发明名称 |
METHOD AND SYSTEM FOR HARDWARE BASED PROGRAM FLOW MONITOR FOR EMBEDDED SOFTWARE |
摘要 |
A method for malware detection, wherein the method includes: utilizing a hardware based program flow monitor (PFM) for embedded software that employs a static analysis of program code; marrying the program code to addresses, while considering which central processing unit (CPU) is executing the program code; capturing an expected control flow of the program code, and storing the control flow as physical address pairs of leaders and followers (LEAD-FOLL pair) in a Metadata Store (MDS) within the PFM; monitoring control flow at runtime by the PFM; and comparing runtime control flow with the expected control flow
|
申请公布号 |
US2008189530(A1) |
申请公布日期 |
2008.08.07 |
申请号 |
US20070672288 |
申请日期 |
2007.02.07 |
申请人 |
INTERNATIONAL BUSINESS MACHINES CORPORATION |
发明人 |
MCINTOSH SUZANNE;BRAND DANIEL;KAPLAN MATTHEW;KARGER PAUL A.;MCINTOSH MICHAEL G.;PALMER ELAINE R.;PARADKAR AMITKUMAR M.;TOLL DAVID;WEBER SAMUEL M. |
分类号 |
G06F9/30 |
主分类号 |
G06F9/30 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|