公开(公告)号：US11709675B2

公开(公告)日：2023-07-25

申请号：US17348576

申请日：2021-06-15

Applicant: Apple Inc.

Inventor： Filip J. Pizlo ,  Michael L. Saboff ,  Bernard J. Semeria ,  Jacques Fortier ,  Ivan Krstić ,  Yusuke Suzuki ,  Saam J. Barati ,  Yin Zin Mark Lam

IPC: G06F21/00 ,  G06F9/30 ,  G06F9/455 ,  H04L9/08 ,  G06F21/53

CPC classification number: G06F9/30054 ,  G06F9/45516 ,  G06F21/53 ,  H04L9/0894 ,  G06F2221/033

Abstract: In an embodiment, dynamically-generated code may be supported in the system by ensuring that the code either remains executing within a predefined region of memory or exits to one of a set of valid exit addresses. Software embodiments are described in which the dynamically-generated code is scanned prior to permitting execution of the dynamically-generated code to ensure that various criteria are met including exclusion of certain disallowed instructions and control of branch target addresses. Hardware embodiments are described in which the dynamically-generated code is permitted to executed but is monitored to ensure that the execution criteria are met.

公开(公告)号：US11860996B1

公开(公告)日：2024-01-02

申请号：US16376091

申请日：2019-04-05

Applicant: Apple Inc.

Inventor： Filip J. Pizlo ,  Yin Zin Mark Lam ,  Jean-Francois Bastien ,  Michael L. Saboff

IPC: G06F21/54 ,  G06F21/12 ,  G06F9/455 ,  G06F9/445 ,  G06F8/41

CPC classification number: G06F21/54 ,  G06F8/434 ,  G06F9/44568 ,  G06F9/45558 ,  G06F21/125 ,  G06F21/126 ,  G06F2009/45587

Abstract: Embodiments described herein provide for virtual machine (VM) based exploit mitigation techniques that can be used to harden web content frameworks and JavaScript Engines. Some embodiments described herein are also generally applicable to other system frameworks, libraries, and program code that executes on a processor that is vulnerable to an attack using a security exploit. Program code that implements the techniques described herein can prevent the use of security exploit attacks to bypass security properties within the program code.

公开(公告)号：US20230421354A1

公开(公告)日：2023-12-28

申请号：US18326910

申请日：2023-05-31

Applicant: Apple Inc.

Inventor： Yin Zin Mark Lam ,  Jeff Gonion

IPC: H04L9/06 ,  H04L9/32

CPC classification number: H04L9/0625 ,  H04L9/3247

Abstract: In an embodiment, a processor includes hardware circuitry which may be used to detect that a return address has been modified since it was generated. In response to detecting the modification, the processor may be configured to signal an exception or otherwise initiate error handling to prevent execution at the modified return address. In an embodiment, the processor may perform a cryptographic signature operation on the return address to generate a signed return address, and the signature may be verified before the address is used as a return target.

公开(公告)号：US20220138313A1

公开(公告)日：2022-05-05

申请号：US17348576

申请日：2021-06-15

Applicant: Apple Inc.

Inventor： Filip J. Pizlo ,  Michael L. Saboff ,  Bernard J. Semeria ,  Jacques Fortier ,  Ivan Krstic ,  Yusuke Suzuki ,  Saam J. Barati ,  Yin Zin Mark Lam

IPC: G06F21/53

Abstract: In an embodiment, dynamically-generated code may be supported in the system by ensuring that the code either remains executing within a predefined region of memory or exits to one of a set of valid exit addresses. Software embodiments are described in which the dynamically-generated code is scanned prior to permitting execution of the dynamically-generated code to ensure that various criteria are met including exclusion of certain disallowed instructions and control of branch target addresses. Hardware embodiments are described in which the dynamically-generated code is permitted to executed but is monitored to ensure that the execution criteria are met.