公开(公告)号：IN3071CHN2014A

公开(公告)日：2015-07-31

申请号：IN3071CHN2014

申请日：2014-04-23

Applicant: QUALCOMM INC

Inventor： KOMAROMY DANIEL ,  GANTMAN ALEX ,  ROSENBERG BRIAN M ,  BALAKRISHNAN ARUN ,  GE RENWEI ,  ROSE GREGORY G ,  PALANIGOUNDER ANAND

IPC: G06F21/52

Abstract: Methods devices and systems for detecting return oriented programming (ROP) exploits are disclosed. A system includes a processor a main memory and a cache memory. A cache monitor develops an instruction loading profile by monitoring accesses to cached instructions found in the cache memory and misses to instructions not currently in the cache memory. A remedial action unit terminates execution of one or more of the valid code sequences if the instruction loading profile is indicative of execution of an ROP exploit involving one or more valid code sequences. The instruction loading profile may be a hit/miss ratio derived from monitoring cache hits relative to cache misses. The ROP exploits may include code snippets that each include an executable instruction and a return instruction from valid code sequences.

公开(公告)号：WO2013070773A3

公开(公告)日：2013-12-12

申请号：PCT/US2012063953

申请日：2012-11-07

Applicant: QUALCOMM INC

Inventor： KOMAROMY DANIEL ,  GANTMAN ALEX ,  ROSENBERG BRIAN M ,  BALAKRISHNAN ARUN ,  GE RENWEI ,  ROSE GREGORY G ,  PALANIGOUNDER ANAND

IPC: G06F21/52

CPC classification number: G06F21/52 ,  G06F11/3037 ,  G06F11/3466 ,  G06F12/0811 ,  G06F12/0848 ,  G06F12/0875 ,  G06F12/14 ,  G06F21/554 ,  G06F21/566 ,  G06F2212/452

Abstract: Methods, devices, and systems for detecting return-oriented programming (ROP) exploits are disclosed. A system includes a processor, a main memory, and a cache memory. A cache monitor develops an instruction loading profile by monitoring accesses to cached instructions found in the cache memory and misses to instructions not currently in the cache memory. A remedial action unit terminates execution of one or more of the valid code sequences if the instruction loading profile is indicative of execution of an ROP exploit involving one or more valid code sequences. The instruction loading profile may be a hit/miss ratio derived from monitoring cache hits relative to cache misses. The ROP exploits may include code snippets that each include an executable instruction and a return instruction from valid code sequences.

Abstract translation: 公开了用于检测返回式编程（ROP）漏洞的方法，设备和系统。 系统包括处理器，主存储器和高速缓冲存储器。 高速缓存监视器通过监视对高速缓冲存储器中发现的高速缓存指令的访问来开发指令加载简档，并且错过当前不在缓存存储器中的指令。 如果指令加载简档指示涉及一个或多个有效代码序列的ROP利用的执行，补救动作单元终止一个或多个有效代码序列的执行。 指令加载简档可以是相对于高速缓存未命中从监视高速缓存命中得到的命中/未命中比率。 ROP利用可能包括代码段，每个代码片段都包含可执行指令和来自有效代码序列的返回指令。