公开(公告)号：US20160110542A1

公开(公告)日：2016-04-21

申请号：US14518507

申请日：2014-10-20

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Ravi L. Sahita ,  Yuriy Bulygin ,  Xiaoning Li ,  Jason W. Brandt

IPC: G06F21/54 ,  G06F21/56

CPC classification number: G06F21/52

Abstract: In one embodiment, a processor comprises: a first register to store a first bound value for a stack to be stored in a memory; a second register to store a second bound value for the stack; a checker logic to determine, prior to an exit point at a conclusion of a function to be executed on the processor, whether a value of a stack pointer is within a range between the first bound value and the second bound value; and a logic to prevent a return to a caller of the function if the stack pointer value is not within the range. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，处理器包括：第一寄存器，用于存储要存储在存储器中的堆栈的第一绑定值; 第二寄存器，用于存储堆栈的第二绑定值; 检查器逻辑，用于在处理器执行的函数的结论处的退出点之前确定堆栈指针的值是否在所述第一绑定值和所述第二绑定值之间的范围内; 并且如果堆栈指针值不在该范围内，则阻止返回到函数的调用者的逻辑。 描述和要求保护其他实施例。

公开(公告)号：US09251348B2

公开(公告)日：2016-02-02

申请号：US13799663

申请日：2013-03-13

Applicant: Intel Corporation

Inventor： Stephen A. Fischer ,  Kevin C. Gotze ,  Yuriy Bulygin ,  Kirk D. Brannock

IPC: G06F21/50 ,  G06F21/56

CPC classification number: G06F21/552 ,  G06F9/30145 ,  G06F21/566 ,  G06F2221/034

Abstract: In one embodiment, a processor includes at least one execution unit and Return Oriented Programming (ROP) detection logic. The ROP detection logic may determine a ROP metric based on a plurality of control transfer events. The ROP detection logic may also determine whether the ROP metric exceeds a threshold. The ROP detection logic may also, in response to a determination that the ROP metric exceeds the threshold, provide a ROP attack notification.

公开(公告)号：US20150220927A1

公开(公告)日：2015-08-06

申请号：US14129543

申请日：2013-09-25

Applicant: Ned M. SMITH ,  Thomas J. SAWICKI ,  Rajiv MATHUR ,  Tolga ACAR ,  Yuriy BULYGIN ,  Thomas G. WILLIS ,  Intel Corporation

Inventor： Ned M. Smith ,  Thomas J. Sawicki ,  Rajiv Mathur ,  Tolga Acar ,  Yuriy Bulygin ,  Thomas G. Willis

IPC: G06Q20/40 ,  H04L29/08

CPC classification number: G06Q20/4016 ,  G06Q30/06 ,  G06Q40/08 ,  H04L67/10

Abstract: Techniques and mechanisms to provide indemnification for a transaction involving communications between networked devices. In an embodiment, attestation logic of a first device sends to a second device attestation information to indicate a trustworthiness level of first device. Based on the attestation information, indemnification logic of the second device determines an indemnification value representing a cost of an indemnification for a first transaction. Indemnification logic of the first device receives the indemnification value and determines, based on the indemnification value, whether a participation in the transaction is to take place.

Abstract translation: 为涉及网络设备之间通信的交易提供赔偿的技术和机制。 在一个实施例中，第一设备的认证逻辑发送到第二设备认证信息以指示第一设备的可信赖级别。 基于认证信息，第二设备的赔偿逻辑确定代表第一交易的赔偿成本的赔偿价值。 第一设备的赔偿逻辑接收赔偿价值，并根据赔偿价值确定是否要进行交易。

公开(公告)号：US20190050566A1

公开(公告)日：2019-02-14

申请号：US15966358

申请日：2018-04-30

Applicant: Intel Corporation

Inventor： Michael LeMay ,  Ravi L. Sahita ,  Beeman C. Strong ,  Thilo Schmitt ,  Yuriy Bulygin ,  Markus T. Metzger

IPC: G06F21/56 ,  G06F21/52 ,  G06F21/44

Abstract: Technologies for control flow exploit mitigation include a computing device having a processor with real-time instruction tracing support. During execution of a process, the processor generates trace data indicative of control flow of the process. The computing device analyzes the trace data to identify suspected control flow exploits. The computing device may use heuristic algorithms to identify return-oriented programming exploits. The computing device may maintain a shadow stack based on the trace data. The computing device may identify indirect branches to unauthorized addresses based on the trace data to identify jump-oriented programming exploits. The computing device may check the trace data whenever the process is preempted. The processor may detect mispredicted return instructions in real time and invoke a software handler in the process space of the process to verify and maintain the shadow stack. Other embodiments are described and claimed.

公开(公告)号：US09946875B2

公开(公告)日：2018-04-17

申请号：US15398930

申请日：2017-01-05

Applicant: Intel Corporation

Inventor： Stephen A. Fischer ,  Kevin C. Gotze ,  Yuriy Bulygin ,  Kirk D. Brannock

IPC: G06F21/50 ,  G06F21/55 ,  G06F21/56 ,  G06F9/30

CPC classification number: G06F21/552 ,  G06F9/30145 ,  G06F21/566 ,  G06F2221/034

Abstract: In one embodiment, a processor includes at least one execution unit and Return Oriented Programming (ROP) detection logic. The ROP detection logic may determine a ROP metric based on a plurality of control transfer events. The ROP detection logic may also determine whether the ROP metric exceeds a threshold. The ROP detection logic may also, in response to a determination that the ROP metric exceeds the threshold, provide a ROP attack notification.

公开(公告)号：US09223979B2

公开(公告)日：2015-12-29

申请号：US13664532

申请日：2012-10-31

Applicant: Intel Corporation

Inventor： Stephen A. Fischer ,  Kevin C. Gotze ,  Yuriy Bulygin ,  Kirk D. Brannock

IPC: G06F21/50 ,  G06F21/56

CPC classification number: G06F21/552 ,  G06F9/30145 ,  G06F21/566 ,  G06F2221/034

Abstract: In one embodiment, a processor includes at least one execution unit and Return Oriented Programming (ROP) detection logic. The ROP detection logic may determine a ROP metric based on a plurality of control transfer events. The ROP detection logic may also determine whether the ROP metric exceeds a threshold. The ROP detection logic may also, in response to a determination that the ROP metric exceeds the threshold, provide a ROP attack notification.

Abstract translation: 在一个实施例中，处理器包括至少一个执行单元和返回定向编程（ROP）检测逻辑。 ROP检测逻辑可以基于多个控制传送事件来确定ROP度量。 ROP检测逻辑还可以确定ROP度量是否超过阈值。 ROP检测逻辑还可以响应于ROP度量超过阈值的确定，提供ROP攻击通知。

公开(公告)号：US20170329961A1

公开(公告)日：2017-11-16

申请号：US15658699

申请日：2017-07-25

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Ravi L. Sahita ,  Yuriy Bulygin ,  Xiaoning Li ,  Jason W. Brandt

IPC: G06F21/52

CPC classification number: G06F21/52 ,  G06F9/30021 ,  G06F9/30054 ,  G06F9/30076 ,  G06F9/30134 ,  G06F9/3861 ,  G06F9/4484

Abstract: In one embodiment, a processor comprises: a first register to store a first bound value for a stack to be stored in a memory; a second register to store a second bound value for the stack; a checker logic to determine, prior to an exit point at a conclusion of a function to be executed on the processor, whether a value of a stack pointer is within a range between the first bound value and the second bound value; and a logic to prevent a return to a caller of the function if the stack pointer value is not within the range. Other embodiments are described and claimed.

公开(公告)号：US09767272B2

公开(公告)日：2017-09-19

申请号：US14518507

申请日：2014-10-20

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Ravi L. Sahita ,  Yuriy Bulygin ,  Xiaoning Li ,  Jason W. Brandt

IPC: G06F21/00 ,  G06F21/52

CPC classification number: G06F21/52

Abstract: In one embodiment, a processor comprises: a first register to store a first bound value for a stack to be stored in a memory; a second register to store a second bound value for the stack; a checker logic to determine, prior to an exit point at a conclusion of a function to be executed on the processor, whether a value of a stack pointer is within a range between the first bound value and the second bound value; and a logic to prevent a return to a caller of the function if the stack pointer value is not within the range. Other embodiments are described and claimed.

公开(公告)号：US09582663B2

公开(公告)日：2017-02-28

申请号：US14960709

申请日：2015-12-07

Applicant: Intel Corporation

Inventor： Stephen A. Fischer ,  Kevin C. Gotze ,  Yuriy Bulygin ,  Kirk D. Brannock

IPC: G06F21/50 ,  G06F21/55 ,  G06F21/56 ,  G06F9/30

CPC classification number: G06F21/552 ,  G06F9/30145 ,  G06F21/566 ,  G06F2221/034

Abstract: In one embodiment, a processor includes at least one execution unit and Return Oriented Programming (ROP) detection logic. The ROP detection logic may determine a ROP metric based on a plurality of control transfer events. The ROP detection logic may also determine whether the ROP metric exceeds a threshold. The ROP detection logic may also, in response to a determination that the ROP metric exceeds the threshold, provide a ROP attack notification.

Abstract translation: 在一个实施例中，处理器包括至少一个执行单元和返回定向编程（ROP）检测逻辑。 ROP检测逻辑可以基于多个控制传送事件来确定ROP度量。 ROP检测逻辑还可以确定ROP度量是否超过阈值。 ROP检测逻辑还可以响应于ROP度量超过阈值的确定，提供ROP攻击通知。

公开(公告)号：US10445494B2

公开(公告)日：2019-10-15

申请号：US15658699

申请日：2017-07-25

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Ravi L. Sahita ,  Yuriy Bulygin ,  Xiaoning Li ,  Jason W. Brandt

IPC: G06F21/00 ,  G06F21/52 ,  G06F9/30 ,  G06F9/38 ,  G06F9/448

Abstract: In one embodiment, a processor comprises: a first register to store a first bound value for a stack to be stored in a memory; a second register to store a second bound value for the stack; a checker logic to determine, prior to an exit point at a conclusion of a function to be executed on the processor, whether a value of a stack pointer is within a range between the first bound value and the second bound value; and a logic to prevent a return to a caller of the function if the stack pointer value is not within the range. Other embodiments are described and claimed.