Method to detect forgery and exploits using last branch recording registers
US10621338B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 29, 2016 |
| Grant date | Apr 14, 2020 |
| Priority date | — |
| Expiry date | Jan 3, 2038 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/033
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method for detecting a ROP attack comprising processing of an object within a virtual machine managed by a virtual machine monitor (VMM), intercepting an attempted execution by the object of an instruction, the instruction stored on a page in memory that is accessed by the virtual machine, responsive to determining the page includes instructions corresponding to one of a predefined set of function calls, (i) inserting a first transition event into the memory at a starting address location of a function call, and (ii) setting a permission of the page to be execute only, and responsive to triggering the first transition event, halting, by the VMM, the processing of the object and analyzing, by logic within the VMM, content of last branch records associated with the virtual machine to determine whether the processing of the object displays characteristics of a ROP attack is shown.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.