-
公开(公告)号:US20190065405A1
公开(公告)日:2019-02-28
申请号:US16002872
申请日:2018-06-07
Applicant: QUALCOMM Incorporated
Inventor: Kevin Christopher GOTZE , Can ACAR , David HARTLEY , Qing LI , Daniel GODAS-LOPEZ
Abstract: Several features pertain to computing systems equipped to perform speculative processing and configured to access device memory (e.g. non-speculative or unspeculatable memory) and non-device memory (e.g. speculative or speculatable memory). Malicious attacks may seek to obtain sensitive information from such systems by exploiting speculative code execution. Herein, techniques are described whereby sensitive data is protected from such attacks by placing the data in a page of memory not ordinarily used as device memory, and then designating or marking the page as device memory (e.g. marking the page as unspeculatable). By designating the page as unspeculatable device memory, the processor does not speculatively access the sensitive information (e.g. speculation stops once a branch is invoked that would access the page) and so certain types of attacks can be mitigated. In some examples, additional malicious attack defenses or mitigations are performed such as address space un-mapping, address space layout randomization, or anti-replay-protection.
-
Patent Agency Ranking
公开(公告)号:US20160110545A1
公开(公告)日:2016-04-21
申请号:US14517572
申请日:2014-10-17
Applicant: QUALCOMM Incorporated
Inventor: Can ACAR , Arvind KRISHNASWAMY , Robert TURNER
CPC classification number: G06F21/56 , G06F21/52 , G06F21/554
Abstract: Techniques for enforcing flow control of a software program in a processor are provided. An example method according to these techniques includes analyzing program code of the software program to identify a code pointer in the program code, generating an authentication tag based on the code pointer, and modifying the code pointer in the program code with the authentication tag to generate a tagged code pointer.
Abstract translation: 提供了用于在处理器中执行软件程序的流控制的技术。 根据这些技术的示例性方法包括分析软件程序的程序代码以识别程序代码中的代码指针,基于代码指针生成认证标签,并用认证标签修改程序代码中的代码指针以产生 一个标记的代码指针。
-
公开(公告)号:US20190102540A1
公开(公告)日:2019-04-04
申请号:US16142611
申请日:2018-09-26
Applicant: QUALCOMM Incorporated
Inventor: Can ACAR , Robert TURNER , Alexander GANTMAN
Abstract: A method is provided for safely executing dynamically generated code to avoid the possibility of an attack in unprotected memory space. Upon ascertaining that dynamically generated code is to be executed, a processing circuit and/or operating system kernel restrict the dynamically generated code to use a first memory region within an unprotected memory space, where the first memory region is distinct (e.g., reserved) from other memory regions used by other processes executed by the processing circuit. A first processing stack is maintained for the dynamically generated code within the first memory region. This first processing stack is separate from a general processing stack used by other processes executed by the processing circuit. A stack pointer is switched/pointed to the first processing stack when the dynamically generated code is executed and the stack pointer is switched/pointed to the general processing stack when the dynamically generated code ends.
-
公开(公告)号:US20160224784A1
公开(公告)日:2016-08-04
申请号:US14612067
申请日:2015-02-02
Applicant: QUALCOMM Incorporated
Inventor: Arvind KRISHNASWAMY , Can ACAR , Robert TURNER
CPC classification number: G06F21/52 , G06F11/10 , G06F12/0875 , G06F15/7846 , G06F21/44 , G06F21/51 , G06F2212/451
Abstract: A method of producing a control stack includes: writing a plurality of control information entries into a control stack buffer that is internal to a processor in response to one or more function calls; and in response to the control stack buffer being full and receiving a further function call, writing: the plurality of control information entries to an external memory that is external to the processor; and a further control information entry, corresponding to the further function call, to the control stack buffer.
Abstract translation: 一种产生控制堆栈的方法包括:响应于一个或多个功能调用将多个控制信息条目写入处理器内部的控制堆栈缓冲器; 并且响应于所述控制堆栈缓冲器已满并接收另外的功能调用,将所述多个控制信息条目写入到处理器外部的外部存储器; 以及对应于进一步的功能调用的另一个控制信息条目提供给控制栈缓冲器。
-
公开(公告)号:US20240403411A1
公开(公告)日:2024-12-05
申请号:US18697722
申请日:2022-11-17
Applicant: QUALCOMM Incorporated
Inventor: Sundeep KUSHWAHA , Arvind KRISHNASWAMY , Sergei LARIN , Can ACAR , Tianshuo SU , Awanish PANDEY , Richard SENIOR
Abstract: Various embodiments include methods and devices for maintaining control flow integrity in computing devices. Embodiments may include identifying indirect function call candidate functions from a source code by a compiler, replacing, by the compiler, an indirect function call from the source code with a call to a wrapper function, and collocating the indirect function call candidate functions in at least one range of addresses of memory by a linker. The wrapper function may be configured to determine whether an address to be passed to the indirect function call is within the at least one range of addresses of memory.
-
6.发明申请公开(公告)号:US20180109552A1
公开(公告)日:2018-04-19
申请号:US15293789
申请日:2016-10-14
Applicant: QUALCOMM Incorporated
Inventor: Nico GOLDE , Can ACAR , Robert TURNER , Patrick STEWIN
CPC classification number: H04W4/023 , H04W12/1008 , H04W12/1202 , H04W36/14
Abstract: Techniques for mitigating an attack on baseband on a mobile wireless device are provided. An example method according to these techniques includes detecting a network switch event in which the mobile wireless device has disconnected from a first wireless network and connected to a second wireless network, performing an integrity check on one or more components of the mobile wireless device responsive to detecting the network switch event, and performing one or more actions responsive to the integrity check indicating that the one or more components of the mobile wireless device have been modified.
-
-
-
-
-
Search Results
6
records
(took 0.056 seconds)
