US 10,891,382 B2
Cybersecurity by I/O inferred from execution traces
Timothy K. Bryant, Indialantic, FL (US); and Andrew R. Calvano, Draper, UT (US)
Assigned to Raytheon Company, Waltham, MA (US)
Filed by Raytheon Company, Waltham, MA (US)
Filed on May 4, 2018, as Appl. No. 15/971,637.
Prior Publication US 2019/0340366 A1, Nov. 7, 2019
Int. Cl. H04L 29/06 (2006.01); G06F 21/57 (2013.01); G06F 12/14 (2006.01); G06F 21/54 (2013.01)
CPC G06F 21/577 (2013.01) [G06F 12/145 (2013.01); G06F 21/54 (2013.01); G06F 2212/1052 (2013.01); G06F 2221/034 (2013.01)] 16 Claims
OG exemplary drawing
 
1. A non-transitory machine-readable medium including instructions that, when executed by a machine, cause the machine to perform operations comprising:
monitoring application access operations to a memory;
monitoring responses from the memory to the access operations;
generating and recording execution traces based on the monitored access operations and responses, the execution traces including data identifying an instruction to be performed and a corresponding memory location to access in performing the operation;
identifying and recording, with a corresponding execution trace, whether the instruction corresponds to an input or an output to the application based on the generated execution traces including recording an instruction corresponds to an output in response to determining a memory address of the instruction is written to multiple times by the application and recording an instruction corresponds to an input in response to determining a memory address of the instruction is written to by an entity other than the application and is subsequently accessed by the application; and
determining vulnerabilities of the application based on the recorded execution traces.