公开(公告)号：US09772953B2

公开(公告)日：2017-09-26

申请号：US14610423

申请日：2015-01-30

Applicant: Samsung Electronics Co., Ltd.

Inventor： Quan Chen ,  Ahmed Azab ,  Peng Ning ,  Guruprasad Ganesh

IPC: G06F12/14 ,  G06F21/53 ,  G06F21/62 ,  G06F21/64

CPC classification number: G06F12/1408 ,  G06F12/1416 ,  G06F12/1466 ,  G06F12/1483 ,  G06F21/53 ,  G06F21/6281 ,  G06F21/64 ,  G06F2212/1052

Abstract: An apparatus and method for protecting kernel data integrity in an electronic device are provided. The method includes mapping a specified type of data to a read-only memory area, detecting a write attempt to the specified type of data, determining whether a process attempting to write to the specified type of data is permitted according to a specified condition, and allowing the write attempt if the process attempting to write to the specified type of data satisfies the specified condition.

公开(公告)号：US11120130B2

公开(公告)日：2021-09-14

申请号：US16367530

申请日：2019-03-28

Applicant: Samsung Electronics Co., Ltd.

Inventor： James Gleeson ,  Ahmed Azab ,  Wenbo Shen ,  Rohan Bhutkar

IPC: G06F21/00 ,  G06F21/55 ,  G06F21/12 ,  G06F21/57 ,  G06F8/41

Abstract: An apparatus and a method for protecting kernel control-flow integrity using static binary instrumentation are provided. The method includes configuring a compiler to reserve a register in a processor, compiling source code into a binary based on the configured compiler, and modifying the binary to prevent exploits using the reserved register, wherein the reserved register stores a first encryption key for encrypting and decrypting return addresses. The reserved register stores an encryption key that is used to encrypt and decrypt return addresses to prevent control flow exploits.

公开(公告)号：US10289842B2

公开(公告)日：2019-05-14

申请号：US15340447

申请日：2016-11-01

Applicant: Samsung Electronics Co., Ltd.

Inventor： James Gleeson ,  Ahmed Azab ,  Wenbo Shen ,  Rohan Bhutkar

IPC: G06F21/00 ,  G06F21/55 ,  G06F21/12 ,  G06F21/57 ,  G06F8/41

Abstract: An apparatus and a method for protecting kernel control-flow integrity using static binary instrumentation are provided. The method includes configuring a compiler to reserve a register in a processor, compiling source code into a binary based on the configured compiler, and modifying the binary to prevent exploits using the reserved register, wherein the reserved register stores a first encryption key for encrypting and decrypting return addresses. The reserved register stores an encryption key that is used to encrypt and decrypt return addresses to prevent control flow exploits.

公开(公告)号：US09984255B2

公开(公告)日：2018-05-29

申请号：US14683658

申请日：2015-04-10

Applicant: Samsung Electronics Co., Ltd.

Inventor： Jitesh Shah ,  Song Wei ,  Ahmed Azab ,  Xun Chen ,  Peng Ning ,  Wenbo Shen ,  Michael Grace

IPC: G06F21/64 ,  G06F21/74 ,  H04L9/32 ,  H04L29/06 ,  H04W4/00

CPC classification number: G06F21/64 ,  G06F21/74 ,  G06F2221/2101 ,  H04L9/3236 ,  H04L9/3247 ,  H04L9/3263 ,  H04L63/0823 ,  H04L2209/38 ,  H04W4/60 ,  H04W4/70

Abstract: A method for verifying data integrity of a block device is provided. The method includes providing a secure world execution environment configured to monitor changes to data blocks of a block device, within the secure world execution environment, generating a hash for changed data blocks of the block device, and within the secure world execution environment, verifying and generating a cryptographic signature.

公开(公告)号：US20160092701A1

公开(公告)日：2016-03-31

申请号：US14683658

申请日：2015-04-10

Applicant: Samsung Electronics Co., Ltd.

Inventor： Jitesh Shah ,  Song Wei ,  Ahmed Azab ,  Xun Chen ,  Peng Ning ,  Wenbo Shen ,  Michael Grace

IPC: G06F21/64 ,  H04L9/32 ,  G06F21/74

CPC classification number: G06F21/64 ,  G06F21/74 ,  G06F2221/2101 ,  H04L9/3236 ,  H04L9/3247 ,  H04L9/3263 ,  H04L63/0823 ,  H04L2209/38 ,  H04W4/60 ,  H04W4/70

Abstract: A method for verifying data integrity of a block device is provided. The method includes providing a secure world execution environment configured to monitor changes to data blocks of a block device, within the secure world execution environment, generating a hash for changed data blocks of the block device, and within the secure world execution environment, verifying and generating a cryptographic signature.

Abstract translation: 提供了一种用于验证块设备的数据完整性的方法。 该方法包括提供安全的世界执行环境，其被配置为监视在安全世界执行环境内的块设备的数据块的改变，为块设备的改变的数据块生成哈希，并且在安全世界执行环境内，验证和 生成加密签名。