公开(公告)号：US20180077188A1

公开(公告)日：2018-03-15

申请号：US15262918

申请日：2016-09-12

Applicant: QUALCOMM Incorporated

Inventor： Giridhar Mandyam ,  Sudha Anil Kumar Gathala ,  Saumitra Mohan Das ,  Nayeem Islam ,  Dallas James Wiener ,  Hugo Romero ,  Harold Gilkey

IPC: H04L29/06

CPC classification number: H04L63/1433 ,  G06F21/56 ,  H04L67/42

Abstract: Methods, and computing devices implementing the methods, that enable client computing devises to work in conjunction with a server device to identify and temporarily defend against non-benign applications (e.g., malware, etc.) and other threats before a more permanent solution or defense (e.g., a patch or software upgrade) becomes available and installed on the client computing device. The server device may be configured to receive reports from the client computing devices, receive threat feeds from a third-party server (e.g., threat intelligence servers, etc.), and use information included in the received threat feed and information included in the received reports to analyze, in the server computing device, a software application that is operating on a client device in multiple passes. The server may generate one or more threat scores and send the one or more threat scores to the client computing device for use in devising a customized security response.

公开(公告)号：US20180060568A1

公开(公告)日：2018-03-01

申请号：US15244080

申请日：2016-08-23

Applicant: QUALCOMM Incorporated

Inventor： Joel Galenson ,  Sudha Anil Kumar Gathala ,  Minjang Kim

IPC: G06F21/54 ,  G06F21/55

CPC classification number: G06F21/54 ,  G06F21/52 ,  G06F21/554 ,  G06F2221/034

Abstract: Various embodiments enhance protections against stack buffer overflow attacks in a computing device by dynamically updating stack canaries. Canary values on the stack of a child process may be replaced with new canary values in response to determining that a condition for generating new canary values is satisfied. Canary values on the stack of a child process may be replaced with new canary values when a child process is forked following a crash of a previous child process of the parent process. Canary values on the stack of a child process may be replaced with new canary values in response to expiration of a canary timeout time. The locations of the canaries to replace may be determined by walking the stack to locate entries in each stack frame that match a previous value of the canary or by walking the stack according to a predefined stack frame format.

公开(公告)号：US10127018B2

公开(公告)日：2018-11-13

申请号：US15085415

申请日：2016-03-30

Applicant: QUALCOMM Incorporated

Inventor： Sudha Anil Kumar Gathala ,  Mihai Christodorescu ,  Mastooreh Salajegheh

IPC: G06F8/30 ,  G06F9/445 ,  G06F11/36 ,  G06F8/54 ,  G06F11/34

Abstract: Various embodiments include methods for dynamically modifying shared libraries on a client computing device. Various embodiment methods may include receiving a first set of code segments and a first set of code sites associated with a first application. Each code in the first set of code sites may include an address within a compiled shared library stored on the client computing device. The compiled shared library may include one or more dummy instructions inserted at each code site in the first set of code sites, and each code segment in the first set of code segments may be associated with a code site in the first set of code sites. The client computing device may insert each code segment in the first set of code segments at its associated code site in the compiled shared library.

公开(公告)号：US20180063179A1

公开(公告)日：2018-03-01

申请号：US15248178

申请日：2016-08-26

Applicant: QUALCOMM Incorporated

Inventor： Mastooreh Salajegheh ,  Sudha Anil Kumar Gathala ,  Saumitra Mohan Das ,  Nayeem Islam

IPC: H04L29/06 ,  G06F1/28

CPC classification number: H04L63/1433 ,  G06F1/28 ,  G06F21/564 ,  H04L63/1408

Abstract: Various embodiments include methods and a memory data collection processor for performing online memory data collection for memory forensics. Various embodiments may include determining whether an operating system executing in a computing device is trustworthy. In response to determining that the operating system is not trustworthy, the memory data collection processor may collect memory data directly from volatile memory. Otherwise, the operating system to collect memory data from volatile memory. Memory data may be collected at a variable memory data collection rate determined by the memory data collection processor. The memory data collection rate may depend upon whether an available power level of the computing device exceeds a threshold power level, whether an activity state of the processor of the computing device equals a sleep state whether a security risk exists on the computing device, and whether a volume of memory traffic in the volatile memory exceeds a threshold volume.

公开(公告)号：US09311011B2

公开(公告)日：2016-04-12

申请号：US13961085

申请日：2013-08-07

Applicant: QUALCOMM Incorporated

Inventor： Sudha Anil Kumar Gathala ,  Andrey Ermolinskiy ,  Christopher A. Vick

IPC: G06F3/06 ,  G06F9/54

CPC classification number: G06F3/0638 ,  G06F3/0613 ,  G06F3/0671 ,  G06F9/544

Abstract: Mobile computing devices may be configured to compile and execute portions of a general purpose software application in an auxiliary processor (e.g., a DSP) of a multiprocessor system by reading and writing information to a shared memory. A first process (P1) on the applications processor may request address negotiation with a second process (P2) on the auxiliary processor, obtain a first address map from a first operating system, and send the first address map to the auxiliary processor. The second process (P2) may receive the first address map, obtain a second address map from a second operating system, identify matching addresses in the first and second address maps, store the matching addresses as common virtual addresses, and send the common virtual addresses back to the applications processor. The first and second processes (i.e., P1 and P2) may each use the common virtual addresses to map physical pages to the memory.

Abstract translation: 移动计算设备可以被配置为通过将信息读取和写入到共享存储器来编译和执行多处理器系统的辅助处理器（例如，DSP）中的通用软件应用的部分。 应用处理器上的第一进程（P1）可以在辅助处理器上请求与第二进程（P2）的地址协商，从第一操作系统获得第一地址映射，并将第一地址映射发送到辅助处理器。 第二进程（P2）可以接收第一地址映射，从第二操作系统获得第二地址映射，识别第一和第二地址映射中的匹配地址，将匹配地址存储为公共虚拟地址，并发送公共虚拟地址 回到应用处理器。 第一和第二进程（即P1和P2）可以各自使用公共虚拟地址将物理页面映射到存储器。

公开(公告)号：US20180203996A1

公开(公告)日：2018-07-19

申请号：US15407390

申请日：2017-01-17

Applicant: QUALCOMM Incorporated

Inventor： Sudha Anil Kumar Gathala ,  Mastooreh Salajegheh ,  Saumitra Mohan Das ,  Nayeem Islam

IPC: G06F21/56 ,  G06F11/30

CPC classification number: G06F21/562 ,  G06F11/3037 ,  G06F11/3079 ,  G06F21/52 ,  G06F21/554 ,  G06F21/566 ,  G06F21/567 ,  G06F2201/84

Abstract: Various embodiments include systems, methods and devices for reducing the burden on mobile devices of memory data collection for memory forensics. Various embodiments may include monitoring for changes sections or portions of memory within the computing device that been identified by a network device based on a prior memory snapshot. When changes are detected, the computing device may determine whether data changes in the monitored sections or portions of memory satisfy a criterion for transmitting an incremental snapshot of memory. Such criteria may be defined in information received from the network device. When the criteria are satisfied, the computing device may transmit an incremental memory snapshot to the network device. The computing device may transmit to the network device results of analysis of the data changes observed in the memory. Various embodiments may be performed in a secure environment or in a memory collection processor within the computing device.

公开(公告)号：US09448859B2

公开(公告)日：2016-09-20

申请号：US14028914

申请日：2013-09-17

Applicant: QUALCOMM Incorporated

Inventor： Sudha Anil Kumar Gathala ,  Vinay Sridhara ,  Rajarshi Gupta

IPC: G06F9/54

CPC classification number: G06F9/541 ,  G06F21/566 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2151 ,  H04L63/1441 ,  H04W12/12

Abstract: Methods and devices for detecting suspicious or performance-degrading mobile device behaviors may include performing behavior monitoring and analysis operations to intelligently, dynamically, and/or adaptively determine the mobile device behaviors that are to be observed, the number of behaviors that are to be observed, and the level of detail or granularity at which the behaviors are to be observed. Such behavior monitoring and analysis operations may be performed continuously (or near continuously) in a mobile device without consuming an excessive amount of processing, memory, or energy resources of the mobile device by identifying hot application programming interfaces (APIs) and hot action patterns that are invoked or used most frequently by software applications of the mobile device and storing information regarding these hot APIs and hot action patterns separately and more efficiently.

Abstract translation: 用于检测可疑或降低性能的移动设备行为的方法和设备可以包括执行行为监视和分析操作以智能地，动态地和/或自适应地确定要观察的移动设备行为，将被观察的行为的数量 ，以及要观察行为的细节或粒度级别。 这样的行为监视和分析操作可以在移动设备中连续（或接近连续地）执行，而不需要消耗移动设备的过多量的处理，存储器或能量资源，通过识别热应用编程接口（API）和热动作模式， 被移动设备的软件应用最频繁地调用或使用，并且分别且更有效地存储关于这些热API和热动作模式的信息。

公开(公告)号：US20150046679A1

公开(公告)日：2015-02-12

申请号：US13961122

申请日：2013-08-07

Applicant: QUALCOMM Incorporated

Inventor： Sudha Anil Kumar Gathala ,  Dinakar Dhurjati ,  Andrey Ermolinskiy ,  Christopher A. Vick

IPC: G06F9/38

CPC classification number: G06F8/451 ,  G06F8/443 ,  G06F9/4552 ,  G06F9/5094 ,  G06F2209/508 ,  G06F2209/509 ,  Y02D10/22

Abstract: Mobile computing devices may be configured to intelligently select, compile, and execute portions of a general purpose software application in an auxiliary processor (e.g., a DSP) of a multiprocessor system. A processor of the mobile device may be configured to determine whether portions of a software application are suitable for execution in an auxiliary processor, monitor operating conditions of the system, determine a historical context based on the monitoring, and determine whether the portions that were determined to suitable for execution in an auxiliary processor should be compiled for execution in the auxiliary processor based on the historical context. The processor may also be configured to continue monitoring the system, update the historical context information, and determine whether code previously compiled for execution on the auxiliary processor should be invoked or executed in the auxiliary processor based on the updated historical context information.

Abstract translation: 移动计算设备可以被配置为在多处理器系统的辅助处理器（例如，DSP）中智能地选择，编译和执行通用软件应用的部分。 移动设备的处理器可以被配置为确定软件应用的部分是否适合于在辅助处理器中执行，监视系统的操作条件，基于监视来确定历史上下文，并且确定是否确定了部分 在辅助处理器中适合执行的编译应在基于历史上下文的辅助处理器中执行。 处理器还可以被配置为继续监视系统，更新历史上下文信息，并且确定是否应该在辅助处理器中基于更新的历史上下文信息来调用或执行在辅助处理器上执行的先前编译的代码。

公开(公告)号：US10255434B2

公开(公告)日：2019-04-09

申请号：US15057336

申请日：2016-03-01

Applicant: QUALCOMM Incorporated

Inventor： Sudha Anil Kumar Gathala ,  Rajarshi Gupta ,  Nayeem Islam

IPC: G06F21/52 ,  G06F21/55 ,  G06F21/56

Abstract: Various embodiments include methods for detecting software attacks on a process executing on a computing device. Various embodiment methods may include monitoring structural attributes of a plurality of virtual memory regions utilized by the process, and comparing the monitored structural attributes to the expected structural attributes of the plurality of VMRs. Various embodiment methods may further include determining whether the monitored structural attributes represent anomalous behavior of the process based on the comparison between the monitored structural attributes and the expected structural attributes.

公开(公告)号：US10013554B2

公开(公告)日：2018-07-03

申请号：US15087198

申请日：2016-03-31

Applicant: QUALCOMM Incorporated

Inventor： Sudha Anil Kumar Gathala ,  Gheorghe Calin Cascaval ,  Rajarshi Gupta

IPC: H04L29/06 ,  G06F21/55 ,  G06F3/06 ,  G06F12/1009 ,  G06F17/30 ,  G06F21/52

CPC classification number: G06F21/554 ,  G06F3/0623 ,  G06F3/0631 ,  G06F3/0653 ,  G06F3/0683 ,  G06F12/1009 ,  G06F16/1727 ,  G06F16/188 ,  G06F21/52

Abstract: Embodiments include computing devices, apparatus, and methods implemented by the apparatus for time varying address space layout randomization. The apparatus may launch first plurality of versions of a system service and assign a random virtual address space layout to each of the first plurality of versions of the system service. The apparatus may receive a first request to execute the system service from a first application. The apparatus may randomly select a first version of the system service from the first plurality of versions of the system service, and execute the system service using data of the first version of the system service.