Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2007-02-07
2010-12-28
Korzuch, William R (Department: 2431)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C713S187000, C713S188000
Reexamination Certificate
active
07861305
ABSTRACT:
A method for malware detection, wherein the method includes: utilizing a hardware based program flow monitor (PFM) for embedded software that employs a static analysis of program code; marrying the program code to addresses, while considering which central processing unit (CPU) is executing the program code; capturing an expected control flow of the program code, and storing the control flow as physical address pairs of leaders and followers (LEAD-FOLL pair) in a Metadata Store (MDS) within the PFM; monitoring control flow at runtime by the PFM; and comparing runtime control flow with the expected control flow.
REFERENCES:
patent: 4108359 (1978-08-01), Proto
patent: 5222220 (1993-06-01), Mehta
patent: 5974529 (1999-10-01), Zumkehr et al.
patent: 6044458 (2000-03-01), Rinkenberger et al.
patent: 6421790 (2002-07-01), Fruehling et al.
patent: 6543012 (2003-04-01), Viswanathan et al.
patent: 6615324 (2003-09-01), Fernald
patent: 6772345 (2004-08-01), Shetty
patent: 7096500 (2006-08-01), Roberts et al.
patent: 7607122 (2009-10-01), Hatlelid et al.
patent: 7620941 (2009-11-01), Leventhal
patent: 7644322 (2010-01-01), Dye
patent: 2002/0147915 (2002-10-01), Chefalas et al.
patent: 2003/0120952 (2003-06-01), Tarbotton et al.
patent: 2003/0172293 (2003-09-01), Johnson et al.
patent: 2004/0088570 (2004-05-01), Roberts et al.
patent: 2005/0033982 (2005-02-01), Paaske
patent: 2005/0223238 (2005-10-01), Schmid et al.
patent: 2005/0240897 (2005-10-01), Kailas
patent: 2007/0006159 (2007-01-01), Hecht et al.
patent: 2007/0055711 (2007-03-01), Polyakov et al.
patent: 2007/0101431 (2007-05-01), Clift et al.
patent: 2008/0115217 (2008-05-01), Barron et al.
Nick L. Petroni, Jr. et al., Copilot- a Coprocessor—based Kernel Runtime Integrity Monitor, 13th USENIX Security Symposium, 2004, University of Maryland, College Park, MD.
Suresh N. Chari et al., BlueBoX: A Policy-Driven, Host-Based Intrusion Detection System, NDSS 2002, United States.
Andreas Wespi et al., Intrusion Detection Using Variable-Length Audit Trail Patterns, Springer-Verlag Berlin Heidelberg 2000, vol. 1907, Switzerland.
Brand Daniel
Kaplan Matthew
Karger Paul A.
McIntosh Michael G.
McIntosh Suzanne
Cantor & Colburn LLP
International Business Machines - Corporation
Korzuch William R
Vaughan Michael R
Young Preston
LandOfFree
Method and system for hardware based program flow monitor... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for hardware based program flow monitor..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for hardware based program flow monitor... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4201028