Search

DE-112021005981-B4 - HARDWARE SUPPORT FOR SOFTWARE POINT AUTHENTICATION IN A COMPUTER SYSTEM

DE112021005981B4DE 112021005981 B4DE112021005981 B4DE 112021005981B4DE-112021005981-B4

Abstract

Method (400, 500) for processing data in a processor (102), wherein the method comprises: in response to the occurrence of a function call instruction (410) and before executing (460) the function: Copying (420) a return address value of the function into a second general register (32); Storing (430) the return address value from the second general register (32) into a second memory location; Computation (440) of an entry hash value using a hash of three hash input parameters, wherein a first hash input parameter is a value from a first general-purpose register (32), a second hash input parameter is the return address value in the second general-purpose register, and a third hash input parameter is a secret key stored in a special-function register (35); and Store (450) the entry hash value in a first memory location, and After completion of the function and before exiting (510) the function: Loading (520) the entry hash value from the first memory location into a third general-purpose register (32); Loading (530) the return address value from the second memory position into the second general register (32); Computation (550) of an exit hash value using the same hash as in the computation of the entry hash value and using three hash input exit parameters, wherein a first hash input exit parameter is the value from the first general-purpose register (32), a second hash input exit parameter is the return address value from the second general-purpose register (32), and a third hash input exit parameter is the secret key stored in the special-function register (35); Determine (560) whether the entry hash value equals the exit hash value; In response to the fact that the entry hash value equals the exit hash value, perform (570) a function return to exit the function; and In response to the fact that the entry hash value does not match the exit hash value, execute (580) a trap interrupt.

Inventors

  • Jose E. Moreira
  • Arnold Flores
  • Debapriya Chatterjee
  • Kattamuri Ekanadham

Assignees

  • INTERNATIONAL BUSINESS MACHINES CORPORATION

Dates

Publication Date
20260513
Application Date
20211020
Priority Date
20201216

Claims (13)

  1. Method (400, 500) for processing data in a processor (102), wherein the method comprises: In response to the occurrence of a function call instruction (410) and prior to executing (460) the function: copying (420) a return address value of the function into a second general-purpose register (32); storing (430) the return address value from the second general-purpose register (32) into a second memory location; calculating (440) an entry hash value using a hash of three hash input parameters, wherein a first hash input parameter is a value from a first general-purpose register (32), a second hash input parameter is the return address value in the second general-purpose register, and a third hash input parameter is a secret key stored in a special-purpose function register (35); and store (450) the entry hash value in a first memory location, and after completion of the function and before exiting (510) the function: load (520) the entry hash value from the first memory location into a third general-purpose register (32); load (530) the return address value from the second memory location into the second general-purpose register (32); compute (550) an exit hash value using the same hash as in computation of the entry hash value and using three hash input-exit parameters, wherein a first hash input-exit parameter is the value from the first general-purpose register (32), a second hash input-exit parameter is the return address value from the second general-purpose register (32), and a third hash input-exit parameter is the secret key stored in the special-function register (35); Determine (560) if the entry hash value equals the exit hash value; in response that the entry hash value equals the exit hash value, perform (570) a function return to exit the function; and in response that the entry hash value does not equal the exit hash value, execute (580) a trap interrupt.
  2. Procedure (400, 500) according to Claim 1 , wherein the first memory position is at a first offset from a stack pointer in a first general register (32).
  3. Procedure (400, 500) according to Claim 1 , which further includes: copying a value provided by a link register into the second general register entry.
  4. Procedure (400, 500) according to Claim 3 , where the second memory position is located at a second offset from a stack pointer in the first general register entry.
  5. Procedure (400, 500) according to Claim 1 , wherein the special function register (35) storing the secret key is only accessible at one authorization level higher than the authorization level calculating the entry hash value.
  6. Procedure (400, 500) according to Claim 1 , where the trap interrupt (580) transfers control to an operating system.
  7. Procedure (400, 500) according to Claim 3 , which further includes: in response to the occurrence of a function exit instruction (510): moving (540) the return address value from the second general register (32) to the link register.
  8. System (100) for executing instructions in a software application, wherein the system (100) comprises: a processor (102) with a circuit and logic for executing the instructions, wherein the processor (102) comprises: a decoding unit (20) comprising a circuit and logic for decoding the instructions; an output unit (22) comprising a circuit and logic for receiving and outputting the decoded instructions; and an execution unit (24) comprising a circuit and logic for executing the decoded instructions output by the output unit, wherein the execution unit is assigned to a special function register (35); and a non-volatile, computer-readable medium (104) containing the instructions, wherein the The processor (102) is instructed by program instructions executable by the processor (102) to: in response to the occurrence of a function entry instruction (410) to execute a function and before executing (460) the function: copy (420) a return address value of the function into a second general-purpose register (32); store (430) the return address value from the second general-purpose register (32) into a second memory location; calculate (440) an entry hash value using a hash of three hash input parameters, wherein a first hash input parameter is a value from a first general-purpose register (32), a second hash input parameter is the return address value in the second general-purpose register (32), and a third hash input parameter is a secret key stored in the special-purpose function register (35); and store (450) the entry hash value in a first memory location, and after completion of the function and before exit (510) the function: load (520) the entry hash value from the first memory location into a third general-purpose register (32); load (530) the return address value from the second memory location into the second general-purpose register (32); compute (550) an exit hash value using the same hash as in computation of the entry hash value and using three hash input-exit parameters, wherein a first hash input-exit parameter is the value from the first general-purpose register (32), a second hash input-exit parameter is the return address value from the second general-purpose register (32), and a third hash input-exit parameter is the secret key stored in the special-function register (35); Determine (560) whether the entry hash value equals the exit hash value.
  9. System (100) according to Claim 8 , which furthermore includes programming instructions executable by the processor (102) that cause the processor (102) to: copy a value provided by a link register into a second general register entry.
  10. System (100) according to Claim 8 , whereby the special function register (35) storing the secret key can only be accessed at an authorization level higher than the authorization level calculating the entry hash value.
  11. System (100) according to Claim 8 , which further comprises programming instructions executable by the processor (102) that cause the processor (102) to: in response to the fact that the entry hash value equals the exit hash value, perform (570) a function return, whereby the processor (102) will exit the function; and in response to the fact that the entry hash value does not equal the exit hash value, execute (580) a trap interrupt.
  12. System (100) according to Claim 11 , where the execution (580) of the trap interrupt causes control to be transferred to an operating system.
  13. Computer program product comprising instructions executable by a processor (102) which instruct the processor (102) to execute the procedure (400, 500) according to one of the Claims 1 until 7 initiate.

Description

BACKGROUND The present invention relates in general to information and data processing systems, processors and storage systems, and in particular to providing increased security for information processing systems, processors and storage subsystems, e.g., during the execution of software applications. Recent advances in information technology and the widespread use of the internet for storing and processing information are constantly increasing the demands placed on computer systems for capturing, processing, storing, and distributing information. Computer systems are currently being developed to increase the speed at which they can run increasingly complex applications for professional, personal, and entertainment purposes. The overall performance of a computer system is influenced by each of the key elements in its architecture, including the performance and structure of the processors, any caches, input/output subsystems (I/O subsystems), the efficiency of memory control functions, the performance of the memory units and systems and all associated memory interface elements, and the type and structure of the memory link interfaces. Modern computer systems typically contain several integrated circuits (ICs), including a processor, which is used to process information within the computer system. The information processed by a processor can consist of computer instructions, which are executed by the processor, and data, which is manipulated by the processor using those instructions. The computer instructions and data are usually stored in main memory within the computer system. Preventing unauthorized users and/or rogue software from accessing information and data processing systems is becoming increasingly important and difficult. In one scenario, a user or software application may be authorized to access an information processing system, a process, register banks, and/or the storage subsystem, but may not have full access to the entire system, all register banks, or the entire storage subsystem. Similarly, the user or software application may be authorized to access parts of the system, but not the entire system, all register banks, and/or the entire storage subsystem. In other scenarios, a user and/or software application may not be authorized to access a part of the computer system, register banks, and/or a part of the storage subsystem. Protecting systems, register banks, and/or storage subsystems from access by an unauthorized user and/or software application can be challenging. Application software stores code pointers, such as function return addresses, or data, such as local variable values or pointer variables, in a stack when it calls a function. Malicious users can exploit code vulnerabilities, such as buffer overflows, array access without bounds checking, use-after-free attacks, and other techniques that attack and overwrite the stack's contents in such a way that, upon returning from a function, a code pointer or data value is used that is not intended by the software application. This can result in interference with the control flow of a program, as the return address is no longer the intended destination. This is sometimes referred to as a return-oriented programming (ROP) attack. These techniques can also be used to manipulate software to gain access to data values that the software program should not have access to and to reveal secret information without affecting the control flow. This type of attack is sometimes referred to as a data-oriented programming (DOP) attack. It would be advantageous to overcome such attacks and their techniques in order to provide more secure information processing systems, processors, memory subsystems, and software applications that run on such systems, units, and subsystems. The document US 2014 / 0 096 245 A1 Describes a processor with at least one execution unit. The processor also includes return-oriented programming (ROP) logic coupled to the at least one execution unit. The ROP logic can execute on a call stack. Validate the stored return pointer using a secret ROP value. Only the operating system may access this secret ROP value. Document CN 110 362 503 A describes an optimization procedure and a system for a chained hash stack. By configuring the send queue for the chained hash stack, the return address is stored staggered on the chained hash stack; furthermore, the verification operation that was mandatory in the original function return is largely eliminated. The document US 2018 / 0 089 422 A1 describes technologies for protecting the integrity of a code flow, which include a static analyzer that identifies a potential gadget in an atomic code path of protected code. The document US 2019 / 0 087 566 A1 This describes the maintenance of a call path identifier, which is permuted in response to a call instruction to invoke a target function based on a function return address. The call path identifier is used as a modifier value for authentication code