Malware detection and prevention by monitoring and modifying a hardware pipeline
First Claim
1. A method of monitoring queued hardware instructions to protect operations of a wireless device that includes a hardware pipeline, comprising:
- accessing instructions currently queued in the hardware pipeline (“
queued instructions”
);
receiving a list of potentially malicious pathway instructions from a network server, the received list of potentially malicious pathway instructions including one or more likelihood values associated with one or more of the queued instructions;
determining, during pendency of the queued instructions in the hardware pipeline and based on the one or more likelihood values included in the received list of potentially malicious pathway instructions, a probability value that identifies a probability that executing the queued instructions will result in a malicious configuration;
determining at runtime whether the probability value exceeds a risk threshold value; and
preventing execution of the queued instructions in response to determining that the probability value exceeds the risk threshold value.
1 Assignment
0 Petitions
Accused Products
Abstract
The various aspects provide a method for recognizing and preventing malicious behavior on a mobile computing device before it occurs by monitoring and modifying instructions pending in the mobile computing device'"'"'s hardware pipeline (i.e., queued instructions). In the various aspects, a mobile computing device may preemptively determine whether executing a set of queued instructions will result in a malicious configuration given the mobile computing device'"'"'s current configuration. When the mobile computing device determines that executing the queued instructions will result in a malicious configuration, the mobile computing device may stop execution of the queued instructions or take other actions to preempt the malicious behavior before the queued instructions are executed.
54 Citations
28 Claims
-
1. A method of monitoring queued hardware instructions to protect operations of a wireless device that includes a hardware pipeline, comprising:
-
accessing instructions currently queued in the hardware pipeline (“
queued instructions”
);receiving a list of potentially malicious pathway instructions from a network server, the received list of potentially malicious pathway instructions including one or more likelihood values associated with one or more of the queued instructions; determining, during pendency of the queued instructions in the hardware pipeline and based on the one or more likelihood values included in the received list of potentially malicious pathway instructions, a probability value that identifies a probability that executing the queued instructions will result in a malicious configuration; determining at runtime whether the probability value exceeds a risk threshold value; and preventing execution of the queued instructions in response to determining that the probability value exceeds the risk threshold value. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A wireless device, comprising:
-
a memory; a hardware pipeline coupled to the memory; and a processor coupled to the memory and the hardware pipeline, wherein the processor is configured with processor-executable instructions to; access instructions currently queued in the hardware pipeline (“
queued instructions”
);receive a list of potentially malicious pathway instructions from a network server, the received list of potentially malicious pathway instructions including one or more likelihood values associated with one or more of the queued instructions; determine, during pendency of the queued instructions in the hardware pipeline and based on the one or more likelihood values included in the received list of potentially malicious pathway instructions, a probability value that identifies a probability that executing the queued instructions will result in a malicious configuration; determine at runtime whether the probability value exceeds a risk threshold value; and prevent execution of the queued instructions in response to determining that the probability value exceeds the risk threshold value. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A wireless device, comprising:
-
means for accessing instructions currently queued in a hardware pipeline (“
queued instructions”
);means for receiving a list of potentially malicious pathway instructions from a network server, the received list of potentially malicious pathway instructions including one or more likelihood values associated with one or more of the queued instructions; means for determining, during pendency of the queued instructions in the hardware pipeline and based on the one or more likelihood values included in the received list of potentially malicious pathway instructions, a probability value that identifies a probability that executing the queued instructions will result in a malicious configuration; means for determining at runtime whether the probability value exceeds a risk threshold value; and means for preventing execution of the queued instructions in response to determining that the probability value exceeds the risk threshold value. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A non-transitory processor-readable storage medium having stored thereon processor-executable instructions configured to cause a processor in a wireless device to perform operations comprising:
-
accessing instructions currently queued in a hardware pipeline (“
queued instructions”
);receiving a list of potentially malicious pathway instructions from a network server, the received list of potentially malicious pathway instructions including one or more likelihood values associated with one or more of the queued instructions; determining, during pendency of the queued instructions in the hardware pipeline and based on the one or more likelihood values included in the received list of potentially malicious pathway instructions, a probability value that identifies a probability that executing the queued instructions will result in a malicious configuration; determining at runtime whether the probability value exceeds a risk threshold value; and preventing execution of the queued instructions in response to determining that the probability value exceeds the risk threshold value. - View Dependent Claims (23, 24, 25, 26, 27, 28)
-
Specification