ON-DEMAND BINARY TRANSLATION STATE MAP GENERATION

    公开(公告)号:US20170371634A1

    公开(公告)日:2017-12-28

    申请号:US15194262

    申请日:2016-06-27

    CPC classification number: G06F8/52 G06F9/45516

    Abstract: The present disclosure is directed to a system for on-demand binary translation state map generation. Instead of interpreting the native code to be executed, binary translation circuitry (BT circuitry) may execute a binary translation (BT) in place of the native code. When a stop occurs (e.g., due to an interrupt, a modification of the native code, etc.), the BT circuitry may generate a binary translation state map (BT state map) that allows the location of the stop to be mapped back to the native code. Generation of the BT state map may involve determining a location and offset for the stop, performing region formation based on the location, loading instructions from the region (e.g., while accounting for the need to emulate instructions), forming the BT state map based at least on the size of the loaded instructions, and then mapping the stop back to the native code utilizing the offset.

    TECHNIQUES FOR ENFORCING CONTROL FLOW INTEGRITY USING BINARY TRANSLATION
    4.
    发明申请
    TECHNIQUES FOR ENFORCING CONTROL FLOW INTEGRITY USING BINARY TRANSLATION 有权
    使用二进制翻译执行控制流程完整性的技术

    公开(公告)号:US20160179546A1

    公开(公告)日:2016-06-23

    申请号:US14581871

    申请日:2014-12-23

    CPC classification number: G06F21/54 G06F8/30 G06F8/52 G06F9/4552

    Abstract: Various embodiments are generally directed to an apparatus, method and other techniques to determine a valid target address for a branch instruction from information stored in a relocation table, a linkage table, or both, the relocation table and the linkage table associated with a binary file and store the valid target address in a table in memory, the valid target address to validate a target address for a translated portion of a routine of the binary file.

    Abstract translation: 各种实施例通常涉及一种装置,方法和其他技术,以从存储在重定位表,链接表或二者中的信息确定分支指令的有效目标地址,重定位表和与二进制文件相关联的链接表 并将有效目标地址存储在存储器中的表中,该有效目标地址用于验证二进制文件的例程的翻译部分的目标地址。

    METHODS, SYSTEMS AND APPARATUS TO DETECT POLYMORPHIC MALWARE

    公开(公告)号:US20190042746A1

    公开(公告)日:2019-02-07

    申请号:US16021411

    申请日:2018-06-28

    Abstract: The disclosed embodiments generally relate to detecting malware through detection of micro-architectural changes (morphing events) when executing a code at a hardware level (e.g., CPU). An exemplary embodiment relates to a computer system having: a memory circuitry comprising an executable code; a central processing unit (CPU) in communication with the memory circuitry and configured to execute the code; a performance monitoring unit (PMU) associated with the CPU, the PMU configured to detect and count one or more morphing events associated with execution of the code and to determine if the counted number of morphine events exceed a threshold value; and a co-processor configured to initiate a memory scan of the memory circuitry to identify a malware in the code.

    SYSTEM FOR BINARY TRANSLATION VERSION PROTECTION
    7.
    发明申请
    SYSTEM FOR BINARY TRANSLATION VERSION PROTECTION 审中-公开
    二进制翻译版本保护系统

    公开(公告)号:US20160378446A1

    公开(公告)日:2016-12-29

    申请号:US14752440

    申请日:2015-06-26

    Abstract: The present disclosure is directed to a system for binary translation version protection. Activity occurring in a device that may potentially cause native code to be altered may cause the device to prevent binary translations corresponding to the native code from being executed until a determination is made as to whether the binary translation needs to be regenerated. The native code may be stored in a memory page having an access permission that does not permit writes. Attempts to alter the native code would require the access permission of the memory page to be set to writable, which may cause a binary translation (BT) module to be notified of the potential change. The BT module may mark any binary translations corresponding to the native code as stale, and may cause a page permission control module to update memory pages including the binary translations to have an access permission of non-executable.

    Abstract translation: 本公开涉及用于二进制翻译版本保护的系统。 在可能导致本地代码被改变的设备中发生的活动可能导致设备阻止对本地代码的二进制转换被执行,直到确定是否需要重新生成二进制翻译。 本地代码可以存储在具有不允许写入的访问权限的存储器页面中。 尝试更改本地代码将需要将内存页面的访问权限设置为可写入,这可能会导致二进制转换(BT)模块被通知潜在的更改。 BT模块可以将对应于本地代码的任何二进制转换标记为陈旧,并且可能导致页面许可控制模块更新包括二进制转换的存储器页面以具有不可执行的访问许可。

    TECHNIQUES FOR DETECTING FALSE POSITIVE RETURN-ORIENTED PROGRAMMING ATTACKS
    8.
    发明申请
    TECHNIQUES FOR DETECTING FALSE POSITIVE RETURN-ORIENTED PROGRAMMING ATTACKS 有权
    用于检测正向返回的编程攻击的技术

    公开(公告)号:US20160180115A1

    公开(公告)日:2016-06-23

    申请号:US14582114

    申请日:2014-12-23

    Abstract: Various embodiments are generally directed to an apparatus, method and other techniques to determine whether a target address of a register for an execution instruction is valid or invalid based on a comparison between the target address and one or more valid target addresses stored in a storage, increase a number of invalid target addresses if the target address is invalid, and determine whether the number of invalid target addresses is greater than an invalid target address threshold. Various embodiments may also include initiating a security measure to prevent a security breach if the number of invalid target addresses is greater than the invalid target address threshold or executing the execution instruction if the number of invalid target addresses is less than or equal to the invalid target address threshold.

    Abstract translation: 各种实施例通常涉及一种装置,方法和其他技术,用于基于存储在存储器中的目标地址与一个或多个有效目标地址之间的比较来确定执行指令的寄存器的目标地址是有效还是无效, 如果目标地址无效,则增加无效目标地址的数量,并确定无效目标地址的数量是否大于无效的目标地址阈值。 各种实施例还可以包括启动安全措施,以防止无效目标地址的数量大于无效目标地址阈值时的安全漏洞,或者如果无效目标地址的数量小于或等于无效目标地址,则执行执行指令 地址阈值。

    SHARING IDLED PROCESSOR EXECUTION RESOURCES
    9.
    发明申请
    SHARING IDLED PROCESSOR EXECUTION RESOURCES 审中-公开
    共享代理处理器执行资源

    公开(公告)号:US20150268956A1

    公开(公告)日:2015-09-24

    申请号:US14659541

    申请日:2015-03-16

    Abstract: A processor including a plurality of logical processors, and an instruction set, the instruction set including of one or more instructions which when executed by a first logical processor, cause the first logical processor to make a processor execution resource previously reserved for the first processor available to a second processor in the plurality of processors in response to the first logical processor being scheduled to enter an idle state.

    Abstract translation: 包括多个逻辑处理器的处理器和指令集,所述指令集包括一个或多个指令,当由第一逻辑处理器执行时,所述指令集使得所述第一逻辑处理器使得先前为所述第一处理器预留的处理器执行资源可用 响应于所述第一逻辑处理器被调度进入空闲状态而在所述多个处理器中的第二处理器。

Patent Agency Ranking