Malware detection and prevention by monitoring and modifying a hardware pipeline
First Claim
1. The method of monitoring queued hardware instructions to protect operations of a wireless device that includes a hardware pipeline, the method comprising:
- accessing instructions currently queued in the hardware pipeline (“
queued instructions”
);
determining whether executing the queued instructions could result in a malicious configuration based on information included in a malicious and pathway configuration database received from a network server;
determining whether the queued instructions have already been executed in response to determining that executing the queued instructions could result in the malicious configuration;
preventing execution of the queued instructions in response to determining that executing the queued instructions could result in the malicious configuration and that the queued instructions have not already been executed; and
implementing malicious behavior mitigation in response to determining that executing the queued instructions could result in the malicious configuration and that the queued instructions have already been executed.
1 Assignment
0 Petitions
Accused Products
Abstract
The various aspects provide a method for recognizing and preventing malicious behavior on a mobile computing device before it occurs by monitoring and modifying instructions pending in the mobile computing device'"'"'s hardware pipeline (i.e., queued instructions). In the various aspects, a mobile computing device may preemptively determine whether executing a set of queued instructions will result in a malicious configuration given the mobile computing device'"'"'s current configuration. When the mobile computing device determines that executing the queued instructions will result in a malicious configuration, the mobile computing device may stop execution of the queued instructions or take other actions to preempt the malicious behavior before the queued instructions are executed.
-
Citations
28 Claims
-
1. The method of monitoring queued hardware instructions to protect operations of a wireless device that includes a hardware pipeline, the method comprising:
-
accessing instructions currently queued in the hardware pipeline (“
queued instructions”
);determining whether executing the queued instructions could result in a malicious configuration based on information included in a malicious and pathway configuration database received from a network server; determining whether the queued instructions have already been executed in response to determining that executing the queued instructions could result in the malicious configuration; preventing execution of the queued instructions in response to determining that executing the queued instructions could result in the malicious configuration and that the queued instructions have not already been executed; and implementing malicious behavior mitigation in response to determining that executing the queued instructions could result in the malicious configuration and that the queued instructions have already been executed. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A wireless device, comprising:
-
a memory; a hardware pipeline coupled to the memory; a control unit coupled to the hardware pipeline and the memory; and a processor coupled to the memory and the control unit, wherein the control unit is configured to perform operations comprising; accessing instructions currently queued in the hardware pipeline (“
queued instructions”
); andpreventing execution of the queued instructions in response to a determination by the processor that executing the queued instructions could result in a malicious configuration and that the queued instructions have not already been executed; and wherein the processor is configured with processor-executable instructions to perform operations comprising; determining whether executing the queued instructions could result in the malicious configuration based on information included in a malicious and pathway configuration database received from a network server; determining whether the queued instructions have already been executed in response to determining that executing the queued instructions could result in the malicious configuration; and implementing malicious behavior mitigation in response to determining that executing the queued instructions could result in the malicious configuration and that the queued instructions have already been executed. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A wireless device, comprising:
-
means for accessing instructions currently queued in a hardware pipeline (“
queued instructions”
);means for determining whether executing the queued instructions could result in a malicious configuration based on information included in a malicious and pathway configuration database received from a network server; means for determining whether the queued instructions have already been executed in response to determining that executing the queued instructions could result in the malicious configuration; means for preventing execution of the queued instructions in response to determining that executing the queued instructions could result in the malicious configuration and that the queued instructions have not already been executed; and implementing malicious behavior mitigation in response to determining that executing the queued instructions could result in the malicious configuration and that the queued instructions have already been executed. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A non-transitory processor-readable storage medium having stored thereon processor-executable instructions, wherein:
-
the stored processor-executable instructions are configured to cause a control unit to perform operations comprising; accessing instructions currently queued in a hardware pipeline (“
queued instructions”
); andpreventing execution of the queued instructions in response to a determination by a device processor that executing the queued instructions could result in a malicious configuration and that the queued instructions have not already been executed, and the stored processor-executable instructions are configured to cause the device processor to perform operations comprising; determining whether executing the queued instructions could result in the malicious configuration based on information included in a malicious and pathway configuration database received from a network server; determining whether the queued instructions have already been executed in response to determining that executing the queued instructions could result in the malicious configuration; and implementing malicious behavior mitigation in response to determining that executing the queued instructions could result in the malicious configuration and that the queued instructions have already been executed. - View Dependent Claims (23, 24, 25, 26, 27, 28)
-
Specification