DK3738058T3 - Forsvar mod spekulativ eksekveringsudnyttelse - Google Patents
Forsvar mod spekulativ eksekveringsudnyttelse Download PDFInfo
- Publication number
- DK3738058T3 DK3738058T3 DK19703458.0T DK19703458T DK3738058T3 DK 3738058 T3 DK3738058 T3 DK 3738058T3 DK 19703458 T DK19703458 T DK 19703458T DK 3738058 T3 DK3738058 T3 DK 3738058T3
- Authority
- DK
- Denmark
- Prior art keywords
- exploitation
- defense against
- speculative execution
- against speculative
- execution
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/30003—Arrangements for executing specific machine instructions
- G06F9/30076—Arrangements for executing specific machine instructions to perform miscellaneous control operations, e.g. NOP
- G06F9/30087—Synchronisation or serialisation instructions
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/38—Concurrent instruction execution, e.g. pipeline or look ahead
- G06F9/3836—Instruction issuing, e.g. dynamic instruction scheduling or out of order instruction execution
- G06F9/3842—Speculative instruction execution
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/38—Concurrent instruction execution, e.g. pipeline or look ahead
- G06F9/3861—Recovery, e.g. branch miss-prediction, exception handling
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computing Systems (AREA)
- Advance Control (AREA)
- Executing Machine-Instructions (AREA)
- Memory System Of A Hierarchy Structure (AREA)
- Storage Device Security (AREA)
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US201862616786P | 2018-01-12 | 2018-01-12 | |
| US201862618508P | 2018-01-17 | 2018-01-17 | |
| PCT/US2019/013318 WO2019140274A1 (en) | 2018-01-12 | 2019-01-11 | Defending against speculative execution exploits |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| DK3738058T3 true DK3738058T3 (da) | 2023-02-20 |
Family
ID=65279673
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| DK19703458.0T DK3738058T3 (da) | 2018-01-12 | 2019-01-11 | Forsvar mod spekulativ eksekveringsudnyttelse |
Country Status (5)
| Country | Link |
|---|---|
| US (1) | US12045322B2 (da) |
| EP (1) | EP3738058B1 (da) |
| JP (1) | JP7284761B2 (da) |
| DK (1) | DK3738058T3 (da) |
| WO (1) | WO2019140274A1 (da) |
Families Citing this family (65)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DK3738058T3 (da) | 2018-01-12 | 2023-02-20 | Virsec Systems Inc | Forsvar mod spekulativ eksekveringsudnyttelse |
| US11372972B2 (en) * | 2018-03-19 | 2022-06-28 | Intel Corporation | Side-channel exploit detection |
| US10810304B2 (en) * | 2018-04-16 | 2020-10-20 | International Business Machines Corporation | Injecting trap code in an execution path of a process executing a program to generate a trap address range to detect potential malicious code |
| US11003777B2 (en) * | 2018-04-16 | 2021-05-11 | International Business Machines Corporation | Determining a frequency at which to execute trap code in an execution path of a process executing a program to generate a trap address range to detect potential malicious code |
| US11797665B1 (en) * | 2018-06-28 | 2023-10-24 | Advanced Micro Devices, Inc. | Protection against branch target buffer poisoning by a management layer |
| US10691594B2 (en) * | 2018-06-29 | 2020-06-23 | Intel Corporation | Selective execution of cache line flush operations |
| WO2020041473A1 (en) * | 2018-08-21 | 2020-02-27 | The Regents Of The University Of Michigan | Computer system with moving target defenses against vulnerability attacks |
| GB2578098B (en) * | 2018-10-15 | 2021-02-10 | Advanced Risc Mach Ltd | Executing branch instructions following a speculation barrier instruction |
| US11635965B2 (en) | 2018-10-31 | 2023-04-25 | Intel Corporation | Apparatuses and methods for speculative execution side channel mitigation |
| US11392698B2 (en) * | 2019-03-15 | 2022-07-19 | Intel Corporation | Active side-channel attack prevention |
| WO2021046811A1 (zh) * | 2019-09-12 | 2021-03-18 | 奇安信安全技术(珠海)有限公司 | 一种攻击行为的判定方法、装置及计算机存储介质 |
| US11403394B2 (en) * | 2019-09-17 | 2022-08-02 | International Business Machines Corporation | Preventing selective events of a computing environment |
| CN111241599B (zh) * | 2019-09-19 | 2022-08-23 | 中国科学院信息工程研究所 | 一种处理器芯片安全依赖的动态识别及维护方法 |
| US20210096872A1 (en) * | 2019-09-27 | 2021-04-01 | Intel Corporation | Hardware for eliding security checks when deemed safe during speculative execution |
| US11775635B2 (en) * | 2019-12-23 | 2023-10-03 | Nec Corporation | Autonomous detection of cache-based side-channel attacks |
| CN111158736B (zh) * | 2019-12-25 | 2023-04-28 | 北京珞安科技有限责任公司 | 一种智能捕获windows操作系统补丁更新文件的方法 |
| CN111381903B (zh) * | 2020-03-18 | 2023-05-26 | 支付宝(杭州)信息技术有限公司 | 程序运行方法、装置、设备及介质 |
| US11029957B1 (en) * | 2020-03-27 | 2021-06-08 | Intel Corporation | Apparatuses, methods, and systems for instructions to compartmentalize code |
| US20210264020A1 (en) * | 2020-05-08 | 2021-08-26 | Intel Corporation | Technology to control system call invocations within a single address space |
| US20210365554A1 (en) * | 2020-05-25 | 2021-11-25 | Eta Scale Ab | Securing computing systems against microarchitectural replay attacks |
| US12093396B2 (en) * | 2020-07-16 | 2024-09-17 | Bank Of America Corporation | System and method for associating a common vulnerability and exposures (CVE) with a computing device and applying a security patch |
| CN111859375B (zh) * | 2020-07-20 | 2023-08-29 | 百度在线网络技术(北京)有限公司 | 漏洞检测方法、装置、电子设备及存储介质 |
| WO2022031816A1 (en) * | 2020-08-04 | 2022-02-10 | Ampere Computing Llc | Mitigation of return stack buffer side channel attacks in a processor |
| US20220091851A1 (en) * | 2020-09-23 | 2022-03-24 | Intel Corporation | System, Apparatus And Methods For Register Hardening Via A Micro-Operation |
| US11783050B2 (en) * | 2020-11-13 | 2023-10-10 | Centaur Technology, Inc. | Spectre fixes with predictor mode tag |
| CN112613039B (zh) * | 2020-12-10 | 2022-09-09 | 成都海光微电子技术有限公司 | 一种针对幽灵漏洞的性能优化方法及装置 |
| CN112596792B (zh) * | 2020-12-17 | 2022-10-28 | 海光信息技术股份有限公司 | 分支预测方法、装置、介质及设备 |
| US20220207138A1 (en) * | 2020-12-26 | 2022-06-30 | Intel Corporation | Hardening store hardware against speculation vulnerabilities |
| US20220207147A1 (en) * | 2020-12-26 | 2022-06-30 | Intel Corporation | Hardening registers against speculation vulnerabilities |
| US11687440B2 (en) * | 2021-02-02 | 2023-06-27 | Thales Dis Cpl Usa, Inc. | Method and device of protecting a first software application to generate a protected software application |
| US11687361B1 (en) * | 2021-02-23 | 2023-06-27 | Rapid7, Inc. | Generating thread sensors for extracting side channel information from multithreading processors |
| US11539503B2 (en) | 2021-03-03 | 2022-12-27 | Red Hat, Inc. | Container management for cryptanalysis attack protection |
| CN113127880A (zh) * | 2021-03-25 | 2021-07-16 | 华东师范大学 | 一种一级数据缓存中推测执行侧信道漏洞检测方法 |
| US11681794B2 (en) * | 2021-04-07 | 2023-06-20 | Oracle International Corporation | ASLR bypass |
| US12004013B2 (en) * | 2021-05-18 | 2024-06-04 | Microsoft Technology Licensing, Llc | Techniques for adaptively allocating resources in a cloud-computing environment |
| US11956672B2 (en) | 2021-05-18 | 2024-04-09 | Microsoft Technology Licensing, Llc | Techniques for adaptively determining cell boundary in wireless communications |
| CN113885887B (zh) * | 2021-06-18 | 2025-07-29 | 中国科学院信息工程研究所 | 一种并发应用运行时加固方法与装置 |
| US12585493B2 (en) | 2021-07-31 | 2026-03-24 | International Business Machines Corporation | Automated synthesis of reference policies for runtime microservice protection |
| US12135789B2 (en) * | 2021-08-04 | 2024-11-05 | Secureworks Corp. | Systems and methods of attack type and likelihood prediction |
| US20230057623A1 (en) * | 2021-08-23 | 2023-02-23 | Intel Corporation | Issue, execution, and backend driven frontend translation control for performant and secure data-space guided micro-sequencing |
| CN113779649B (zh) * | 2021-09-08 | 2023-07-14 | 中国科学院上海高等研究院 | 一种针对投机执行攻击的防御方法 |
| US12034751B2 (en) | 2021-10-01 | 2024-07-09 | Secureworks Corp. | Systems and methods for detecting malicious hands-on-keyboard activity via machine learning |
| US20230129259A1 (en) * | 2021-10-26 | 2023-04-27 | Arms Cyber Defense, Inc. | Software defined randomization for the mitigation of unknown vulnerabilities |
| US11914524B2 (en) * | 2022-03-01 | 2024-02-27 | Qualcomm Incorporated | Latency management in synchronization events |
| US12556566B2 (en) | 2022-05-11 | 2026-02-17 | Secureworks Corp. | Systems and methods for dynamic vulnerability scoring |
| US12015623B2 (en) | 2022-06-24 | 2024-06-18 | Secureworks Corp. | Systems and methods for consensus driven threat intelligence |
| CN117521053A (zh) * | 2022-07-27 | 2024-02-06 | 阿里巴巴(中国)有限公司 | 处理器及其攻击检测方法 |
| US12147536B1 (en) * | 2022-07-27 | 2024-11-19 | Specialized Security Services LLC | Exploit detection tools for chipsets |
| US12493469B1 (en) | 2023-08-30 | 2025-12-09 | Ventana Micro Systems Inc. | Microprocessor that extends sequential multi-fetch block macro-op cache entries |
| US12493466B1 (en) | 2023-08-30 | 2025-12-09 | Ventana Micro Systems Inc. | Microprocessor that builds inconsistent loop that iteration count unrolled loop multi-fetch block macro-op cache entries |
| US12498928B1 (en) | 2023-08-30 | 2025-12-16 | Ventana Micro Systems Inc. | Microprocessor that builds multi-fetch block macro-op cache entries in two-stage process |
| US12498929B1 (en) * | 2022-11-03 | 2025-12-16 | Ventana Micro Systems Inc. | Microprocessor that performs partial fallback abort processing of multi-fetch block macro-op cache entries |
| US12498927B1 (en) | 2023-08-30 | 2025-12-16 | Ventana Micro Systems Inc. | Microprocessor that allows same-fetch block start address co-residence of unrolled loop multi-fetch block macro-op cache entry and loop body macro-op cache entry used to build same |
| US12609969B2 (en) | 2022-11-03 | 2026-04-21 | Secureworks Corp. | Systems and methods for detecting security threats |
| US12498926B1 (en) | 2023-08-30 | 2025-12-16 | Ventana Micro Systems Inc. | Microprocessor that builds consistent loop iteration count unrolled loop multi-fetch block macro-op cache entries |
| CN116415256B (zh) * | 2023-04-14 | 2026-04-17 | 北京邮电大学 | 一种处理器分支预测攻击漏洞形式化验证方法 |
| US12487926B1 (en) | 2023-08-30 | 2025-12-02 | Ventana Micro Systems Inc. | Prediction unit that predicts branch history update information produced by multi-fetch block macro-op cache entry |
| US12498933B1 (en) | 2023-08-30 | 2025-12-16 | Ventana Micro Systems Inc. | Prediction unit that predicts successor fetch block start address of multi-fetch block macro-op cache entry |
| US12493468B1 (en) | 2023-08-30 | 2025-12-09 | Ventana Micro Systems Inc. | Microprocessor that performs mid-macro-op cache entry restart abort processing |
| CN117473530B (zh) * | 2023-11-08 | 2024-10-25 | 上海交通大学 | 基于可信执行环境的轻量级可信度量系统及方法 |
| US12554833B2 (en) | 2024-01-30 | 2026-02-17 | International Business Machines Corporation | Performance monitoring unit for transient instruction execution |
| US12517732B2 (en) * | 2024-03-22 | 2026-01-06 | Tenstorrent USA, Inc. | Processor with one or more progressive conservative execution modes |
| CN118051906B (zh) * | 2024-04-16 | 2024-08-06 | 南湖实验室 | 一种基于数据标记的抗侧信道安全计算方法及系统 |
| US20250363214A1 (en) * | 2024-05-23 | 2025-11-27 | Google Llc | Detecting malware by modifying executable code |
| CN119473401B (zh) * | 2024-10-25 | 2025-09-30 | 海光信息技术股份有限公司 | 数据处理方法、分支预测器及相关设备 |
Family Cites Families (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6898696B1 (en) * | 1999-06-14 | 2005-05-24 | International Business Machines Corporation | Method and system for efficiently restoring a processor's execution state following an interrupt caused by an interruptible instruction |
| US6748589B1 (en) * | 1999-10-20 | 2004-06-08 | Transmeta Corporation | Method for increasing the speed of speculative execution |
| US20040123081A1 (en) * | 2002-12-20 | 2004-06-24 | Allan Knies | Mechanism to increase performance of control speculation |
| US20040225870A1 (en) * | 2003-05-07 | 2004-11-11 | Srinivasan Srikanth T. | Method and apparatus for reducing wrong path execution in a speculative multi-threaded processor |
| US20050066311A1 (en) * | 2003-09-22 | 2005-03-24 | International Business Machines Corporation | Autonomic execution tracking and correction of functions |
| US7100205B2 (en) * | 2003-10-22 | 2006-08-29 | The United States Of America As Represented By The Secretary Of The Navy | Secure attention instruction central processing unit and system architecture |
| US7500087B2 (en) * | 2004-03-09 | 2009-03-03 | Intel Corporation | Synchronization of parallel processes using speculative execution of synchronization instructions |
| US20060168432A1 (en) * | 2005-01-24 | 2006-07-27 | Paul Caprioli | Branch prediction accuracy in a processor that supports speculative execution |
| US20090089564A1 (en) * | 2006-12-06 | 2009-04-02 | Brickell Ernie F | Protecting a Branch Instruction from Side Channel Vulnerabilities |
| US8141163B2 (en) * | 2007-07-31 | 2012-03-20 | Vmware, Inc. | Malicious code detection |
| US7971248B2 (en) * | 2007-08-15 | 2011-06-28 | Microsoft Corporation | Tolerating and detecting asymmetric races |
| US8402541B2 (en) * | 2009-03-12 | 2013-03-19 | Microsoft Corporation | Proactive exploit detection |
| US9015829B2 (en) * | 2009-10-20 | 2015-04-21 | Mcafee, Inc. | Preventing and responding to disabling of malware protection software |
| US8555040B2 (en) * | 2010-05-24 | 2013-10-08 | Apple Inc. | Indirect branch target predictor that prevents speculation if mispredict is expected |
| US8782434B1 (en) * | 2010-07-15 | 2014-07-15 | The Research Foundation For The State University Of New York | System and method for validating program execution at run-time |
| US9058492B1 (en) | 2011-02-14 | 2015-06-16 | Symantec Corporation | Techniques for reducing executable code vulnerability |
| US8862861B2 (en) | 2011-05-13 | 2014-10-14 | Oracle International Corporation | Suppressing branch prediction information update by branch instructions in incorrect speculative execution path |
| US9256552B2 (en) * | 2011-11-21 | 2016-02-09 | Cisco Technology, Inc. | Selective access to executable memory |
| US9183396B2 (en) * | 2012-05-21 | 2015-11-10 | Carnegie Mellon University | Detecting exploitable bugs in binary code |
| US9436603B1 (en) * | 2014-02-27 | 2016-09-06 | Amazon Technologies, Inc. | Detection and mitigation of timing side-channel attacks |
| US20150379268A1 (en) * | 2014-06-27 | 2015-12-31 | Prabhat Singh | System and method for the tracing and detection of malware |
| US9930065B2 (en) * | 2015-03-25 | 2018-03-27 | University Of Georgia Research Foundation, Inc. | Measuring, categorizing, and/or mitigating malware distribution paths |
| US20160350116A1 (en) * | 2015-05-29 | 2016-12-01 | Qualcomm Incorporated | Mitigating wrong-path effects in branch prediction |
| DE102015112143B4 (de) * | 2015-07-24 | 2017-04-06 | Infineon Technologies Ag | Ein Verfahren zum Bestimmen einer Integrität einer Ausführung eines Codefragments und ein Verfahren zum Bereitstellen einer abstrahierten Repräsentation eines Programmcodes |
| EP3472746B1 (en) | 2016-06-16 | 2020-05-13 | Virsec Systems, Inc. | Systems and methods for remediating memory corruption in a computer application |
| DK3738058T3 (da) | 2018-01-12 | 2023-02-20 | Virsec Systems Inc | Forsvar mod spekulativ eksekveringsudnyttelse |
| US11755731B2 (en) * | 2020-07-23 | 2023-09-12 | Ventana Micro Systems Inc. | Processor that prevents speculative execution across translation context change boundaries to mitigate side channel attacks |
-
2019
- 2019-01-11 DK DK19703458.0T patent/DK3738058T3/da active
- 2019-01-11 JP JP2020538703A patent/JP7284761B2/ja active Active
- 2019-01-11 WO PCT/US2019/013318 patent/WO2019140274A1/en not_active Ceased
- 2019-01-11 EP EP19703458.0A patent/EP3738058B1/en active Active
- 2019-01-11 US US16/960,960 patent/US12045322B2/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| US12045322B2 (en) | 2024-07-23 |
| EP3738058B1 (en) | 2022-11-23 |
| US20200372129A1 (en) | 2020-11-26 |
| EP3738058A1 (en) | 2020-11-18 |
| JP2021511571A (ja) | 2021-05-06 |
| JP7284761B2 (ja) | 2023-05-31 |
| WO2019140274A1 (en) | 2019-07-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| DK3738058T3 (da) | Forsvar mod spekulativ eksekveringsudnyttelse | |
| IL281348A (en) | Combination therapies | |
| IL281344A (en) | Combination therapies | |
| EP3728982C0 (en) | AMMUNITION LOADER | |
| DK4018074T3 (da) | Borebrøndindretning | |
| IL258729A (en) | Nano-satellite | |
| EP3876986A4 (en) | Targeted immunotolerance | |
| EP3699364A4 (en) | SHOVEL | |
| DK3737403T3 (da) | Modificerede adenovira | |
| EP3770335A4 (en) | Shovel | |
| EP3680508A4 (en) | BUSH | |
| EP3951090A4 (en) | Shovel | |
| DK3721166T3 (da) | Projektil | |
| EP3677506A4 (en) | Flying body | |
| EP3838358A4 (en) | MULTIDIRECTIONAL THROWER | |
| DK3582629T3 (da) | Marinade | |
| EP3660228A4 (en) | SHOVEL | |
| EP3594414A4 (en) | Shovel | |
| EP3864069C0 (de) | Polyketoncompound | |
| EP3587676A4 (en) | SHOVEL | |
| EP3951100A4 (en) | Shovel | |
| DK3790870T3 (da) | Cyclopentanforbindelser | |
| EP3896227A4 (en) | FENDER STRUCTURE | |
| DK3626317T3 (da) | Mål | |
| DK3755872T3 (da) | Borehulsindretning |