DETAILED ACTION

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in reply to applicant’s correspondence of 11/16/2021. Claims 1, 5, 7, 9, 13, 15, 17, 21, and 23 have been amended. Claims 2 – 4, 10 – 12, and 18 – 20 are canceled. Claims 1, 5 – 9, 13 – 17, and 21 – 24 are pending for consideration. 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, prosecution in this application has been reopened pursuant to 37 CFR 1.114. Applicant's submission filed on 11/16/2021 has been entered.

Response to Arguments
Applicant's arguments filed on 11/16/2021 have been fully considered but they are moot in view of new grounds of rejection.

Information Disclosure Statement
The information disclosure statement (IDS) dated 11/16/2021 has been received and considered.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 5 – 9, 13 – 17, and 21 – 24 are rejected under 35 U.S.C. 103 as being unpatentable over Hamlen (US 2020/0117803) (hereafter Hamlen), in view of Liu et al. (US 2018/0225446) (hereafter Liu), in view of McLachlan et al. (US 2014/0344924) (hereafter McLachlan), and in view of Gleeson et al. (US 2017/0140148) (hereafter Gleeson).


Regarding claim 1 Hamlen teaches: A device configured to ensure control flow integrity, the device comprising: a memory to store application instructions of an application to be executed, the application including a plurality of functions (Hamlen in Para. [0006] discloses “Application code that exists within trusted logical application areas, such as, system libraries and other OS modules, typically cannot be modified, and sometimes not examined, by the CFI/SFI process, since they are part of the protected runtime system” Hamlen in Para. [0102] discloses “the computers are programmed or store executable programs of sequences of software instructions to perform one or more of the steps of the methods.”); processing circuitry to: identify, based on a data flow analysis, entry points of each of the functions (Examiner note: API stands for the Application Programming Interface) (Hamlen in Para. [0024] discloses “this disclosure demonstrates object flow integrity (OFI) processes. OFI is a process for imbuing CFI/SFI processes to provide support for immutable, trusted modules with object-like APIs” Hamlen in Para. [0021] discloses “The function entry points are divulged to untrusted modules at runtime within vtables of shared object data structures produced by trusted modules.”),
 the entry points including one or more forward edge entry points and one or more backward edge entry points for each function of the functions (Examiner note: identifying forward/backward edge points is met by tracking the control-flow containing edge point information) (Hamlen in Para. [0045] discloses “CFI/SFI control flow policies typically consist of a graph of whitelisted control flow edges that is consulted and enforced by CFI/SFI guard code before the control flow transfer from untrusted modules.”),
[the forward edge entry points including a function call location and the backward edge entry points including a function return location;] (ref. Liu)
maintain a shadow copy of each of only forward edge entry points of the forward edge entry points that include a one-to-one correspondence with a function (Examiner note: a one-to-one correspondence between entry points and functions is met by the graph of whitelisted control flow edges of functions) (Hamlen in Para. [0045] discloses “CFI/SFI control flow policies typically consist of a graph of whitelisted control flow edges that is consulted and enforced by CFI/SFI guard code before the control flow transfer from untrusted modules.”); 
[generate a whitelist for each function, the whitelist including the identified entry points; add additional instructions to the application to include a whitelist check at the entry points to each of the functions] (ref. McLachlan)
including using the shadow copy of the forward edge entry points in the whitelist check; (Examiner note: shadow copy is met by the shadow stack) (Hamlen in Para. [0061] discloses “if the underlying CFI/SFI system enforces return flows via a shadow stack, the OFI process validates the return address on the shadow stack, and then allows returning to the return trampoline.”).
[and replace any indirect branch instructions of the application instructions corresponding to an entry point of the entry points with a conditional statement and a direct branch instruction, a direct branch instruction indicating a destination in the instruction itself and an indirect branch indicating a variable that indicates the destination.] (ref. Gleeson)
Hamlen fails to explicitly teach: the forward edge entry points including a function call location and the backward edge entry points including a function return location
Liu from the analogous technical field teaches: the forward edge entry points including a function call location and the backward edge entry points including a function return location (Liu, in Para. [0091] discloses “a matching edge entry is found in the credit-labeled ITC CFG 110, then control passes to 540.” Liu, in Para. [0094] discloses “At a very basic level, the kernel module 112 ensures that process trace packets of intercepted system calls conform to the conservative CFG based implementation of CFI enforcement with the fine-grained forward edge analysis. In addition, for backward edge analysis, a shadow stack is maintained using the instruction flow layer of abstraction, and compared with the traced packets to enforce a single-target policy for the return branches.”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hamlen, in view of the teaching of Liu which discloses forward/backward edge entries controlled by CFG in order to improve control flow integrity in the system of Hamlen (Liu, [0091, 0094]).
Hamlen as modified fails to explicitly teach: generate a whitelist for each function, the whitelist including the identified entry points; add additional instructions to the application to include a whitelist check at the entry points to each of the functions
McLachlan from the analogous technical field teaches: generate a whitelist for each function, the whitelist including the identified entry points; (Examiner note: CPE stands for the Call Path Enforcement) (McLachlan, in Para. [0005] discloses “The CPE constructs a whitelist of authorized execution paths to the selected function based on the identified execution paths.” McLachlan, in Para [0021] discloses “The disclosed call path enforcement (CPE) obfuscation technique uses static information about a program's control flow to identify acceptable execution paths to a selected function.”); add additional instructions to the application to include a whitelist check at the entry points to each of the functions (Examiner note: adding instruction to the application based on a whitelist is met by construction a specified polynomial representing execution instructions for applications) (McLachlan, in Para. [0024] discloses “Using the identified execution paths to the protected function, the CPE can construct a whitelist of authorized execution paths. The whitelist can include all of the identified execution paths.” McLachlan, in Para. [0025] discloses “This makes it possible for the CPE to treat the stub function as an entry point (or root) function, and identify all execution paths from the stub function to the protected function.” MacLachlan, in Para. [0030] discloses “Once the CPE has generated a representation for each authorized path on the whitelist, the CPE can construct a polynomial that represents the whitelist for the protected function.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hamlen, as modified by Liu,  in view of the teaching of McLachlan which discloses generation of whitelist for identified functions and construction of specified instruction in forms of polynomial with execution instruction for application in order to improve a data-flow control in the system Hamlen/Liu (McLachlan, [0005, 0021, 0024, 0025, 0030]).
Hamlen as modified fails to explicitly teach: and replace any indirect branch instructions of the application instructions corresponding to an entry point of the entry points with a conditional statement and a direct branch instruction, a direct branch instruction indicating a destination in the instruction itself and an indirect branch indicating a variable that indicates the destination
Gleeson from the analogous technical field teaches: and replace any indirect branch instructions of the application instructions corresponding to an entry point of the entry points with a conditional statement and a direct branch instruction, a direct branch instruction indicating a destination in the instruction itself and an indirect branch indicating a variable that indicates the destination (Gleeson, in Para [0098] discloses “At operation 730, the post-processing application is configured to replace each indirect branch (e.g., BLR) with a direct branch to an authentication function that executes the function if the function execution starts at an authorized start point.” Gleeson, in Para [0099] discloses “Because all indirect branch instructions are replaced with a direct branch to the authentication function, the authentication function loads a 32-bit word before the target address of the indirect branch.”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hamlen, as modified by Liu and McLachlan, in view of the teaching of Gleeson which discloses replacement of indirect branch instructions by the direct branch in order to improve security of the control flow integrity in the system of Hamlen/Liu/McLachlan (Gleeson [0098, 0099]).

Regarding claim 5 Hamlen as modified by Liu fails to explicitly teach: The device of claim 1, wherein an application instruction address immediately after the function call and in the function is on a whitelist for the return call site of the function.
McLachlan from the analogous technical field teaches: The device of claim 1, wherein an application instruction address immediately after the function call and in the function is on a whitelist for the return call site of the function (McLachlan in Para. [0005] discloses “The CPE constructs a whitelist of authorized execution paths to the selected function based on the identified execution paths. The whitelist can include all identified execution paths, or can be limited to those execution paths with a path length less than or equal to a predefined maximum path length.” McLachlan, in Para [0021] discloses “The disclosed call path enforcement (CPE) obfuscation technique uses static information about a program's control flow to identify acceptable execution paths to a selected function.” McLachlan in Para. [0028] discloses “when a function is called the runtime stack expands downward by adding a new stack frame for the function to the runtime stack. When that function completes, the stack frame is removed from the runtime stack. A stack frame can contain local variables, arguments, CPU register contents, return address, and other information for the function”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hamlen, as modified by Liu, in view of the teaching of McLachlan which discloses generation of whitelist containing all the information of call functions in order to improve a data-flow control in the system of Hamlen/Liu (McLachlan, [0005, 0021, 0028]).

Regarding claim 6 Hamlen, as modified, further teaches: The device of claim 1, wherein the processing circuitry is further to form a shadow verification stack of forward edges for each function of the functions that includes a recursive function that references a forward edge entry point (Hamlen, in Para. [0061] discloses “CFI/SFI system enforces return flows via a shadow stack, the OFI process validates the return address on the shadow stack, and then allows returning to the return trampoline.” Hamlen, in Para. [0084] discloses “Recursive types (534) are enforced as a loop that lazily unrolls the type equi-recursively.”).

Regarding claim 7 Hamlen, as modified, further teaches: The device of claim 6, wherein the processing circuitry is further to add further additional instructions that push a shadow copy of the forward edge entry point onto a corresponding shadow verification stack (Hamlen in Para. [0061] discloses “if the underlying CFI/SFI system enforces return flows via a shadow stack, the OFI process validates the return address on the shadow stack, and then allows returning to the return trampoline.”) immediately after an additional instruction of the additional instructions that updates a forward edge entry point variable of a function of the functions (Hamlen in Para. [0021] discloses “The function entry points are divulged to untrusted modules at runtime within vtables of shared object data structures produced by trusted modules.”) and pops the shadow copy of the forward edge entry point off the stack for shadow verification immediately before the function is called (Hamlen in Para. [0071] discloses “A separate verifier module 230 independently validates control flow safety of the newly rewritten binary code.” Hamlen in Para. [0061] discloses “the OFI process validates the return address on the shadow stack, and then allows returning to the return trampoline.”).

Regarding claim 8 Hamlen as modified fails to explicitly teach: The device of claim 1, wherein the processing circuitry is further to prune the whitelist including a reduction of a whitelist based on an entry point of a function of the plurality of functions at runtime.
McLachlan from the analogous technical field teaches: The device of claim 1, wherein the processing circuitry is further to prune the whitelist including a reduction of a whitelist based on an entry point of a function of the plurality of functions at runtime (McLachlan, in Para [0021] discloses “The disclosed call path enforcement (CPE) obfuscation technique uses static information about a program's control flow to identify acceptable execution paths to a selected function.” McLachlan, in Para [0024] discloses “the whitelist can be restricted to only those execution paths with a path length less than or equal to a predefined maximum path length.” McLachlan, in Para [0025] discloses “This makes it possible for the CPE to treat the stub function as an entry point (or root) function, and identify all execution paths from the stub function to the protected function.” McLachlan, in Para [0046] discloses “The whitelist can include all of the identified execution paths or can be restricted to only those execution paths with a path length less than or equal to a predefined maximum path length.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Hamlen, as modified by Liu, in view of the teaching of McLachlan which discloses reduction of whitelist based on identified entry points of functions in order to improve a data-flow control in the system of Hamlen/Liu (McLachlan, [0021, 0024, 0025, 0046]).

Regarding claim 9, claim 9 discloses a medium that is substantially equivalent to the device of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 9 and rejected for the same reasons.

Regarding claim 13, claim 13 depended on claim 9 discloses a medium that is substantially equivalent to the device of claim 5 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 5 are equally applicable to claim 13 and rejected for the same reasons.

Regarding claim 14, claim 14 depended on claim 9 discloses a medium that is substantially equivalent to the device of claim 6 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 6 are equally applicable to claim 14 and rejected for the same reasons.

Regarding claim 15, claim 15 depended on claim 14 discloses a medium that is substantially equivalent to the device of claim 7 dependent on claim 6. Therefore, the arguments set forth above with respect to claim 7 are equally applicable to claim 15 and rejected for the same reasons.

Regarding claim 16, claim 16 depended on claim 9 discloses a medium that is substantially equivalent to the device of claim 8 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 8 are equally applicable to claim 16 and rejected for the same reasons.

Regarding claim 17, claim 17 discloses a method that is substantially equivalent to the device of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 17 and rejected for the same reasons.
 
Regarding claim 21, claim 21 depended on claim 17 discloses a method that is substantially equivalent to the device of claim 5 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 5 are equally applicable to claim 21 and rejected for the same reasons.

Regarding claim 22, claim 22 depended on claim 17 discloses a method that is substantially equivalent to the device of claim 6 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 6 are equally applicable to claim 22 and rejected for the same reasons.

Regarding claim 23, claim 23 depended on claim 22 discloses a method that is substantially equivalent to the device of claim 7 dependent on claim 6. Therefore, the arguments set forth above with respect to claim 7 are equally applicable to claim 23 and rejected for the same reasons.

Regarding claim 24, claim 24 depended on claim 17 discloses a method that is substantially equivalent to the device of claim 8 dependent on claim 1. Therefore, the arguments set forth above with respect to claim 8 are equally applicable to claim 24 and rejected for the same reasons.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VLADIMIR IVANOVICH GAVRILENKO whose telephone number is (313)446-6530.  The examiner can normally be reached on Monday-Friday 7:30-4:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published 
/Vladimir I. Gavrilenko/Examiner, Art Unit 2431    

/TRANG T DOAN/Primary Examiner, Art Unit 2431