Abstract: In an aspect, a client device in a first network cell may obtain information that indicates a second network cell neighboring the first network cell, wherein the tracking area code (also referred to as location area code) of the second network cell is different from the tracking area code of the first network cell and is not included in the tracking area identifier list of the of the first network cell. The client device may use the obtained information to detect a nearby false network access node that may be imitating the second network access node to lure the client device to connect to the false network access node. In some aspects, a client device in a first geographical location may preemptively obtain a network access node list associated with a second geographical location in order to detect false network access nodes in the second geographical location.

Abstract: Techniques for securing executable code on a computing device are provided. An example method according to the disclosure includes accessing an image file comprising intermediate code or binary object code; accessing metadata associated with the image file, the metadata providing layout information for a layout of one or more randomizable components in the image file, where the one or more randomizable components comprise variables of one or more structure types, objects of one or more class types, one or more data sections in the image file, function argument list, or a combination of two or more of these; and randomizing the layout of elements of instances of the one or more randomizable components using the metadata to generate randomized intermediate code executable by a virtual machine or randomized binary object code executable by the computing device.

Abstract: Aspects of the disclosure are related to a method, comprising: detecting an incorrect first address to second address mapping in an Address Resolution Protocol (ARP) cache of one or more of: a user device or a gateway device; and performing one or more containment operations, wherein the containment operations comprise one or more of: transmitting an ARP request message that requests an Internet Protocol (IP) address to Media Access Control (MAC) address mapping for a gateway device onto a subnetwork, transmitting an ARP message that comprises an IP address to MAC address mapping for a user device onto the subnetwork, or alerting a user.

Abstract: Various aspects are described herein. In some aspects, the present disclosure provides a method of communicating data between an electronic unit of a system-on-chip (SoC) and a dynamic random access memory (DRAM). The method includes initiating a memory transaction corresponding to first data. The method includes determining a non-unique first signature and a unique second signature associated with the first data based on content of the first data. The method includes determining if the non-unique first signature is stored in at least one of a local buffer on the SoC separate from the DRAM or the DRAM. The method includes determining if the unique second signature is stored in at least one of the local buffer or the DRAM based on determining the non-unique first signature is stored. The method includes eliminating the memory transaction with respect to the DRAM based on determining the unique second signature is stored.

Abstract: Various aspects are described herein. In some aspects, the present disclosure provides a method of communicating data between an electronic unit of a system-on-chip (SoC) and a dynamic random access memory (DRAM). The method includes initiating a memory transaction corresponding to first data. The method includes determining a non-unique first signature and a unique second signature associated with the first data based on content of the first data. The method includes determining if the non-unique first signature is stored in at least one of a local buffer on the SoC separate from the DRAM or the DRAM. The method includes determining if the unique second signature is stored in at least one of the local buffer or the DRAM based on determining the non-unique first signature is stored. The method includes eliminating the memory transaction with respect to the DRAM based on determining the unique second signature is stored.

Abstract: A method for multi-instance learning (MIL)-based classification of a streaming input is described. The method includes running a first biased MIL model using extracted features from a subset of instances received in the streaming input to obtain a first classification result. The method also includes running a second biased MIL model using the extracted features to obtain a second classification result. The first biased MIL model is biased opposite the second biased MIL model. The method further includes classifying the streaming input based on the classification results of the first biased MIL model and the second biased MIL model.

Abstract: Systems, methods, and computer programs are disclosed for detecting high-level functionality of an application executing on a computing device. One method comprises storing, in a secure memory on a computing device, a virtual address mapping table for an application. The virtual address mapping table comprises a plurality of virtual addresses in the application binary code mapped to corresponding target application functionalities. The application is registered with a high-level operating system (HLOS). During execution of the application binary code, the HLOS detects when one or more of the virtual addresses corresponding to the target application functionalities are executed based on the virtual address mapping table.

Abstract: Systems and methods are disclosed for detecting high-level functionality of an application executing on a computing device. One method comprises storing, in a secure memory, an application-specific virtual address mapping table for an application. The application-specific virtual address mapping table comprises a plurality of virtual address offsets in the application binary code mapped to corresponding target application functionalities. In response to launching the application, a process-specific virtual address mapping table is generated for an instance of an application process to be executed. The process-specific virtual address mapping table defines actual virtual addresses corresponding to the target application functionalities using the virtual address offsets in the application-specific virtual address mapping table.

Abstract: Systems, methods, and computer programs are disclosed for updating virtual memory addresses of target application functionalities for an updated version of application binary code. The method comprises storing a virtual address mapping table associated with application binary code registered with a high-level operating system. The virtual address mapping table comprises a plurality of virtual addresses mapped to corresponding target application functionalities in the application binary code. In response to receiving an updated version of the application binary code, a pseudo binary code template is selected, which is associated with one or more of the plurality of virtual addresses in the virtual address mapping table. The pseudo binary code template is matched to binary instructions in the updated version of the application binary code. The new virtual addresses corresponding to the matching binary instructions are determined. The virtual address mapping table is updated with the new virtual addresses.

Abstract: Web security methods and apparatus are disclosed herein. A method includes receiving a detection model for detecting malicious webpages via a transceiver of the computing device, and storing the detection model in a non-volatile memory of the computing device. One or more JavaScripts are detected in the webpage, wherein each of the JavaScripts can be separately executed. A feature vector for each of the JavaScripts may be generated, either incrementally as the web page is being loaded or prefetching the JavaScript for the web page, to produce one or more feature vectors for the webpage, wherein a particular feature vector includes values for different features of a JavaScript. Each of the feature vectors are analyzed with the multi-instance learning based detection model to determine whether the webpage from which the JavaScripts originate is malicious or benign.

Abstract: Systems, methods, and computer programs are disclosed for scheduling decompression of an application from flash storage. One embodiment of a system comprises a flash memory device and a preemptive decompression scheduler component. The preemptive decompression scheduler component comprises logic configured to generate and store metadata defining one or more dependent objects associated with the compressed application in response to an application installer component installing a compressed application to the flash memory device. In response to a launch of the compressed application by an application launcher component, the preemptive decompression scheduler component determines from the stored metadata the one or more dependent objects associated with the compressed application to be launched. The preemptive decompression scheduler component preemptively schedules decompression of the one or more dependent objects based on the stored metadata.

Abstract: An anti-cross-site scripting (anti-XSS) feature is provided at an operating system without reliance on higher-level third-party software (e.g., browsers, anti-virus software, etc.). A Uniform Resource Locator (URL) link is intercepted at a kernel level of an operating system of a device. It is then ascertained whether the URL link includes a cross-site script. If so, a determination is also made as to whether the cross-site script is an untrusted script (e.g., potentially harmful, malicious, or non-benign script). Execution of the URL link is terminated if it is determined that the cross-site script is an untrusted script.

Abstract: A method and computing device for generating an intermediate representation of received source code for compiling or interpreting on the computing device are disclosed. The method may include receiving source code at the computing device and finding similar source code cached on the computing device that is not the same as the received source code. The received source code is compared to the similar source code to determine one or more differences between the received source code and the similar source code. Metadata for the similar source code is accessed, an intermediate representation of the cached source code is retrieved, and the intermediate representation of the cached source code is first copied and the copy is modified using the one or more differences in connection with the metadata to generate an intermediate representation for the received source code.

Abstract: A computing device with an optimizing compiler is disclosed that is configured to generate optimized machine code including a vector operation corresponding to multiple scalar operations where the vector operation is a single operation on multiple pairs of operands. The optimizing compiler includes a vector guard condition generator configured to generate a vector guard condition for one or more vector operations, a mapping module to generate a mapping between elements of the vector guard condition and positions of the relevant scalar operations in the non-optimized machine code or intermediate representation of the source code, and a guard condition handler configured to initiate execution from a particular scalar operation in the non-optimized machine code or intermediate representation if the vector guard condition is triggered. The computing device may include a non-optimizing compiler and/or an interpreter to perform execution of the scalar operations if the vector guard condition is triggered.

Abstract: Systems, methods, and computer programs are disclosed for scheduling volatile memory maintenance events. One embodiment is a method comprising: a memory controller determining a time-of-service (ToS) window for executing a maintenance event for a volatile memory device coupled to the memory controller via a memory data interface; the memory controller providing a signal to each of a plurality of processors on a system on chip (SoC) for scheduling the maintenance event; each of the plurality of processors independently generating in response to the signal a corresponding schedule notification for the maintenance event; and the memory controller determining when to execute the maintenance event in response to receiving one or more of the schedule notifications generated by the plurality of processors and based on a processor priority scheme.

Abstract: Systems, methods, and devices for executing a function in a dynamically-typed language are described herein. In one aspect, a method includes generating a function selection decision tree based on one or more specializations of a generic function and one or more function inputs via an electronic device. The method further includes selecting one of the specializations or the generic function based on an input type of at least one function input via the electronic device. The method further includes calling the selected specialization or generic function via the electronic device. Another aspect of the subject matter described in the disclosure provides a method of executing a function in a prototype-based dynamically-typed language. The method includes maintaining a list of calls to one or more specializations of the function via the electronic device. The method further includes creating or destroying a specialization of the function via the electronic device.