Abstract: An apparatus and a method for protecting kernel control-flow integrity using static binary instrumentation are provided. The method includes configuring a compiler to reserve a register in a processor, compiling source code into a binary based on the configured compiler, and modifying the binary to prevent exploits using the reserved register, wherein the reserved register stores a first encryption key for encrypting and decrypting return addresses. The reserved register stores an encryption key that is used to encrypt and decrypt return addresses to prevent control flow exploits.

Abstract: An apparatus and a method for protecting kernel control-flow integrity using static binary instrumentation are provided. The method includes configuring a compiler to reserve a register in a processor, compiling source code into a binary based on the configured compiler, and modifying the binary to prevent exploits using the reserved register, wherein the reserved register stores a first encryption key for encrypting and decrypting return addresses. The reserved register stores an encryption key that is used to encrypt and decrypt return addresses to prevent control flow exploits.

Abstract: An apparatus and a method for protecting kernel control-flow integrity using static binary instrumentation are provided. The method includes configuring a compiler to reserve a register in a processor, compiling source code into a binary based on the configured compiler, and modifying the binary to prevent exploits using the reserved register, wherein the reserved register stores a first encryption key for encrypting and decrypting return addresses. The reserved register stores an encryption key that is used to encrypt and decrypt return addresses to prevent control flow exploits.

Abstract: A method for verifying data integrity of a block device is provided. The method includes providing a secure world execution environment configured to monitor changes to data blocks of a block device, within the secure world execution environment, generating a hash for changed data blocks of the block device, and within the secure world execution environment, verifying and generating a cryptographic signature.

Abstract: An apparatus and method for protecting kernel data integrity in an electronic device are provided. The method includes mapping a specified type of data to a read-only memory area, detecting a write attempt to the specified type of data, determining whether a process attempting to write to the specified type of data is permitted according to a specified condition, and allowing the write attempt if the process attempting to write to the specified type of data satisfies the specified condition.

Abstract: An apparatus and a method for protecting kernel control-flow integrity using static binary instrumentation are provided. The method includes configuring a compiler to reserve a register in a processor, compiling source code into a binary based on the configured compiler, and modifying the binary to prevent exploits using the reserved register, wherein the reserved register stores a first encryption key for encrypting and decrypting return addresses. The reserved register stores an encryption key that is used to encrypt and decrypt return addresses to prevent control flow exploits.

Abstract: Methods, systems, and computer readable media for active monitoring, memory protection, and integrity verification of a target device are disclosed. For example, a normal world virtual processor and a secure world virtual processor are instantiated on a target device. A target operating system is executed on the normal world virtual processor. An integrity verification agent is executed on the secure world virtual processor. One or more predetermined operations attempted on the normal world virtual processor are trapped to the secure world virtual processor. The integrity verification agent is used to determine the effect of the execution of the trapped operations on the target device.

Abstract: A method for verifying data integrity of a block device is provided. The method includes providing a secure world execution environment configured to monitor changes to data blocks of a block device, within the secure world execution environment, generating a hash for changed data blocks of the block device, and within the secure world execution environment, verifying and generating a cryptographic signature.

Abstract: An apparatus and method for protecting kernel data integrity in an electronic device are provided. The method includes mapping a specified type of data to a read-only memory area, detecting a write attempt to the specified type of data, determining whether a process attempting to write to the specified type of data is permitted according to a specified condition, and allowing the write attempt if the process attempting to write to the specified type of data satisfies the specified condition.

Abstract: Methods, systems, and computer readable media for active monitoring, memory protection, and integrity verification of a target device are disclosed. For example, a normal world virtual processor and a secure world virtual processor are instantiated on a target device. A target operating system is executed on the normal world virtual processor. An integrity verification agent is executed on the secure world virtual processor. One or more predetermined operations attempted on the normal world virtual processor are trapped to the secure world virtual processor. The integrity verification agent is used to determine the effect of the execution of the trapped operations on the target device.