System And Method Of Dynamically Updating Stack Canaries

    公开(公告)号:US20180060568A1

    公开(公告)日:2018-03-01

    申请号:US15244080

    申请日:2016-08-23

    CPC classification number: G06F21/54 G06F21/52 G06F21/554 G06F2221/034

    Abstract: Various embodiments enhance protections against stack buffer overflow attacks in a computing device by dynamically updating stack canaries. Canary values on the stack of a child process may be replaced with new canary values in response to determining that a condition for generating new canary values is satisfied. Canary values on the stack of a child process may be replaced with new canary values when a child process is forked following a crash of a previous child process of the parent process. Canary values on the stack of a child process may be replaced with new canary values in response to expiration of a canary timeout time. The locations of the canaries to replace may be determined by walking the stack to locate entries in each stack frame that match a previous value of the canary or by walking the stack according to a predefined stack frame format.

    Dynamic addition of code in shared libraries

    公开(公告)号:US10127018B2

    公开(公告)日:2018-11-13

    申请号:US15085415

    申请日:2016-03-30

    Abstract: Various embodiments include methods for dynamically modifying shared libraries on a client computing device. Various embodiment methods may include receiving a first set of code segments and a first set of code sites associated with a first application. Each code in the first set of code sites may include an address within a compiled shared library stored on the client computing device. The compiled shared library may include one or more dummy instructions inserted at each code site in the first set of code sites, and each code segment in the first set of code segments may be associated with a code site in the first set of code sites. The client computing device may insert each code segment in the first set of code segments at its associated code site in the compiled shared library.

    System and Method Of Performing Online Memory Data Collection For Memory Forensics In A Computing Device

    公开(公告)号:US20180063179A1

    公开(公告)日:2018-03-01

    申请号:US15248178

    申请日:2016-08-26

    CPC classification number: H04L63/1433 G06F1/28 G06F21/564 H04L63/1408

    Abstract: Various embodiments include methods and a memory data collection processor for performing online memory data collection for memory forensics. Various embodiments may include determining whether an operating system executing in a computing device is trustworthy. In response to determining that the operating system is not trustworthy, the memory data collection processor may collect memory data directly from volatile memory. Otherwise, the operating system to collect memory data from volatile memory. Memory data may be collected at a variable memory data collection rate determined by the memory data collection processor. The memory data collection rate may depend upon whether an available power level of the computing device exceeds a threshold power level, whether an activity state of the processor of the computing device equals a sleep state whether a security risk exists on the computing device, and whether a volume of memory traffic in the volatile memory exceeds a threshold volume.

    Dynamic address negotiation for shared memory regions in heterogenous multiprocessor systems
    5.
    发明授权
    Dynamic address negotiation for shared memory regions in heterogenous multiprocessor systems 有权
    异构多处理器系统中共享内存区域的动态地址协商

    公开(公告)号:US09311011B2

    公开(公告)日:2016-04-12

    申请号:US13961085

    申请日:2013-08-07

    CPC classification number: G06F3/0638 G06F3/0613 G06F3/0671 G06F9/544

    Abstract: Mobile computing devices may be configured to compile and execute portions of a general purpose software application in an auxiliary processor (e.g., a DSP) of a multiprocessor system by reading and writing information to a shared memory. A first process (P1) on the applications processor may request address negotiation with a second process (P2) on the auxiliary processor, obtain a first address map from a first operating system, and send the first address map to the auxiliary processor. The second process (P2) may receive the first address map, obtain a second address map from a second operating system, identify matching addresses in the first and second address maps, store the matching addresses as common virtual addresses, and send the common virtual addresses back to the applications processor. The first and second processes (i.e., P1 and P2) may each use the common virtual addresses to map physical pages to the memory.

    Abstract translation: 移动计算设备可以被配置为通过将信息读取和写入到共享存储器来编译和执行多处理器系统的辅助处理器(例如,DSP)中的通用软件应用的部分。 应用处理器上的第一进程(P1)可以在辅助处理器上请求与第二进程(P2)的地址协商,从第一操作系统获得第一地址映射,并将第一地址映射发送到辅助处理器。 第二进程(P2)可以接收第一地址映射,从第二操作系统获得第二地址映射,识别第一和第二地址映射中的匹配地址,将匹配地址存储为公共虚拟地址,并发送公共虚拟地址 回到应用处理器。 第一和第二进程(即P1和P2)可以各自使用公共虚拟地址将物理页面映射到存储器。

    Exploiting hot application programming interfaces (APIs) and action patterns for efficient storage of API logs on mobile devices for behavioral analysis
    7.
    发明授权
    Exploiting hot application programming interfaces (APIs) and action patterns for efficient storage of API logs on mobile devices for behavioral analysis 有权
    利用热应用程序编程接口(API)和动作模式,高效地存储移动设备上的API日志,进行行为分析

    公开(公告)号:US09448859B2

    公开(公告)日:2016-09-20

    申请号:US14028914

    申请日:2013-09-17

    Abstract: Methods and devices for detecting suspicious or performance-degrading mobile device behaviors may include performing behavior monitoring and analysis operations to intelligently, dynamically, and/or adaptively determine the mobile device behaviors that are to be observed, the number of behaviors that are to be observed, and the level of detail or granularity at which the behaviors are to be observed. Such behavior monitoring and analysis operations may be performed continuously (or near continuously) in a mobile device without consuming an excessive amount of processing, memory, or energy resources of the mobile device by identifying hot application programming interfaces (APIs) and hot action patterns that are invoked or used most frequently by software applications of the mobile device and storing information regarding these hot APIs and hot action patterns separately and more efficiently.

    Abstract translation: 用于检测可疑或降低性能的移动设备行为的方法和设备可以包括执行行为监视和分析操作以智能地,动态地和/或自适应地确定要观察的移动设备行为,将被观察的行为的数量 ,以及要观察行为的细节或粒度级别。 这样的行为监视和分析操作可以在移动设备中连续(或接近连续地)执行,而不需要消耗移动设备的过多量的处理,存储器或能量资源,通过识别热应用编程接口(API)和热动作模式, 被移动设备的软件应用最频繁地调用或使用,并且分别且更有效地存储关于这些热API和热动作模式的信息。

    Energy-Efficient Run-Time Offloading of Dynamically Generated Code in Heterogenuous Multiprocessor Systems
    8.
    发明申请
    Energy-Efficient Run-Time Offloading of Dynamically Generated Code in Heterogenuous Multiprocessor Systems 审中-公开
    在异构多处理器系统中动态生成代码的高效运行时间卸载

    公开(公告)号:US20150046679A1

    公开(公告)日:2015-02-12

    申请号:US13961122

    申请日:2013-08-07

    Abstract: Mobile computing devices may be configured to intelligently select, compile, and execute portions of a general purpose software application in an auxiliary processor (e.g., a DSP) of a multiprocessor system. A processor of the mobile device may be configured to determine whether portions of a software application are suitable for execution in an auxiliary processor, monitor operating conditions of the system, determine a historical context based on the monitoring, and determine whether the portions that were determined to suitable for execution in an auxiliary processor should be compiled for execution in the auxiliary processor based on the historical context. The processor may also be configured to continue monitoring the system, update the historical context information, and determine whether code previously compiled for execution on the auxiliary processor should be invoked or executed in the auxiliary processor based on the updated historical context information.

    Abstract translation: 移动计算设备可以被配置为在多处理器系统的辅助处理器(例如,DSP)中智能地选择,编译和执行通用软件应用的部分。 移动设备的处理器可以被配置为确定软件应用的部分是否适合于在辅助处理器中执行,监视系统的操作条件,基于监视来确定历史上下文,并且确定是否确定了部分 在辅助处理器中适合执行的编译应在基于历史上下文的辅助处理器中执行。 处理器还可以被配置为继续监视系统,更新历史上下文信息,并且确定是否应该在辅助处理器中基于更新的历史上下文信息来调用或执行在辅助处理器上执行的先前编译的代码。

    Detecting software attacks on processes in computing devices

    公开(公告)号:US10255434B2

    公开(公告)日:2019-04-09

    申请号:US15057336

    申请日:2016-03-01

    Abstract: Various embodiments include methods for detecting software attacks on a process executing on a computing device. Various embodiment methods may include monitoring structural attributes of a plurality of virtual memory regions utilized by the process, and comparing the monitored structural attributes to the expected structural attributes of the plurality of VMRs. Various embodiment methods may further include determining whether the monitored structural attributes represent anomalous behavior of the process based on the comparison between the monitored structural attributes and the expected structural attributes.

Patent Agency Ranking