenbo SHEN ,  Rohan BHUTKAR

IPC: G06F21/55 ,  G06F21/57 ,  G06F21/12

Abstract: An apparatus and a method for protecting kernel control-flow integrity using static binary instrumentation are provided. The method includes configuring a compiler to reserve a register in a processor, compiling source code into a binary based on the configured compiler, and modifying the binary to prevent exploits using the reserved register, wherein the reserved register stores a first encryption key for encrypting and decrypting return addresses. The reserved register stores an encryption key that is used to encrypt and decrypt return addresses to prevent control flow exploits.

公开(公告)号：US20170140148A1

公开(公告)日：2017-05-18

申请号：US15340447

申请日：2016-11-01

Applicant: Samsung Electronics Co., Ltd.

Inventor： James GLEESON ,  Ahmed AZAB ,  Wenbo SHEN ,  Rohan BHUTKAR

IPC: G06F21/55 ,  G06F21/12 ,  G06F21/57

CPC classification number: G06F21/556 ,  G06F8/41 ,  G06F21/125 ,  G06F21/57 ,  G06F2221/033

Abstract: An apparatus and a method for protecting kernel control-flow integrity using static binary instrumentation are provided. The method includes configuring a compiler to reserve a register in a processor, compiling source code into a binary based on the configured compiler, and modifying the binary to prevent exploits using the reserved register, wherein the reserved register stores a first encryption key for encrypting and decrypting return addresses. The reserved register stores an encryption key that is used to encrypt and decrypt return addresses to prevent control flow exploits.

公开(公告)号：US20150220455A1

公开(公告)日：2015-08-06

申请号：US14610423

申请日：2015-01-30

Applicant: Samsung Electronics Co., Ltd.

Inventor： Quan CHEN ,  Ahmed AZAB ,  Peng NING ,  Guruprasad GANESH

IPC: G06F12/14

CPC classification number: G06F12/1408 ,  G06F12/1416 ,  G06F12/1466 ,  G06F12/1483 ,  G06F21/53 ,  G06F21/6281 ,  G06F21/64 ,  G06F2212/1052

Abstract: An apparatus and method for protecting kernel data integrity in an electronic device are provided. The method includes mapping a specified type of data to a read-only memory area, detecting a write attempt to the specified type of data, determining whether a process attempting to write to the specified type of data is permitted according to a specified condition, and allowing the write attempt if the process attempting to write to the specified type of data satisfies the specified condition.

Abstract translation: 提供了一种用于保护电子设备中的内核数据完整性的装置和方法。 该方法包括将指定类型的数据映射到只读存储器区域，检测对指定类型的数据的写入尝试，确定是否根据指定条件允许尝试写入指定类型的数据的进程;以及 如果尝试写入指定类型的数据的进程满足指定条件，则允许写入尝试。