公开(公告)号：US10671730B2

公开(公告)日：2020-06-02

申请号：US15749169

申请日：2016-07-07

Applicant: ARM IP LIMITED

Inventor： Jonathan Austin ,  Milosch Meriac ,  Thomas Grocutt ,  Geraint Luff

IPC: G06F9/44 ,  G06F21/57 ,  G06F21/64 ,  G06F21/74 ,  G06F9/445 ,  G06F21/32

Abstract: A machine-implemented method is provided for securing a storage-equipped device against introduction of malicious configuration data into configuration data storage, the method comprising steps of receiving by the device, a trusted signal for modification of the configuration of the device; responsive to the receiving, placing the device into a restricted mode of operation and at least one of deactivating a service and rebooting the device; responsive to the placing the device into the restricted mode of operation and the deactivating or rebooting, permitting configuration data entry into a restricted portion of the configuration data storage. A corresponding device and computer program product are also described.

公开(公告)号：US11366904B2

公开(公告)日：2022-06-21

申请号：US15748788

申请日：2016-08-01

Applicant: ARM IP LIMITED

Inventor： Geraint Luff ,  Thomas Grocutt ,  Milosch Meriac ,  Jonathan Austin

IPC: G06F21/57 ,  G06F21/64 ,  G06F21/74 ,  G06F21/78 ,  H04L41/0859

Abstract: A machine-implemented method for controlling a configuration data item in a storage-equipped device having at least two security domains, comprising receiving, by one of the security domains, a configuration data item; storing the configuration data item; providing a security indication for the configuration data item; and when an event indicates untrustworthiness of the data item, invalidating a configuration effect of the stored configuration data item. Further provided is a machine-implemented method for controlling a storage-equipped device as a node in a network of devices, comprising receiving information that a data source or type of a configuration data item is untrusted; analysing metadata for the data source and the configuration data item; populating a knowledge base with analysed metadata; and responsive to the analysed metadata, transmitting security information to the network of devices. A corresponding device and computer program product are also described.