[go: up one dir, main page]

WO2026002387A1 - Hardware-assisted jit emission protection - Google Patents

Hardware-assisted jit emission protection

Info

Publication number
WO2026002387A1
WO2026002387A1 PCT/EP2024/068196 EP2024068196W WO2026002387A1 WO 2026002387 A1 WO2026002387 A1 WO 2026002387A1 EP 2024068196 W EP2024068196 W EP 2024068196W WO 2026002387 A1 WO2026002387 A1 WO 2026002387A1
Authority
WO
WIPO (PCT)
Prior art keywords
instruction
hash
instructions
tracked
chained
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/EP2024/068196
Other languages
French (fr)
Inventor
Jan-Erik Ekberg
Vladimir USHAKOV
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to PCT/EP2024/068196 priority Critical patent/WO2026002387A1/en
Publication of WO2026002387A1 publication Critical patent/WO2026002387A1/en
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/54Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs

Definitions

  • This disclosure relates to methods and devices for securing the activity of in-consumer-device compilation.
  • In-consumer-device compilation is common e.g. in mobile phones, where consumer applications are written in e. g. Java - a language that by default is compiled to bytecode, which in turn is interpreted by a virtual machine when executed in the target device.
  • Java - a language that by default is compiled to bytecode, which in turn is interpreted by a virtual machine when executed in the target device.
  • a local “Just-in-Time”, JIT, compiler may further dynamically compile parts of the bytecode to machine language of the target device.
  • JIT Just-in-Time
  • a very similar operation is also used with web browsers, when a web page functionality might be partially written in JavaScript, and selectively compiled to binary code on the platform for execution speed up.
  • Such a local compiler may be subject to several security attacks.
  • This disclosure focuses on mitigating the TOCTOU, race condition, attack mentioned above but is not limited to such attacks.
  • the attack works as follows: The compiler or application hosting the compiler is assumed to be multi-threaded, as e.g. a browser almost unconditionally is. Now, the compiler, at some point, using one or a set of application threads, starts emitting binary code to memory that later will be executed. At the same time, it is assumed that another thread in application has been overtaken by the attacker due to some memory-based, buffer overflow or other attack.
  • Pointer Authentication is an architectural feature on several hardware platforms, whereby hardware, using a key that has been configured e.g. by the OS kernel, can write a message authentication code, MAC, into a processor register, which is computed via the key and other input into a processor, among other possible inputs the values of two other registers.
  • MAC message authentication code
  • Prior art describes JIT code written out into memory, which, before it is written from registers to memory, the resulting instructions are associated with a MAC, wherein the MAC is written to memory with the emitted code. Since the MAC must be computed by a hardware context that has access to the key that produces the MAC, if e.g. some other thread is associated with some other context, it cannot produce a MAC for an arbitrary generated attack instruction. The assumption is that at the time the full code has been written to memory, and when this portion of the memory is then rendered unwritable, i.e. the writability of this memory is changed to executability, the MAC is checked to validate that produced code has not changed between code emission and the engagement of executable-space protection.
  • JITCage is a security technique designed to enhance the security of Just-In-Time compilers. It isolates JIT-compiled code to prevent malicious code execution and exploitation. JITCage employs a sandboxing approach, confining the dynamically generated machine code within a restricted environment.
  • the present disclosure provides enhances protection for JIT emission using only standardized processor hardware, architecture and instructions, and also addresses a specific pattern visible in most JIT compilers, namely that code emission is not linear, single compilation pass from beginning to end, but e.g. jump, branch, targets are resolved in a second or further pass compilation; or more specifically at the time when both jump site and target are known by the compiler.
  • This does not fit well with a protection regime based on hash chains in the way described above, and the present design features a chain-split regime to address this inconvenience in a secure manner.
  • Prior art has not at all addressed this issue.
  • the present disclosure attempts to solve these problems.
  • the present disclosure relates to implementing forward control flow integrity for indirectly called functions.
  • the present disclosure provides in a first aspect a method for just-in-time emission protection comprising: in conjunction with a first pass compilation, creating a chained main hash from first instructions; tracking tracked first instructions, wherein the tracked first instructions are a subset of the first instructions subject to being updated or written to memory later on; if a tracked first instruction is encountered, adding the address of the tracked first instruction to the chained main hash; creating a seed hash based on the chained main hash and the address of the tracked first instruction; in conjunction with a second or further pass compilation, updating the tracked first instruction with a second instruction; and creating a branch hash based on the seed hash and the second instruction; validating, after the memory has been sealed, the branch hash.
  • the method may further comprise: the method is carried out on an ARM instruction set processor.
  • the method may further comprise: the chained main hash and the branch hash are created by using the Pointer Authentication Code, using Generic key, PACGA, instruction.
  • the method may further comprise: the chained main hash is maintained in a processor register and the branch hash is stored in a different processor register.
  • the method may further comprise: program execution is aborted if at least one of the chained main hash, the seed hash and the branch hash cannot be validated.
  • Program execution may be aborted if only the branch hash cannot be validated, for example, while ignoring the main hash and the seed hash.
  • the method may further comprise: the tracked first instruction resulting after the first pass compilation is stored for backup and wherein the seed hash is calculated further based on the tracked first instruction.
  • the method may further comprise: the seed hash is calculated further based on the tracked first instruction by being XORed with the chained main hash.
  • the method may further comprise: using three or more input instructions for Pointer Authentication Code, using Generic key, PACGA, wherein at least one input instruction of the plurality of input instructions is XORed with a current content of a PAC register for chaining.
  • PACGA Generic key
  • the XORing is employed for achieving an ordered chain. Combining inputs allows for higher performance. It is understood by a person skilled in the art that the input PACGA takes are two source registers of the processor, thus using “input instructions” refers to a process wherein input instructions are combined into at least one of the registers and then used as input.
  • the present disclosure provides in a second aspect a method for just-in-time emission protection in an ARM instruction set processor, comprising: using three or more input instructions for Pointer Authentication Code, using Generic key, PACGA, wherein at least one input instruction of the plurality of input instructions is XORed with a current content of a PAC register for chaining.
  • the XORing is employed for achieving an ordered chain. Combining input instructions/addresses, efficiently is greatly increased. With this speed optimized design for chain generation, generation and validation can be sped up by up to 400%.
  • the method may further comprise: the plurality of the input instructions comprises four input instructions in sequential order, and wherein the at least one instruction is a first input instruction of the four input instructions.
  • the first instruction is XORed with a content of the PAC register for chaining.
  • four 32-bit addresses are combined into two 64-bit inputs for PACGA for more effective chaining.
  • the present disclosure provides in a third aspect a computer implemented method for just-in-time emission protection comprising instructions carried out by a processor as follows: in conjunction with a first pass compilation, creating a chained main hash from first instructions; tracking tracked first instructions, wherein the tracked first instructions are a subset of the first instructions subject to being updated or written to memory later on; if a tracked first instruction is encountered, adding the address of the tracked first instruction to the chained main hash; creating a seed hash based on the chained main hash and the address of the tracked first instruction; in conjunction with a second or further pass compilation, updating the tracked first instruction with a second instruction; and creating a branch hash based on the seed hash and the second instruction; validating, after the memory has been sealed, the branch hash.
  • the computer implemented method may further comprise: the processor is an ARM instruction set processor and wherein the chained main hash and the branch hash are created by using the Pointer Authentication Code, using Generic key, PACGA instruction.
  • the present disclosure provides in a fourth aspect a computer implemented method for just-in-time emission protection comprising instructions carried out by an ARM processor as follows: using three or more input instructions for Pointer Authentication Code, using Generic key, PACGA, wherein at least one input instruction of the plurality of input instructions is XORed with a current content of a PAC register for chaining.
  • the computer-implemented method may further comprise: the plurality of the input instructions comprises four input instructions in sequential order, and wherein the at least one instruction is a first input instruction of the four input instructions.
  • the present disclosure provides in a fifth aspect an ARM instruction set processor comprising means for carrying out hardware- assisted just-in-time emission protection according to the method of the third and fourth aspects.
  • Fig. 1 shows a schematic drawing of an ARM processor carrying out the Pointer Authentication Code, using Generic key, PACGA instruction with two instructions as input.
  • Fig. 2 shows a schematic drawing of the chaining process in case of branching described herein.
  • Fig. 3 shows a flow diagram of an exemplary method disclosed herein.
  • Fig. 4 shows a schematic drawing of an ARM processor carrying out the Pointer Authentication Code, using Generic key, PACGA instruction, wherein four instructions are used as an input for the PACGA instruction.
  • shadow stack technology refers to the general concept of shadow stacks, not any particular implementation.
  • Register A register is a small, fast storage location within a CPU used to hold temporary data and instructions. Registers are used for arithmetic operations, data manipulation, and addressing during program execution, providing quick access to frequently used values. Instructions: Assembly/machine code instructions are low-level commands executed directly by a computer's CPU. Each instruction performs a specific operation, such as arithmetic calculations, data movement, or control flow changes. These instructions form the fundamental building blocks of software, enabling the execution of complex tasks by specifying precise operations for the hardware.
  • Pointer Authentication is a security mechanism designed to protect against control flow hijacking attacks, such as Return-Oriented Programming, ROP, and Jump-Oriented Programming, JOP. It works by using cryptographic techniques to authenticate pointers, ensuring their integrity and validity during program execution. It is implemented using a Pointer Authentication Code, PAC, a cryptographic signature appended to a pointer. This signature is generated using a secret key, the pointer value, and additional context, ensuring that any tampering with the pointer can be detected. When a pointer is created or modified, a PAC is generated using the pointer value and a secret key. This PAC is stored alongside the pointer.
  • PAC Pointer Authentication Code
  • Key Components of the system include keys, context and specific instructions.
  • Secret cryptographic keys are used to generate and verify PACs. These keys are typically stored in secure hardware registers and are not accessible to normal software.
  • the PAC generation can include context-specific data, such as the current stack pointer or function context, to further strengthen the protection. Special instructions are used to generate, PAC instructions, and verify, AUT instructions, PACs.
  • ARM architecture includes instructions like PACIA, Pointer Authentication Code using Instruction key A, AUTIA, Authenticate using Instruction key A, and PACGA, Pointer Authentication Code, using Generic key.
  • Pointer authentication helps prevent a wide range of memory corruption attacks by ensuring that pointers cannot be arbitrarily modified without detection. While adding security, pointer authentication incurs minimal performance overhead, making it suitable for use in performancesensitive applications. This mechanism can be integrated into existing systems with minimal changes to software, providing an additional layer of security without significant disruption.
  • Pointer Authentication is, for example, employed in operating systems to protect kernel pointers and ensuring the integrity of critical control structures, in application software for securing applications against control flow attacks, particularly in but not limited to environments where security is paramount, such as financial services, healthcare, and critical infrastructure and in embedded systems, for example where memory corruption vulnerabilities are prevalent.
  • JIT Just-In-Time
  • compilation is a dynamic translation process utilized in runtime environments like Java Virtual Machine, JVM, and .NET'S Common Language Runtime, CLR.
  • JVM Java Virtual Machine
  • CLR Common Language Runtime
  • JIT compilation occurs at runtime, converting intermediate bytecode into native machine code on-the-fly. This approach combines the benefits of interpreted and compiled languages, achieving both portability and high performance.
  • Multi-Pass Compilation involves processing the source code multiple times to achieve better optimization and error detection. Each pass in this process performs specific tasks, such as syntax analysis, semantic analysis, and code optimization, incrementally transforming the source code into executable code. This approach helps in handling complex language features and improving the overall quality of the generated code.
  • Two-Pass Compilation is a specific type of multi-pass compilation where the compiler makes two distinct passes over the source code.
  • RISC Reduced Instruction Set Computer
  • RISC is a CPU design philosophy that uses a small, highly optimized set of instructions, each designed to execute very quickly. The simplicity of RISC instructions allows for faster execution and more efficient pipelining compared to Complex Instruction Set Computing, CISC, architectures.
  • ARM processor An ARM processor or ARM instruction set processor is a type of CPU based on the RISC architecture developed by ARM Holdings. ARM processors are known for their power efficiency and are widely used in mobile devices, embedded systems, and increasingly in servers and personal computers.
  • W A X, Write XOR Execute is a security feature implemented in operating systems and virtual machines that enforces a memory protection policy where each page in a process's or kernel's address space can be either writable or executable, but not both. This prevents a program from writing CPU instructions to a memory area and then executing them, which is a potential security risk if the writing process is malicious. This policy helps mitigate certain types of attacks, such as those involving code injection. It enforces executable-space protection.
  • Control-flow Enforcement Technology Intel's Control-flow Enforcement Technology, CET, is designed to protect against control flow attacks. It includes features like shadow stacks for return address protection and Indirect Branch Tracking, IBT, to ensure indirect branches only target valid destinations.
  • XORing XORing, Exclusive OR, is a fundamental operation in digital logic and cryptography. It involves comparing two binary inputs and producing a binary output based on the rule: the output is true, 1, if and only if one of the inputs is true, 1, and the other is false, 0.
  • XOR is represented as A ⁇ B, where A and B are binary inputs.
  • Bitwise XORing is a binary operation that compares corresponding bits of two binary numbers and produces a result where each bit is 1 if the corresponding bits of the operands are different, and 0 if they are the same. For example, XORing the binary numbers 1010 and 1100 yields 0110.
  • Block XORing involves applying the XOR operation to entire blocks of data rather than individual bits.
  • Byte-wise XORing applies the XOR operation to corresponding bytes of two data sets. Instead of working on individual bits or large blocks, it focuses on 8-bit chunks, bytes.
  • Circular XORing also known as bitwise circular XORing, involves performing the XOR operation in a circular fashion across the bits of a binary number. This means that the XOR operation wraps around from the end of the bit sequence back to the beginning.
  • XORing as used in here is not specifically limited to any particular kind of XORing mentioned here.
  • Fig. 1 refers to a schematic drawing of an ARM processor carrying out the Pointer Authentication Code, using Generic key, PACGA instruction with two instructions as input and a Generic Key 101.
  • the ARM platform herein merely serves as a non-limiting example and that similar technology on other platforms, such as Intel CET, may also be used for implementing the present disclosure.
  • the PACGA instruction computes the pointer authentication code for an address in the first source register, using a modifier in the second source register, and the Generic key 101. The computed pointer authentication code is returned in the upper 32 bits of the destination register.
  • ARM PAC/PACGA thus uses a hashing process utilizing a keyed hash function, to ensure the integrity and authenticity of pointers.
  • a data chain structure that allows for integrity protected addition of elements at a later time, when the chain has already been constructed is implemented with a hardware cryptographic hash function, such as Pointer Authentication, PA, and for example, the PACGA instruction as mentioned above, which constructs a cryptographic hash out of the contents of two general purpose registers, and writes the result into a third, or one of the two input registers.
  • a hardware cryptographic hash function such as Pointer Authentication, PA, and for example, the PACGA instruction as mentioned above, which constructs a cryptographic hash out of the contents of two general purpose registers, and writes the result into a third, or one of the two input registers.
  • Validation Step Validation is conducted once W A X protection is active. At this point, the respective memory pages cannot be modified any more. In this step, the emitted instructions are re-fed to the validation step, proceeding exactly the same way as the authentication step above, generating another PAC value PAC’, and if the newly generated PAC’ is the same as the originally computed PAC, it can be assured that no modification has taken place.
  • 1-pass, 2-pass, and multipass compilation wherein the word “compilation” may be omitted, refer to iterative compilation techniques.
  • the 1-pass compilation method involves a single traversal of the bytecode to generate machine code.
  • the 2-pass compilation technique enhances optimization by first performing a preliminary analysis of the bytecode during the initial pass to gather detailed information about variables, data structures, and control flow, which is then utilized in a second or further pass to produce more optimized machine code.
  • Multipass compilation further extends this concept by employing multiple passes, each dedicated to specific optimization tasks such as constant folding, loop unrolling, function inlining, and elimination of redundant instructions.
  • a method for constructing a branching structure i.e. a tree-like cryptographic hash structure, instead of a list is provided, with enough metadata to validate the tree during verification, and makes sure that any parts of the tree pre-maturely, before verification, written to memory are self-protecting.
  • chained main hash is used herein explicitly to also refer to a “pointer authentication chain” or any kind of cryptographic chain. The same is the case whenever the word “hash” or “seed hash” is used.
  • Some of the first instructions may either not immediately be written to memory at this point or they may be written to memory but still be updated later on. Such first instructions are tracked, rendering them tracked first instructions S2. If then a tracked first instruction is encountered S3, the address of the tracked first instruction can be added to the chained main hash S4. Alternatively, if a first instruction subject to being updated has been written, the address of this tracked first instruction and the instruction itself can be added to the chained main hash.
  • a seed hash is created S5. For example, a cryptographic hash function or a pointer authentication function may be used to obtain a seed hash from the main hash and the address of the tracked first instruction as inputs.
  • the tracked first instruction may be updated with a second instruction S6.
  • second pass may refer to any further pass, first and second or further pass compilation need not be consecutive compilation steps.
  • a branch hash may be created S7.
  • Fig. 2 shows an exemplary process for ARM processors according to the above procedure.
  • step 201 instructions that are identified for backtracking are validated with others as described with regard to Fig. 1. Namely, by default, instructions are chained just like in Fig. 1. However, the JIT compiler will track instructions that later will be updated / written, and when such a location is encountered, a new record is added to a data structure that is best described as an ordered list with the address as the key - i.e. the location of the instruction to later be updated serves best as the indexing parameter. During this first pass compilation, when the instruction to be written is not finalized, the address of the location is added, instead of the instruction, to the main hash chain generation.
  • the resulting PACGA value, Px in picture is added to the data structure. It locks the location of the “branch of the chain” and will be used as a seed value later for extending towards the “leaf’ of this specific branch.
  • step 202 a chain split is performed. Px is obtained via the ARM PACGA instruction from the content of the register in which the PAC value is stored and the address of the tracked first instruction as inputs. Px corresponds to the seed hash above.
  • a value Py is obtained via the ARM PACGA instruction from Px and the instruction introduced upon the second or further pass compilation. Py corresponds to the branch hash above.
  • verification takes place.
  • the verification proceeds by checking the instruction sequence and the ordered list in parallel.
  • a branch in the hash chain is encountered, namely ordered list address value matches address
  • the main chain is updated with the address as input, or alternatively with address and first pass output.
  • Px in the data structure matches the current value of the PAC register.
  • a value Py’ is recalculated from Px and the final instruction, found in the instruction stream, and compared against Py in the data structure. If all of these checks pass, the branch is handled, the data structure element can be discarded, and the main chain can continue to be verified until a further tracked first address is encountered.
  • the method may optionally be carried out on an ARM instruction set processor, or in general a Reduced Instruction Set Computer, RISC, processor.
  • Intel instruction set processors or other processors may also be used.
  • the chained main hash and the branch hash may optionally be created by using the Pointer Authentication Code, using Generic key, PACGA, instruction on ARM instruction set processors.
  • the chained main hash may be maintained in one processor register and the branch hash may be stored in a different processor register. Program execution may be aborted if at least one of the chained main hash, the seed hash and the branch hash cannot be validated.
  • the seed hash may optionally be calculated further based on the tracked first instruction by being XORed with the chained main hash.
  • XORing refers to the operation of the Exclusive OR, XOR, logical function, which is a fundamental operation in digital logic and cryptography. XORing operates on two binary inputs and produces a binary output according to the rule that the output is true, or 1 , if and only if the inputs are different; that is, one input is true and the other is false.
  • XORing operations are known to a person skilled in the art, e. g. Bitwise XORing, Block XORing, Byte-wise XORing, Circular XORing and XORing herein encompasses each of these variants but is not limited to any of them.
  • the PACGA instruction uses two 64-bit inputs.
  • 64-bit addresses or instructions are not required, thus shorter inputs, for example 32- bit inputs, could be used.
  • the input PACGA takes are two source registers of the processor, thus using “input instructions” refers to a process wherein input instructions are combined into at least one of the PACGA input registers and then used as input.
  • This method can either be used instead of the method presented initially and with regard to Fig. 1 or in addition to the method presented with regard to specifically protecting JIT emission in combination with 2 -pass and, in general, multipass compilation.
  • the aforementioned method regarding the enhancement to traditional chaining methods employing the PACGA instruction on ARM processors may be used either independently or in combination with the above-mentioned method for constructing a branching structure.
  • PACGA takes as input to 64-bit register values, and ARM instructions are 32 bit in size. Thus, two can be packed together as one input - 2 inputs, 4 input instructions. Further, PACGA provides a 32-bit output, the MAC, that may be chained into the next operation. This is done by XORing the previous value with Instruction! before combining it with the other three input instructions. This is possible, since the output is a cryptographic MAC, i.e. there cannot be any bias in the bits that will lower the validity of input from Instruction 1.
  • the above methods may also be implemented as computer-implemented methods, wherein a processor is instructed to carry out the steps of creating a chained main hash from first instructions in conjunction with a first pass compilation, tracking first instructions as outlined above, if a tracked first instruction is encountered, adding the address of the tracked first instruction to the chained main hash, creating a seed hash based on the chained main hash and the address of the tracked first instruction, in conjunction with a second or further pass compilation, updating the tracked first instruction with a second instruction, creating a branch hash based on the seed hash and the second instruction and then validating, after the memory has been sealed, the branch hash.
  • This may further be combined in an ARM processor with processor instructions to the effect of using three or more input instructions for Pointer Authentication Code, using Generic key, PACGA, wherein at least one input instruction of the plurality of input instructions is XORed with a current content of a PAC register for chaining.
  • the plurality of the input instructions may comprise four input instructions in sequential order, and therein, the at least one instruction may be a first input instruction of the four input instructions.
  • An exemplary method is described with Fig. 3 above.
  • the method above regarding an ARM processor with processor instructions to the effect of using three or more input instructions for Pointer Authentication Code, using Generic key, PACGA, wherein at least one input instruction of the plurality of input instructions is XORed with a current content of a PAC register for chaining, may also be used independently.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The present disclosure enhances protection for JIT emission using only standardized processor hardware, architecture and instructions, and also addresses a specific pattern visible in most JIT compilers, namely that code emission is not linear, single compilation pass from beginning to end, but e.g. jump/branch targets are resolved in a second or further pass compilation; or more specifically at the time when both jump site and target are known by the compiler. Specifically, the present disclosure provides a method for just-in-time emission protection comprising: in conjunction with a first pass compilation, creating a chained main hash from first instructions; tracking tracked first instructions, wherein the tracked first instructions are a subset of the first instructions subject to being updated or written to memory later on; if a tracked first instruction is encountered, adding the address of the tracked first instruction to the chained main hash; creating a seed hash based on the chained main hash and the address of the tracked first instruction; in conjunction with a second or further pass compilation, updating the tracked first instruction with a second instruction; and creating a branch hash based on the seed hash and the second instruction; validating, after the memory has been sealed, the branch hash. Further, a speed optimized design in chain generation is provided, which can speed up both generation and validation by up to 400%, as described herein.

Description

HARDWARE-ASSISTED JIT EMISSION PROTECTION
TECHNICAL FIELD
This disclosure relates to methods and devices for securing the activity of in-consumer-device compilation.
BACKGROUND
In-consumer-device compilation is common e.g. in mobile phones, where consumer applications are written in e. g. Java - a language that by default is compiled to bytecode, which in turn is interpreted by a virtual machine when executed in the target device. To speed up execution, a local “Just-in-Time”, JIT, compiler may further dynamically compile parts of the bytecode to machine language of the target device. A very similar operation is also used with web browsers, when a web page functionality might be partially written in JavaScript, and selectively compiled to binary code on the platform for execution speed up.
Such a local compiler may be subject to several security attacks. This disclosure focuses on mitigating the TOCTOU, race condition, attack mentioned above but is not limited to such attacks. The attack works as follows: The compiler or application hosting the compiler is assumed to be multi-threaded, as e.g. a browser almost unconditionally is. Now, the compiler, at some point, using one or a set of application threads, starts emitting binary code to memory that later will be executed. At the same time, it is assumed that another thread in application has been overtaken by the attacker due to some memory-based, buffer overflow or other attack. So, in the same linear application memory area there now are compiler threads that emit code and a thread controlled by an attacker who now sets out to overwrite parts of the code being emitted by the compiler to deepen his attack. The new code can e.g. connect to another server, browser, maybe ask the platform to perform user payment approval/authentication or anything the attacker wants to do. As the JIT compiler emits code to be very soon executed, in binary, on the target platform, the opportunities of causing harm are almost limitless.
Pointer Authentication is an architectural feature on several hardware platforms, whereby hardware, using a key that has been configured e.g. by the OS kernel, can write a message authentication code, MAC, into a processor register, which is computed via the key and other input into a processor, among other possible inputs the values of two other registers.
Prior art describes JIT code written out into memory, which, before it is written from registers to memory, the resulting instructions are associated with a MAC, wherein the MAC is written to memory with the emitted code. Since the MAC must be computed by a hardware context that has access to the key that produces the MAC, if e.g. some other thread is associated with some other context, it cannot produce a MAC for an arbitrary generated attack instruction. The assumption is that at the time the full code has been written to memory, and when this portion of the memory is then rendered unwritable, i.e. the writability of this memory is changed to executability, the MAC is checked to validate that produced code has not changed between code emission and the engagement of executable-space protection.
Now, if code is written out in a simplified way, one MAC per instruction, an attacker still has the opportunity to reorder the instructions in memory thereby potentially mounting an attack. Therefore, the instruction writing is chained, i.e. a MAC code related to the previous instruction is used to seed the next one in a process similar to hash chaining.
Prior art as described above relies on a tight co-design between hardware and software, i.e. the processor hardware is required to include enhanced features that help to solve the JIT emission problem, with an overall architecture, for example “JITCage”. JITCage is a security technique designed to enhance the security of Just-In-Time compilers. It isolates JIT-compiled code to prevent malicious code execution and exploitation. JITCage employs a sandboxing approach, confining the dynamically generated machine code within a restricted environment.
The present disclosure provides enhances protection for JIT emission using only standardized processor hardware, architecture and instructions, and also addresses a specific pattern visible in most JIT compilers, namely that code emission is not linear, single compilation pass from beginning to end, but e.g. jump, branch, targets are resolved in a second or further pass compilation; or more specifically at the time when both jump site and target are known by the compiler. This does not fit well with a protection regime based on hash chains in the way described above, and the present design features a chain-split regime to address this inconvenience in a secure manner. Prior art has not at all addressed this issue.
SUMMARY
The present disclosure attempts to solve these problems.
The present disclosure relates to implementing forward control flow integrity for indirectly called functions.
The present disclosure is defined by the scope of the independent claims. The dependent claims provide advantageous embodiments of the present disclosure.
The present disclosure provides in a first aspect a method for just-in-time emission protection comprising: in conjunction with a first pass compilation, creating a chained main hash from first instructions; tracking tracked first instructions, wherein the tracked first instructions are a subset of the first instructions subject to being updated or written to memory later on; if a tracked first instruction is encountered, adding the address of the tracked first instruction to the chained main hash; creating a seed hash based on the chained main hash and the address of the tracked first instruction; in conjunction with a second or further pass compilation, updating the tracked first instruction with a second instruction; and creating a branch hash based on the seed hash and the second instruction; validating, after the memory has been sealed, the branch hash.
In the method above, the specific pattern visible in most JIT compilers, namely that code emission is not linear, meaning single compilation pass from beginning to end, but e.g. jump, or branch targets are resolved in a second compilation pass, providing chain-split regime to address this inconvenience in a secure manner using only standardized processor hardware. By the term “based on” any kind of usage as an input is encompassed.
According to an implementation of the method of the first aspect, the method may further comprise: the method is carried out on an ARM instruction set processor.
According to an implementation of the method of the first aspect, the method may further comprise: the chained main hash and the branch hash are created by using the Pointer Authentication Code, using Generic key, PACGA, instruction.
According to an implementation of the method of the first aspect, the method may further comprise: the chained main hash is maintained in a processor register and the branch hash is stored in a different processor register.
According to an implementation of the method of the first aspect, the method may further comprise: program execution is aborted if at least one of the chained main hash, the seed hash and the branch hash cannot be validated.
These are strictly alternatives. Program execution may be aborted if only the branch hash cannot be validated, for example, while ignoring the main hash and the seed hash.
According to an implementation of the method of the first aspect, the method may further comprise: the tracked first instruction resulting after the first pass compilation is stored for backup and wherein the seed hash is calculated further based on the tracked first instruction. According to an implementation of the method of the first aspect, the method may further comprise: the seed hash is calculated further based on the tracked first instruction by being XORed with the chained main hash.
According to an implementation of the method of the first aspect, if the method is carried out on an ARM instruction set processor, the method may further comprise: using three or more input instructions for Pointer Authentication Code, using Generic key, PACGA, wherein at least one input instruction of the plurality of input instructions is XORed with a current content of a PAC register for chaining.
The XORing is employed for achieving an ordered chain. Combining inputs allows for higher performance. It is understood by a person skilled in the art that the input PACGA takes are two source registers of the processor, thus using “input instructions” refers to a process wherein input instructions are combined into at least one of the registers and then used as input.
The present disclosure provides in a second aspect a method for just-in-time emission protection in an ARM instruction set processor, comprising: using three or more input instructions for Pointer Authentication Code, using Generic key, PACGA, wherein at least one input instruction of the plurality of input instructions is XORed with a current content of a PAC register for chaining.
The XORing is employed for achieving an ordered chain. Combining input instructions/addresses, efficiently is greatly increased. With this speed optimized design for chain generation, generation and validation can be sped up by up to 400%.
According to an implementation of the method of the second aspect, the method may further comprise: the plurality of the input instructions comprises four input instructions in sequential order, and wherein the at least one instruction is a first input instruction of the four input instructions.
Optionally, the first instruction is XORed with a content of the PAC register for chaining. Optionally, four 32-bit addresses are combined into two 64-bit inputs for PACGA for more effective chaining.
The present disclosure provides in a third aspect a computer implemented method for just-in-time emission protection comprising instructions carried out by a processor as follows: in conjunction with a first pass compilation, creating a chained main hash from first instructions; tracking tracked first instructions, wherein the tracked first instructions are a subset of the first instructions subject to being updated or written to memory later on; if a tracked first instruction is encountered, adding the address of the tracked first instruction to the chained main hash; creating a seed hash based on the chained main hash and the address of the tracked first instruction; in conjunction with a second or further pass compilation, updating the tracked first instruction with a second instruction; and creating a branch hash based on the seed hash and the second instruction; validating, after the memory has been sealed, the branch hash.
For explanations and effects, see above with regard to the first aspect.
According to an implementation of the method of the third aspect, the computer implemented method may further comprise: the processor is an ARM instruction set processor and wherein the chained main hash and the branch hash are created by using the Pointer Authentication Code, using Generic key, PACGA instruction. The present disclosure provides in a fourth aspect a computer implemented method for just-in-time emission protection comprising instructions carried out by an ARM processor as follows: using three or more input instructions for Pointer Authentication Code, using Generic key, PACGA, wherein at least one input instruction of the plurality of input instructions is XORed with a current content of a PAC register for chaining.
For explanations and effects, see above with regard to the second aspect.
According to an implementation of the method of the fourth aspect, the computer-implemented method may further comprise: the plurality of the input instructions comprises four input instructions in sequential order, and wherein the at least one instruction is a first input instruction of the four input instructions.
The present disclosure provides in a fifth aspect an ARM instruction set processor comprising means for carrying out hardware- assisted just-in-time emission protection according to the method of the third and fourth aspects.
For explanations and effects, see above with regard to the first, second, third and fourth aspect.
BRIEF DESCRIPTION OF DRAWINGS
In the following embodiments of the present disclosure are described in more detail with reference to the attached figures and drawings, in which:
Fig. 1 shows a schematic drawing of an ARM processor carrying out the Pointer Authentication Code, using Generic key, PACGA instruction with two instructions as input.
Fig. 2 shows a schematic drawing of the chaining process in case of branching described herein.
Fig. 3 shows a flow diagram of an exemplary method disclosed herein.
Fig. 4 shows a schematic drawing of an ARM processor carrying out the Pointer Authentication Code, using Generic key, PACGA instruction, wherein four instructions are used as an input for the PACGA instruction.
DETAILED DESCRIPTION
In the description of embodiments of this application, "and/or" describes an association relationship between associated objects and indicates that three relationships may exist. For example, A and/or B may indicate the following three cases: Only A exists, both A and B exist, and only B exists. In this application, "at least one" means one or more, and "a plurality of' means two or more. In addition, it should be understood that in description of this application, terms such as "first", "second", and "third" are merely used for distinguishing and description, but should not be understood as indicating or implying relative importance, or should not be understood as indicating or implying a sequence.
The following description mentions examples pertaining to ARM or Intel instruction set processors. None of this is intended to limit the scope of this disclosure to any of these variants, any processor with the functionality mentioned may be used for carrying out the disclosed methods. Whenever any kind of shadow stack technology is mentioned, said shadow stack technology refers to the general concept of shadow stacks, not any particular implementation. Some definitions are given in order to facilitate the understanding of the disclosure.
Register: A register is a small, fast storage location within a CPU used to hold temporary data and instructions. Registers are used for arithmetic operations, data manipulation, and addressing during program execution, providing quick access to frequently used values. Instructions: Assembly/machine code instructions are low-level commands executed directly by a computer's CPU. Each instruction performs a specific operation, such as arithmetic calculations, data movement, or control flow changes. These instructions form the fundamental building blocks of software, enabling the execution of complex tasks by specifying precise operations for the hardware.
Pointer Authentication: Pointer Authentication is a security mechanism designed to protect against control flow hijacking attacks, such as Return-Oriented Programming, ROP, and Jump-Oriented Programming, JOP. It works by using cryptographic techniques to authenticate pointers, ensuring their integrity and validity during program execution. It is implemented using a Pointer Authentication Code, PAC, a cryptographic signature appended to a pointer. This signature is generated using a secret key, the pointer value, and additional context, ensuring that any tampering with the pointer can be detected. When a pointer is created or modified, a PAC is generated using the pointer value and a secret key. This PAC is stored alongside the pointer. Before a pointer is used, the system verifies its PAC by recomputing the signature and comparing it to the stored PAC. If they match, the pointer is considered valid; otherwise, an error is raised, preventing the use of a tampered pointer. Key Components of the system include keys, context and specific instructions. Secret cryptographic keys are used to generate and verify PACs. These keys are typically stored in secure hardware registers and are not accessible to normal software. The PAC generation can include context-specific data, such as the current stack pointer or function context, to further strengthen the protection. Special instructions are used to generate, PAC instructions, and verify, AUT instructions, PACs. For example, ARM architecture includes instructions like PACIA, Pointer Authentication Code using Instruction key A, AUTIA, Authenticate using Instruction key A, and PACGA, Pointer Authentication Code, using Generic key. Pointer authentication helps prevent a wide range of memory corruption attacks by ensuring that pointers cannot be arbitrarily modified without detection. While adding security, pointer authentication incurs minimal performance overhead, making it suitable for use in performancesensitive applications. This mechanism can be integrated into existing systems with minimal changes to software, providing an additional layer of security without significant disruption. Pointer Authentication is, for example, employed in operating systems to protect kernel pointers and ensuring the integrity of critical control structures, in application software for securing applications against control flow attacks, particularly in but not limited to environments where security is paramount, such as financial services, healthcare, and critical infrastructure and in embedded systems, for example where memory corruption vulnerabilities are prevalent.
Just-In-Time, JIT, compilation: Just-In-Time, JIT, compilation is a dynamic translation process utilized in runtime environments like Java Virtual Machine, JVM, and .NET'S Common Language Runtime, CLR. Unlike traditional compilation, which translates source code into machine code prior to execution, JIT compilation occurs at runtime, converting intermediate bytecode into native machine code on-the-fly. This approach combines the benefits of interpreted and compiled languages, achieving both portability and high performance.
Multi-Pass Compilation: Multi-pass compilation involves processing the source code multiple times to achieve better optimization and error detection. Each pass in this process performs specific tasks, such as syntax analysis, semantic analysis, and code optimization, incrementally transforming the source code into executable code. This approach helps in handling complex language features and improving the overall quality of the generated code.
Two-Pass Compilation: Two-pass compilation is a specific type of multi-pass compilation where the compiler makes two distinct passes over the source code.
Reduced Instruction Set Computer, RISC: RISC is a CPU design philosophy that uses a small, highly optimized set of instructions, each designed to execute very quickly. The simplicity of RISC instructions allows for faster execution and more efficient pipelining compared to Complex Instruction Set Computing, CISC, architectures. ARM processor: An ARM processor or ARM instruction set processor is a type of CPU based on the RISC architecture developed by ARM Holdings. ARM processors are known for their power efficiency and are widely used in mobile devices, embedded systems, and increasingly in servers and personal computers.
WAX, Write XOR Execute: WAX, "write xor execute", is a security feature implemented in operating systems and virtual machines that enforces a memory protection policy where each page in a process's or kernel's address space can be either writable or executable, but not both. This prevents a program from writing CPU instructions to a memory area and then executing them, which is a potential security risk if the writing process is malicious. This policy helps mitigate certain types of attacks, such as those involving code injection. It enforces executable-space protection.
Control-flow Enforcement Technology, CET: Intel's Control-flow Enforcement Technology, CET, is designed to protect against control flow attacks. It includes features like shadow stacks for return address protection and Indirect Branch Tracking, IBT, to ensure indirect branches only target valid destinations.
XORing: XORing, Exclusive OR, is a fundamental operation in digital logic and cryptography. It involves comparing two binary inputs and producing a binary output based on the rule: the output is true, 1, if and only if one of the inputs is true, 1, and the other is false, 0. Mathematically, XOR is represented as A © B, where A and B are binary inputs. Bitwise XORing is a binary operation that compares corresponding bits of two binary numbers and produces a result where each bit is 1 if the corresponding bits of the operands are different, and 0 if they are the same. For example, XORing the binary numbers 1010 and 1100 yields 0110. Block XORing involves applying the XOR operation to entire blocks of data rather than individual bits. Byte-wise XORing applies the XOR operation to corresponding bytes of two data sets. Instead of working on individual bits or large blocks, it focuses on 8-bit chunks, bytes. Circular XORing, also known as bitwise circular XORing, involves performing the XOR operation in a circular fashion across the bits of a binary number. This means that the XOR operation wraps around from the end of the bit sequence back to the beginning. XORing as used in here is not specifically limited to any particular kind of XORing mentioned here.
Fig. 1 refers to a schematic drawing of an ARM processor carrying out the Pointer Authentication Code, using Generic key, PACGA instruction with two instructions as input and a Generic Key 101. It is understood that the ARM platform herein merely serves as a non-limiting example and that similar technology on other platforms, such as Intel CET, may also be used for implementing the present disclosure. As per the ARM documentation, the PACGA instruction computes the pointer authentication code for an address in the first source register, using a modifier in the second source register, and the Generic key 101. The computed pointer authentication code is returned in the upper 32 bits of the destination register. ARM PAC/PACGA thus uses a hashing process utilizing a keyed hash function, to ensure the integrity and authenticity of pointers.
Authentication Step: With regard to the disclosure, a data chain structure that allows for integrity protected addition of elements at a later time, when the chain has already been constructed is implemented with a hardware cryptographic hash function, such as Pointer Authentication, PA, and for example, the PACGA instruction as mentioned above, which constructs a cryptographic hash out of the contents of two general purpose registers, and writes the result into a third, or one of the two input registers.
Baseline Operation: In the baseline operation of Fig. 1, instructions are hashed into a chain as they are written to memory. The cryptographic hash is accumulated into the register containing the PAC, and every emitted instruction will leave a trace in the PAC value. As long as the PAC value is kept in a register, it is immune to memory-based attacks in their standard definition. Further, since PAC is a cryptographic hash, if the final result is written to memory, temporarily, it is also protected, since the attacker does not know the key for PACGA. However, writing out each intermediate hash value is not advisable, since the PAC result exposes some opportunity for replay, meaning chain modification if some of the hash values collide, namely happen to be the same. Deployment of WAX, write xor execute, protection: Once the instructions written to memory, if the instructions written to memory are modified in memory this will be caught in a validation step, which proceeds as follows: The instructions are potentially copied to the memory area where they eventually will be executed, if the current location is not the location the instructions will be executed in; both approaches exist in JIT compilers. Upon completion of this step, the memory pages where the instructions reside are configured to be executable, and readable, but not writable anymore, via write xor execute, WAX protection.
Validation Step: Validation is conducted once WAX protection is active. At this point, the respective memory pages cannot be modified any more. In this step, the emitted instructions are re-fed to the validation step, proceeding exactly the same way as the authentication step above, generating another PAC value PAC’, and if the newly generated PAC’ is the same as the originally computed PAC, it can be assured that no modification has taken place.
This kind of protection does not account for the fact that the just-in-time, JIT, compiler in most cases is not a 1 -pass compiler, and instructions will be written to memory and later re-visited to adjust e.g. branch targets or other re-location-specific data. Thus, instructions cannot be computed into the chain in sequence, since the verification and authentication need to match. Therefore, a JIT compiler will in general operate in a 2-pass or multipass fashion.
In the context of JIT compilers, 1-pass, 2-pass, and multipass compilation, wherein the word “compilation” may be omitted, refer to iterative compilation techniques. The 1-pass compilation method involves a single traversal of the bytecode to generate machine code. In contrast, the 2-pass compilation technique enhances optimization by first performing a preliminary analysis of the bytecode during the initial pass to gather detailed information about variables, data structures, and control flow, which is then utilized in a second or further pass to produce more optimized machine code. Multipass compilation further extends this concept by employing multiple passes, each dedicated to specific optimization tasks such as constant folding, loop unrolling, function inlining, and elimination of redundant instructions.
Herein, a chaining mechanism is described to specifically protect JIT emission in combination with 2-pass and, in general, multipass compilation.
With regard to Fig. 3 a first embodiment of the disclosure, a method for constructing a branching structure, i.e. a tree-like cryptographic hash structure, instead of a list is provided, with enough metadata to validate the tree during verification, and makes sure that any parts of the tree pre-maturely, before verification, written to memory are self-protecting.
This is achieved by creating a chained main hash from first instructions in conjunction with a first pass compilation SI, i.e. when the bytecode is transposed to machine code in the first pass compilation. For ease of understanding, the wording “chained main hash” is used herein explicitly to also refer to a “pointer authentication chain” or any kind of cryptographic chain. The same is the case whenever the word “hash” or “seed hash” is used.
Some of the first instructions may either not immediately be written to memory at this point or they may be written to memory but still be updated later on. Such first instructions are tracked, rendering them tracked first instructions S2. If then a tracked first instruction is encountered S3, the address of the tracked first instruction can be added to the chained main hash S4. Alternatively, if a first instruction subject to being updated has been written, the address of this tracked first instruction and the instruction itself can be added to the chained main hash.
Based on the chained main hash and the address of the tracked first instruction, a seed hash is created S5. For example, a cryptographic hash function or a pointer authentication function may be used to obtain a seed hash from the main hash and the address of the tracked first instruction as inputs. In conjunction with a second or further pass compilation, the tracked first instruction may be updated with a second instruction S6. Herein, “second” pass may refer to any further pass, first and second or further pass compilation need not be consecutive compilation steps. Based on this second instruction and the seed hash, a branch hash may be created S7. Finally, after the memory has been sealed S8, meaning that WAX protection has been deployed in the memory pages in which the program code has been saved, the branch hash can be validated S9.
Fig. 2 shows an exemplary process for ARM processors according to the above procedure. In step 201, instructions that are identified for backtracking are validated with others as described with regard to Fig. 1. Namely, by default, instructions are chained just like in Fig. 1. However, the JIT compiler will track instructions that later will be updated / written, and when such a location is encountered, a new record is added to a data structure that is best described as an ordered list with the address as the key - i.e. the location of the instruction to later be updated serves best as the indexing parameter. During this first pass compilation, when the instruction to be written is not finalized, the address of the location is added, instead of the instruction, to the main hash chain generation. Furthermore, in this case, the resulting PACGA value, Px in picture, is added to the data structure. It locks the location of the “branch of the chain” and will be used as a seed value later for extending towards the “leaf’ of this specific branch. In step 202, a chain split is performed. Px is obtained via the ARM PACGA instruction from the content of the register in which the PAC value is stored and the address of the tracked first instruction as inputs. Px corresponds to the seed hash above. In step 203, a value Py is obtained via the ARM PACGA instruction from Px and the instruction introduced upon the second or further pass compilation. Py corresponds to the branch hash above. In step 204, verification takes place. The verification proceeds by checking the instruction sequence and the ordered list in parallel. When a branch in the hash chain is encountered, namely ordered list address value matches address, the main chain is updated with the address as input, or alternatively with address and first pass output. After updating the chain, it is validated that Px in the data structure matches the current value of the PAC register. Additionally, a value Py’ is recalculated from Px and the final instruction, found in the instruction stream, and compared against Py in the data structure. If all of these checks pass, the branch is handled, the data structure element can be discarded, and the main chain can continue to be verified until a further tracked first address is encountered.
As mentioned above, the method may optionally be carried out on an ARM instruction set processor, or in general a Reduced Instruction Set Computer, RISC, processor. However, Intel instruction set processors or other processors may also be used. The chained main hash and the branch hash may optionally be created by using the Pointer Authentication Code, using Generic key, PACGA, instruction on ARM instruction set processors. The chained main hash may be maintained in one processor register and the branch hash may be stored in a different processor register. Program execution may be aborted if at least one of the chained main hash, the seed hash and the branch hash cannot be validated. The seed hash may optionally be calculated further based on the tracked first instruction by being XORed with the chained main hash. As mentioned in with regard to the initial definitions, XORing refers to the operation of the Exclusive OR, XOR, logical function, which is a fundamental operation in digital logic and cryptography. XORing operates on two binary inputs and produces a binary output according to the rule that the output is true, or 1 , if and only if the inputs are different; that is, one input is true and the other is false. Several XORing operations are known to a person skilled in the art, e. g. Bitwise XORing, Block XORing, Byte-wise XORing, Circular XORing and XORing herein encompasses each of these variants but is not limited to any of them.
In conjunction with the method for constructing a branching structure proposed above, an enhancement to traditional chaining methods employing the PACGA instruction on ARM processors is described herein. Commonly, the PACGA instruction uses two 64-bit inputs. However, commonly 64-bit addresses or instructions are not required, thus shorter inputs, for example 32- bit inputs, could be used. It is understood by a person skilled in the art that the input PACGA takes are two source registers of the processor, thus using “input instructions” refers to a process wherein input instructions are combined into at least one of the PACGA input registers and then used as input. This allows for using three or more input instructions for Pointer Authentication Code, using Generic key, PACGA, wherein at least one input instruction of the plurality of input instructions is XORed with a current content of a PAC register for chaining, current content meaning the PACGA output, the PACGA output having a length of 32 bits, as do ARM instructions. This method can either be used instead of the method presented initially and with regard to Fig. 1 or in addition to the method presented with regard to specifically protecting JIT emission in combination with 2 -pass and, in general, multipass compilation.
The aforementioned method regarding the enhancement to traditional chaining methods employing the PACGA instruction on ARM processors may be used either independently or in combination with the above-mentioned method for constructing a branching structure.
An exemplary method is described in Fig. 4. The PACGA instruction takes as input to 64-bit register values, and ARM instructions are 32 bit in size. Thus, two can be packed together as one input - 2 inputs, 4 input instructions. Further, PACGA provides a 32-bit output, the MAC, that may be chained into the next operation. This is done by XORing the previous value with Instruction! before combining it with the other three input instructions. This is possible, since the output is a cryptographic MAC, i.e. there cannot be any bias in the bits that will lower the validity of input from Instruction 1.
The above methods may also be implemented as computer-implemented methods, wherein a processor is instructed to carry out the steps of creating a chained main hash from first instructions in conjunction with a first pass compilation, tracking first instructions as outlined above, if a tracked first instruction is encountered, adding the address of the tracked first instruction to the chained main hash, creating a seed hash based on the chained main hash and the address of the tracked first instruction, in conjunction with a second or further pass compilation, updating the tracked first instruction with a second instruction, creating a branch hash based on the seed hash and the second instruction and then validating, after the memory has been sealed, the branch hash.
This may further be combined in an ARM processor with processor instructions to the effect of using three or more input instructions for Pointer Authentication Code, using Generic key, PACGA, wherein at least one input instruction of the plurality of input instructions is XORed with a current content of a PAC register for chaining.
The plurality of the input instructions may comprise four input instructions in sequential order, and therein, the at least one instruction may be a first input instruction of the four input instructions. An exemplary method is described with Fig. 3 above.
The method above regarding an ARM processor with processor instructions to the effect of using three or more input instructions for Pointer Authentication Code, using Generic key, PACGA, wherein at least one input instruction of the plurality of input instructions is XORed with a current content of a PAC register for chaining, may also be used independently.
The foregoing description merely provides examples of specific implementations of this application, but are not intended to limit the protection scope of this application. Any variation or replacement readily figured out by a person skilled in the art within the technical scope disclosed in this application shall fall within the protection scope of this application. Therefore, the protection scope of this application shall be subject to the protection scope of the claims.

Claims

1. A method for just-in-time emission protection comprising: in conjunction with a first pass compilation, creating a chained main hash from first instructions (SI); tracking tracked first instructions, wherein the tracked first instructions are a subset of the first instructions subject to being updated or written to memory later on (S2); if a tracked first instruction is encountered (S3), adding the address of the tracked first instruction to the chained main hash (S4); creating a seed hash based on the chained main hash and the address of the tracked first instruction (S5); in conjunction with a second or further pass compilation, updating the tracked first instruction with a second instruction (S6); and creating a branch hash based on the seed hash and the second instruction (S7)); validating, after the memory has been sealed (S8), the branch hash (S9).
2. The method of claim 1, wherein the method is carried out on an ARM instruction set processor.
3. The method of claim 2, wherein the chained main hash and the branch hash are created by using the Pointer Authentication Code, using Generic key, PACGA, instruction.
4. The method of claim 1 to 3, wherein the chained main hash is maintained in a processor register and the branch hash is stored in a different processor register.
5. The method of claim 1 to 4, wherein program execution is aborted if at least one of the chained main hash, the seed hash and the branch hash cannot be validated.
6. The method of claim 1 to 5, wherein the tracked first instruction resulting after the first pass compilation is stored for backup and wherein the seed hash is calculated further based on the tracked first instruction.
7. The method of claim 6, wherein the seed hash is calculated further based on the tracked first instruction by being XORed with the chained main hash.
8. The method of claim 2 to 7, wherein the method further comprises: using three or more input instructions for Pointer Authentication Code, using Generic key, PACGA, wherein at least one input instruction of the plurality of input instructions is XORed with a current content of a PAC register for chaining.
9. A method for just-in-time emission protection in an ARM instruction set processor, comprising: using three or more input instructions for Pointer Authentication Code, using Generic key, PACGA, wherein at least one input instruction of the plurality of input instructions is XORed with a current content of a PAC register for chaining.
10. The method of claim 9, wherein the plurality of the input instructions comprises four input instructions in sequential order, and wherein the at least one instruction is a first input instruction of the four input instructions.
11. A computer implemented method for just-in-time emission protection comprising instructions carried out by a processor as follows: in conjunction with a first pass compilation, creating a chained main hash from first instructions (SI); tracking tracked first instructions, wherein the tracked first instructions are a subset of the first instructions subject to being updated or written to memory later on (S2); if a tracked first instruction is encountered (S3), adding the address of the tracked first instruction to the chained main hash (S4); creating a seed hash based on the chained main hash and the address of the tracked first instruction (S5); in conjunction with a second or further pass compilation, updating the tracked first instruction with a second instruction (S6); and creating a branch hash based on the seed hash and the second instruction (S7); validating, after the memory has been sealed (S8), the branch hash (S9).
12. The method of claim 11, wherein the processor is an ARM instruction set processor and wherein the chained main hash and the branch hash are created by using the Pointer Authentication Code, using Generic key, PACGA instruction.
13. A computer implemented method for just-in-time emission protection comprising instructions carried out by an ARM processor as follows: using three or more input instructions for Pointer Authentication Code, using Generic key, PACGA, wherein at least one input instruction of the plurality of input instructions is XORed with a current content of a PAC register for chaining.
14. A computer implemented method according to claim 13, wherein the plurality of the input instructions comprises four input instructions in sequential order, and wherein the at least one instruction is a first input instruction of the four input instructions.
15. An ARM instruction set processor comprising means for carrying out hardware-assisted just-in-time emission protection according to the method of claim 12 incorporating the steps of claim 13 or claim 14.
PCT/EP2024/068196 2024-06-27 2024-06-27 Hardware-assisted jit emission protection Pending WO2026002387A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2024/068196 WO2026002387A1 (en) 2024-06-27 2024-06-27 Hardware-assisted jit emission protection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2024/068196 WO2026002387A1 (en) 2024-06-27 2024-06-27 Hardware-assisted jit emission protection

Publications (1)

Publication Number Publication Date
WO2026002387A1 true WO2026002387A1 (en) 2026-01-02

Family

ID=91737815

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2024/068196 Pending WO2026002387A1 (en) 2024-06-27 2024-06-27 Hardware-assisted jit emission protection

Country Status (1)

Country Link
WO (1) WO2026002387A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1870814A1 (en) * 2006-06-19 2007-12-26 Texas Instruments France Methods, apparatus, and systems for secure demand paging and other paging operations for processor devices
US20220027452A1 (en) * 2018-09-11 2022-01-27 Apple Inc. Dynamic switching between pointer authentication regimes
WO2023169654A1 (en) * 2022-03-08 2023-09-14 Huawei Technologies Co., Ltd. Control flow integrity

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1870814A1 (en) * 2006-06-19 2007-12-26 Texas Instruments France Methods, apparatus, and systems for secure demand paging and other paging operations for processor devices
US20220027452A1 (en) * 2018-09-11 2022-01-27 Apple Inc. Dynamic switching between pointer authentication regimes
WO2023169654A1 (en) * 2022-03-08 2023-09-14 Huawei Technologies Co., Ltd. Control flow integrity

Similar Documents

Publication Publication Date Title
JP7154365B2 (en) Methods for securing software code
US11947663B2 (en) Control flow protection based on phantom addressing
US8874928B2 (en) System and method for obfuscating constants in a computer program
US8615735B2 (en) System and method for blurring instructions and data via binary obfuscation
Shivakumar et al. Typing high-speed cryptography against spectre v1
CN109858253B (en) LBR-based stack buffer overflow attack defense method
CN101866406A (en) A defense method for stack overflow attack
Danger et al. CCFI-cache: A transparent and flexible hardware protection for code and control-flow integrity
JP2011170836A (en) Information processing apparatus and program, information processing method, and recording medium
Chen et al. From speculation to security: Practical and efficient information flow tracking using speculative hardware
US10528729B2 (en) Methods and systems for defending against cyber-attacks
Gil et al. There's a Hole in the Bottom of the C: On the Effectiveness of Allocation Protection
Lian et al. A Call to ARMs: Understanding the Costs and Benefits of JIT Spraying Mitigations.
WO2026002387A1 (en) Hardware-assisted jit emission protection
CN117972799A (en) Pointer protection method and computer system applied to ARM processor
Baumann et al. FSLH: Flexible Mechanized Speculative Load Hardening
Lehniger et al. Combination of ROP Defense Mechanisms for Better Safety and Security in Embedded Systems
US20220292182A1 (en) Method for the execution of a binary code of a computer program by a microprocessor
Shi et al. Automatic Patching of Smart Contract Vulnerabilities Based on Comprehensive Bytecode Rewriting
US20230418950A1 (en) Methods, Devices, and Systems for Control Flow Integrity
Massidda et al. Bringing binary exploitation at port 80: Understanding C vulnerabilities in WebAssembly
Torres et al. Elysium: Automagically healing vulnerable smart contracts using context-aware patching
Jiang et al. WaShadow: Effectively Protecting WebAssembly Memory Through Virtual Machine-Aware Shadow Memory
WO2021148134A1 (en) Apparatus and method for software security
CN114266036B (en) Method for protecting general memory integrity based on Intel CET mechanism