发明申请
US20080189530A1 METHOD AND SYSTEM FOR HARDWARE BASED PROGRAM FLOW MONITOR FOR EMBEDDED SOFTWARE
有权
用于嵌入式软件的基于硬件的程序流程监控器的方法和系统
- 专利标题: METHOD AND SYSTEM FOR HARDWARE BASED PROGRAM FLOW MONITOR FOR EMBEDDED SOFTWARE
- 专利标题(中): 用于嵌入式软件的基于硬件的程序流程监控器的方法和系统
-
申请号: US11672288申请日: 2007-02-07
-
公开(公告)号: US20080189530A1公开(公告)日: 2008-08-07
- 发明人: Suzanne McIntosh , Daniel Brand , Matthew Kaplan , Paul A. Karger , Michael G. McIntosh , Elaine R. Palmer , Amitkumar M. Paradkar , David Toll , Samuel M. Weber
- 申请人: Suzanne McIntosh , Daniel Brand , Matthew Kaplan , Paul A. Karger , Michael G. McIntosh , Elaine R. Palmer , Amitkumar M. Paradkar , David Toll , Samuel M. Weber
- 申请人地址: US NY Armonk
- 专利权人: International Business Machines Corporation
- 当前专利权人: International Business Machines Corporation
- 当前专利权人地址: US NY Armonk
- 主分类号: G06F9/30
- IPC分类号: G06F9/30
摘要:
A method for malware detection, wherein the method includes: utilizing a hardware based program flow monitor (PFM) for embedded software that employs a static analysis of program code; marrying the program code to addresses, while considering which central processing unit (CPU) is executing the program code; capturing an expected control flow of the program code, and storing the control flow as physical address pairs of leaders and followers (LEAD-FOLL pair) in a Metadata Store (MDS) within the PFM; monitoring control flow at runtime by the PFM; and comparing runtime control flow with the expected control flow
公开/授权文献
信息查询
