公开(公告)号：EP3195178B1

公开(公告)日：2019-02-20

申请号：EP15824645.4

申请日：2015-07-21

申请人： GrammaTech, Inc.

发明人： MELSKI, David Gordon ,  KENNEDY, Nathan Taylor ,  DEHAAS, Drew Christian

IPC分类号： G06F21/54 ,  G06F12/14 ,  G06F12/02

公开(公告)号：EP3195178A1

公开(公告)日：2017-07-26

申请号：EP15824645.4

申请日：2015-07-21

申请人： GrammaTech, Inc.

发明人： MELSKI, David Gordon ,  KENNEDY, Nathan Taylor ,  DEHAAS, Drew Christian

IPC分类号： G06F21/56

CPC分类号： G06F21/54 ,  G06F12/023 ,  G06F12/1441 ,  G06F21/577 ,  G06F2221/033

摘要： Certain example embodiments described herein relate to techniques for automatically protecting, or hardening, software against exploits of memory-corruption vulnerabilities. The techniques include arranging a plurality of guard regions in the memory in relation to data objects formed by the application program, identifying an access by the application program to a guard region arranged in the memory as a disallowed access, and modifying the execution of the application program in response to the identifying, the modifying being in order to prevent exploitation of the memory and/or to correctly execute the application program.

摘要翻译： 此处描述的某些示例实施例涉及用于自动保护或强化软件以抵抗内存破坏漏洞的攻击的技术。 所述技术包括：将多个保护区域相对于由应用程序形成的数据对象排列在存储器中;将应用程序对布置在存储器中的保护区域的访问标识为不允许的访问;以及修改应用的执行 响应于所述识别而编程，所述修改是为了防止利用所述存储器和/或正确地执行所述应用程序。

公开(公告)号：EP3726232A1

公开(公告)日：2020-10-21

申请号：EP20169415.5

申请日：2020-04-14

申请人： GrammaTech, Inc.

发明人： DICKENS, Jason Alvin

IPC分类号： G01R31/3193 ,  G01R31/3183

摘要： Systems, methods, and computer readable medium described herein relate to techniques for characterizing and/or anomaly detection in integrated circuits such as, but not limited to, field programmable gate arrays (FPGAs) and application-specific integrated circuits (ASICs). In one example aspect of certain example embodiments, a fully digital technique relies on the pulse width of signals propagated through a path under test. In another example aspect, the re-configurability of the integrated circuit is leveraged to combine the pulse propagation technique with a delay characterization technique to yield better detection of certain type of Trojans and the like. Another example aspect provides for running the test through reconfigurable path segments in order to isolate and identify anomalous circuit elements. Yet another example aspect provides for performing the characterization and anomaly detection without requiring golden references and the like.

公开(公告)号：EP3563231A1

公开(公告)日：2019-11-06

申请号：EP17886513.5

申请日：2017-10-12

申请人： GrammaTech, Inc.

发明人： NOONAN, Matthew ,  LOGINOV, Alexey ,  COK, David

IPC分类号： G06F8/40

公开(公告)号：EP3474148A1

公开(公告)日：2019-04-24

申请号：EP18212260.6

申请日：2015-07-21

申请人： GrammaTech, Inc.

发明人： MELSKI, David Gordon ,  KENNEDY, Nathan Taylor ,  DEHAAS, Drew Christian

IPC分类号： G06F12/14 ,  G06F21/54 ,  G06F12/02

摘要： A security-enhanced computing system comprises:
processing resources including at least one memory and at least one physical hardware processor coupled thereto, wherein the processing resources are configured to execute a security-enhanced application program by at least:
defining a plurality of guard regions in the memory in relation to data objects formed by the security-enhanced application program;
inserting guards in the guard regions arranged in the memory, wherein the guards are structured to include at least first and second guard values, the guards being inserted in the guard regions and structured to facilitate at least first and second checks, the first check being performed in connection with the first guard value, the second check being performed in connection with the second guard value, the first check being less computationally intensive than the second check, the second check being structured to compensate for a false positive generated by application of the first check;
determining whether an operation taken by the security-enhanced application program in connection with one of the guard regions arranged in the memory is disallowed by:
identifying an address associated with the operation,
performing the first check in connection with the identified address, the first check generating output indicating that either the operation is allowed or that further scrutiny is needed, and
performing the second check conditioned on the output generated by the first check indicating that further scrutiny is needed, the second check indicating whether the operation is disallowed; and

modifying the execution of the security-enhanced application program in response to a determination that the operation is determined to be disallowed, but otherwise permitting the execution of the security-enhanced application program.

公开(公告)号：EP3195178A4

公开(公告)日：2018-01-17

申请号：EP15824645

申请日：2015-07-21

申请人： GRAMMATECH INC

发明人： MELSKI DAVID GORDON ,  KENNEDY NATHAN TAYLOR ,  DEHAAS DREW CHRISTIAN

IPC分类号： G06F12/14 ,  G06F21/54

CPC分类号： G06F21/54 ,  G06F12/14 ,  G06F21/577 ,  G06F2221/033

摘要： Certain example embodiments described herein relate to techniques for automatically protecting, or hardening, software against exploits of memory-corruption vulnerabilities. The techniques include arranging a plurality of guard regions in the memory in relation to data objects formed by the application program, identifying an access by the application program to a guard region arranged in the memory as a disallowed access, and modifying the execution of the application program in response to the identifying, the modifying being in order to prevent exploitation of the memory and/or to correctly execute the application program.