Technologies for control flow exploit mitigation using processor trace

Assignee

• Intel Corporation · US

Inventors

• Michael LeMay · Hillsboro, US
• Ravi L. Sahita · Portland, US
• Beeman C. Strong · Portland, US
• Thilo Schmitt · Zell am Harmersbach, DE
• Yuriy Bulygin · Beaverton, US
• Markus T. Metzger · Ulm, DE

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/52
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Technologies for control flow exploit mitigation include a computing device having a processor with real-time instruction tracing support. During execution of a process, the processor generates trace data indicative of control flow of the process. The computing device analyzes the trace data to identify suspected control flow exploits. The computing device may use heuristic algorithms to identify return-oriented programming exploits. The computing device may maintain a shadow stack based on the trace data. The computing device may identify indirect branches to unauthorized addresses based on the trace data to identify jump-oriented programming exploits. The computing device may check the trace data whenever the process is preempted. The processor may detect mispredicted return instructions in real time and invoke a software handler in the process space of the process to verify and maintain the shadow stack. Other embodiments are described and claimed.