Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020089885 - DYNAMIC MEMORY PROTECTION

Publication Number WO/2020/089885
Publication Date 07.05.2020
International Application No. PCT/IL2019/051076
International Filing Date 02.10.2019
IPC
G06F 21/54 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
52during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure
54by adding security routines or objects to programs
G11C 29/52 2006.01
GPHYSICS
11INFORMATION STORAGE
CSTATIC STORES
29Checking stores for correct operation; Testing stores during standby or offline operation
52Protection of memory contents; Detection of errors in memory contents
G06F 12/14 2006.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
12Accessing, addressing or allocating within memory systems or architectures
14Protection against unauthorised use of memory
G06F 12/02 2006.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
12Accessing, addressing or allocating within memory systems or architectures
02Addressing or allocation; Relocation
G06F 8/60 2018.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
8Arrangements for software engineering
60Software deployment
CPC
G06F 12/0238
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
12Accessing, addressing or allocating within memory systems or architectures
02Addressing or allocation; Relocation
0223User address space allocation, e.g. contiguous or non contiguous base addressing
023Free address space management
0238Memory management in non-volatile memory, e.g. resistive RAM or ferroelectric memory
G06F 12/1425
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
12Accessing, addressing or allocating within memory systems or architectures
14Protection against unauthorised use of memory ; or access to memory
1416by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
1425the protection being physical, e.g. cell, word, block
G06F 21/563
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
56Computer malware detection or handling, e.g. anti-virus arrangements
562Static detection
563by source code analysis
G06F 21/78
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
78to assure secure storage of data
G06F 9/5016
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
9Arrangements for program control, e.g. control units
06using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
46Multiprogramming arrangements
50Allocation of resources, e.g. of the central processing unit [CPU]
5005to service a request
5011the resources being hardware resources other than CPUs, Servers and Terminals
5016the resource being the memory
Applicants
  • STERNUM LTD. [IL]/[IL]
Inventors
  • TSHOUVA, Natali
  • GRANOT, Lian
Agents
  • EHRLICH, Gal
  • WATERMAN, Hadassa
  • MELNICK, Geoffrey, L.
Priority Data
62/751,77429.10.2018US
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) DYNAMIC MEMORY PROTECTION
(FR) PROTECTION DE MÉMOIRE DYNAMIQUE
Abstract
(EN)
Presented herein are methods and systems for adjusting code files to apply memory protection for dynamic memory regions supporting run-time dynamic allocation of memory blocks. The code file(s), comprising a plurality of routines, are created for execution by one or more processors using the dynamic memory. Adjusting the code file(s) comprises analyzing the code file(s) to identify exploitation vulnerable routine(s) and adding a memory integrity code segment configured to detect, upon execution completion of each vulnerable routine, a write operation exceeding from a memory space of one or more of a subset of most recently allocated blocks allocated in the dynamic memory to a memory space of an adjacent block using marker(s) inserted in the dynamic memory in the boundary(s) of each of the subset's blocks. In runtime, in case the write operation is detected, the memory integrity code segment causes the processor(s) to initiate one or more predefined actions.
(FR)
L'invention concerne des procédés et des systèmes de réglage de fichiers de code pour appliquer une protection de mémoire à des régions de mémoire dynamique permettant une attribution dynamique de temps d'exécution de blocs de mémoire. Le(s) fichier(s) de code, comprenant une pluralité de routines, est/sont créé(s) pour être exécuté(s) par un ou plusieurs processeur(s) utilisant la mémoire dynamique. Le réglage du ou des fichier(s) de code consiste à : analyser le(s) fichier(s) de code pour identifier une ou plusieurs routine(s) d'exploitation vulnérable(s), et ajouter un segment de code d'intégrité de mémoire configuré pour détecter, lorsque l'exécution de chaque routine vulnérable est achevée, une opération d'écriture excédant un espace mémoire d'un ou plusieurs bloc(s) d'un sous-ensemble de blocs les plus récemment attribués, qui sont attribués dans la mémoire dynamique à un espace mémoire d'un bloc adjacent à l'aide d'un ou plusieurs marqueur(s) inséré(s) dans la mémoire dynamique, dans la ou les limite(s) de chacun des blocs du sous-ensemble. Lors de l'exécution, dans le cas où l'opération d'écriture est détectée, le segment de code d'intégrité de mémoire amène le(s) processeur(s) à lancer une ou plusieurs action(s) prédéfinie(s).
Also published as
Latest bibliographic data on file with the International Bureau