Patent · US Active

Method and system for hardware based program flow monitor for embedded software

US7861305B2 · kind B2 · utility

17Cited by

12References

13Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Suzanne K. McIntosh · Clifton, US
Daniel Brand · Cologne, DE
Matthew Kaplan · New York, US
Paul A. Karger · Chappaqua, US
Michael McIntosh · Clifton, US
Elaine R. Palmer · Hanover, US
Amitkumar M. Paradkar · Mohegan Lake, US
David C. Toll · Wappingers Falls, US
Samuel Weber · New York, US

Key dates

Filing date	Feb 7, 2007
Grant date	Dec 28, 2010
Priority date	—
Expiry date	Oct 29, 2029

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/563
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A method for malware detection, wherein the method includes: utilizing a hardware based program flow monitor (PFM) for embedded software that employs a static analysis of program code; marrying the program code to addresses, while considering which central processing unit (CPU) is executing the program code; capturing an expected control flow of the program code, and storing the control flow as physical address pairs of leaders and followers (LEAD-FOLL pair) in a Metadata Store (MDS) within the PFM; monitoring control flow at runtime by the PFM; and comparing runtime control flow with the expected control flow.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.