公开(公告)号：US20240265083A1

公开(公告)日：2024-08-08

申请号：US18106750

申请日：2023-02-07

Applicant: Arm Limited

Inventor： Brendan James MORAN ,  Gustavo Federico PETRI ,  Thomas FOSSATI

IPC: G06F21/44

CPC classification number: G06F21/44

Abstract: A method to distribute verification of attestation evidence and a verifiable system are provided. Method includes receiving, at a secondary verifier operating in a verifiable system, a request from a relying party to perform a verification process with respect to attestation evidence of a device in communication with the relying party, communicating self-attestation evidence, by the secondary verifier, to a trusted verifier to generate an attestation report of the verifiable system, communicating the attestation report of the verifiable system or other indicator of trustworthiness to the relying party to indicate trustworthiness of the secondary verifier with respect to performing the verification process, and performing, by the secondary verifier, the verification process on the attestation evidence of the device in communication with the relying party. The verifiable system includes instructions of a secondary verifier stored and executed by the verifiable system to perform the method to distribute verification of attestation evidence.

公开(公告)号：US20240264924A1

公开(公告)日：2024-08-08

申请号：US18106666

申请日：2023-02-07

Applicant: Arm Limited

Inventor： Michael BARTLING ,  Brendan James MORAN ,  Andreas Lars SANDBERG

IPC: G06F11/36

CPC classification number: G06F11/3612 ,  G06F11/3664

Abstract: A computer implemented method is provided. The computer implemented method includes receiving an intermediate representation of a source code, intentionally injecting a weak code path at a point within the intermediate representation to create a modified intermediate representation, performing a path profiling on the modified intermediate representation to generate a particular path identifier for each path within the modified intermediate representation, and identifying the particular path identifier of the weak code path for use by a monitoring system. A monitoring system is also provided. The monitoring system monitors an executable code during runtime for execution of a path having a particular path identifier corresponding to the injected intentionally weak code path.

公开(公告)号：US20210011951A1

公开(公告)日：2021-01-14

申请号：US16509657

申请日：2019-07-12

Applicant: Arm Limited

Inventor： Brendan James MORAN

IPC: G06F16/901 ,  G06F9/48 ,  G06F9/46 ,  G06F9/50

Abstract: A computer-processor-implemented data processing method comprises: a computer processor executing instances of one or more processing functions, each instance of a processing function having an associated function-call identifier; and in response to initiation of execution by the computer processor of a given processing function instance configured to modify one or more pointers of a partitioned acyclic data structure: the computer processor storing the function-call identifier for that processing function instance in a memory at a storage location associated with the partitioned acyclic data structure; for a memory location which stores data representing a given pointer of the partitioned acyclic data structure, the computer processor defining a period of exclusive access to at least that memory location by applying and subsequently releasing an exclusive tag for at least that memory location; and the computer processor selectively processing the given pointer during the period of exclusive access in dependence upon whether the function-call identifier of the prevailing processing function instance is identical to the function-call identifier stored in association with the partitioned acyclic data structure.

公开(公告)号：US20210397747A1

公开(公告)日：2021-12-23

申请号：US16908853

申请日：2020-06-23

Applicant: Arm Limited

Inventor： Brendan James MORAN ,  Matthias Lothar BOETTCHER

IPC: G06F21/72 ,  H04L9/08

Abstract: A method of operation concealment for a cryptographic system includes randomly selecting which one of at least two cryptographic operation blocks receives a key to apply a valid operation to data and outputs a result that is used for subsequent operations. Noise can be added by operating the other of the at least two cryptographic operation blocks using a modified key. The modified key can be generated by mixing the key with a block-unique-identifier, a device secret, a slowly adjusting output of a counter, or a combination thereof. In some cases, noise can be added to a cryptographic system by transforming input data of the other cryptographic operation block(s) by mixing the input data with the block-unique-identifier, device secret, counter output, or a combination thereof. A cryptographic system with operation concealment can further include a distributed (across a chip) or interweaved arrangement of subblocks of the cryptographic operation blocks.

公开(公告)号：US20240419785A1

公开(公告)日：2024-12-19

申请号：US18211392

申请日：2023-06-19

Applicant: Arm Limited

Inventor： Michael BARTLING ,  Brendan James MORAN

IPC: G06F21/55 ,  G06F21/57

Abstract: A method includes receiving precursor alerts from a precursor detector that detects events from a processing unit, wherein each precursor alert comprises information of an event from the processing unit, the information of an event from the processing unit, detecting a first event in the precursor alerts indicating undesirable behavior and including a first score that is above a first value, setting a first timer for a first period of time, accumulating a score update with the first score of the first event. Upon the score update reaching or exceeding a first threshold value within the first period of time, generating a refined alert.

公开(公告)号：US20240303335A1

公开(公告)日：2024-09-12

申请号：US18178974

申请日：2023-03-06

Applicant: Arm Limited

Inventor： Michael BARTLING ,  Brendan James MORAN

IPC: G06F21/56 ,  G06F21/55

CPC classification number: G06F21/566 ,  G06F21/554 ,  G06F2221/034

Abstract: A behavioral system level detector and method that filters local alerts to generate system alerts with an increased confidence level is provided. The method includes receiving local alerts from a local detector that detects events from a processing unit, wherein each local alert comprises information of an event from the processing unit and a timing relationship for the event, filtering the local alerts to determine events indicating an undesirable behavior or attack, and responsive to the determination that there are events indicating the undesirable behavior or the attack, generating a system alert. The behavioral system-level detector includes a shared data structure for storing local alerts received from at least one local detector and system processing unit coupled to the shared data structure to receive the local alerts and coupled to receive state information from the processing units.

公开(公告)号：US20240264801A1

公开(公告)日：2024-08-08

申请号：US18106274

申请日：2023-02-06

Applicant: Arm Limited

Inventor： Brendan James MORAN ,  Michael BARTLING ,  Andreas Lars SANDBERG

IPC: G06F7/501 ,  G06F5/01

CPC classification number: G06F7/501 ,  G06F5/01

Abstract: A 1-hot path signature accelerator includes a register, first and second accumulator, and an outer product circuit. The register stores an input frame, where the input frame has, at most, one bit of each element set. The first accumulator calculates a present summation by adding the input frame to a previous sum of previous input frames inputted to the 1-hot path signature accelerator within a timeframe. The outer product circuit receives each element of the present summation from the first accumulator and each element of the input frame stored in the register to output a present outer product. Since the input frame has at most one bit of each element set, the outer product circuit is reduced to a logical operation. The second accumulator outputs a present second-layer summation by adding the present outer product to a previous second-layer sum of outputs from the outer product circuit within the timeframe.

公开(公告)号：US20240296049A1

公开(公告)日：2024-09-05

申请号：US18117186

申请日：2023-03-03

Applicant: Arm Limited

Inventor： Brendan James MORAN ,  Michael BARTLING

IPC: G06F9/30 ,  G06F9/38

CPC classification number: G06F9/30087 ,  G06F9/3861 ,  G06F11/34 ,  G06F2201/865 ,  G06F2201/88

Abstract: There is provided an apparatus and method, the apparatus comprising storage circuitry to store event information associated with instructions occurring between instrumentation points. The event information indicates a plurality of different types of events expected to occur during execution of the instructions. The event information comprises, for each event, type information indicating a type of that event and an expected number of occurrences of that event. The apparatus is also provided with monitoring circuitry comprising a plurality of programmable counters. The monitoring circuitry is responsive to a start instrumentation point, to assign at least a subset of the plurality of programmable counters to measure, during execution of the program instructions, occurrences of the plurality of different types of events identified in the event information. The monitoring circuitry is responsive to at least one counter deviating from the expected number of occurrences indicated by that counter, to perform a predetermined action.

公开(公告)号：US20240078326A1

公开(公告)日：2024-03-07

申请号：US17903267

申请日：2022-09-06

Applicant: Arm Limited

Inventor： Brendan James MORAN ,  Adrian Laurence SHAW ,  Andreas Lars SANDBERG

IPC: G06F21/60 ,  G06F21/53

CPC classification number: G06F21/604 ,  G06F21/53

Abstract: An apparatus and method are described for providing a trusted execution environment. The apparatus comprises processing circuitry to execute program code, and interrupt controller circuitry, responsive to receipt of one or more interrupt requests, to select a given interrupt request from amongst the one or more interrupt requests, and to issue an interrupt signal to the processing circuitry identifying a given interrupt service routine providing program code to be executed by the processing circuitry to service the given interrupt request. The interrupt controller circuitry is responsive to the given interrupt request being a trusted execution environment (TEE) interrupt request, to issue the interrupt signal to identify as the given interrupt service routine a TEE interrupt service routine, and to inhibit issuance of any further interrupt signal until the TEE interrupt service routine has been executed by the processing circuitry. The interrupt controller circuitry comprises code protection circuitry to inhibit unauthorised modification of the TEE interrupt service routine, and data protection circuitry to inhibit unauthorised access to confidential data processed by the TEE interrupt service routine.

公开(公告)号：US20230205895A1

公开(公告)日：2023-06-29

申请号：US17565079

申请日：2021-12-29

Applicant: Arm Limited

Inventor： Brendan James MORAN ,  Hanno BECKER

IPC: G06F21/60 ,  G06F21/64 ,  G06F21/57

CPC classification number: G06F21/602 ,  G06F21/64 ,  G06F21/572 ,  G06F2221/0751

Abstract: Aspects of the present disclosure relate to an apparatus comprising interface circuitry to interface with a device that is to be provisioned by the apparatus; and secure enclave circuitry. The secure enclave circuitry is configured to: maintain provisioning data with which the device is to be provisioned; establish a secure connection with the device; perform, with the device and via the secure connection, an attestation process in respect of said provisioning data; and subsequent to successfully completing said attestation process, provisioning the device with the provisioning data, via the secure connection.