公开(公告)号：US20200274898A1

公开(公告)日：2020-08-27

申请号：US16870203

申请日：2020-05-08

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Miao XIE ,  Yingliang YAO

IPC: H04L29/06 ,  G06F21/57 ,  G06F21/53

Abstract: One example method for defending against denial of service (DoS) attacks is applied to a terminal device including a trusted execution environment (TEE) and a rich execution environment (REE) that are isolated from each other. The method includes obtaining an access request initiated to a service or an interface by a client application (CA) running in the REE, where the access request is used to request a service or a resource, transferring the access request to the TEE, and determining, by the TEE according to a control policy determined based on an access behavior model, whether to grant the access request. The access behavior model is trained by using a statistical method or a machine learning algorithm, with an access behavior dataset of accessing the service or the interface by a plurality of normal CAs.

公开(公告)号：US20230281304A1

公开(公告)日：2023-09-07

申请号：US18316377

申请日：2023-05-12

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Yingjun ZHANG ,  Ji WANG ,  Yingliang YAO

IPC: G06F21/55 ,  G06F21/53 ,  G06F21/60 ,  G06F21/56

CPC classification number: G06F21/554 ,  G06F21/53 ,  G06F21/604 ,  G06F21/566 ,  G06F2221/034

Abstract: This application discloses a method for switching an execution environment and a related device thereof, to effectively prevent a hacker from maliciously accessing a TEE through ATF. The method in this application includes: After writing a first virtual address into a return address register of the TEE, the ATF determines whether the first virtual address is within a valid address range, and switches to the TEE based on the first virtual address only when determining that the first virtual address is within the valid address range.