| CPC G06F 21/563 (2013.01) [G06F 12/14 (2013.01); G06F 21/64 (2013.01); G06F 2212/1052 (2013.01); G06F 2221/034 (2013.01)] | 20 Claims |
|
1. A method comprising:
executing, during a first period of time, a hash function on instruction data for executing a program code, the instruction data being stored at a first set of memory locations within memory;
comparing, during a first period of time, the hash of the instruction data at the first set of memory locations within the memory to an expected hash for the instruction data at the first set of memory locations within the memory to determine whether the first set of memory locations have been compromised by malware;
executing, during a second period of time, a hash function on static data for use by the program code, the static data being stored at a second set of memory locations with the memory;
comparing, during the second period of time, the hash of the static data at the second set of memory locations within the memory to an expected hash for the static data at the second set of memory locations within the memory to determine whether the second set of memory locations have been compromised by the malware;
executing, during a third period of time, a hash function on null data indicative of unused memory locations within the memory, the null data being stored at a third set of memory locations with the memory; and
comparing, during the third period of time, the hash of the null data at the third set of memory locations within the memory to an expected hash for the null data at the third set of memory locations within the memory to determine whether the third set of memory locations have been compromised by the malware.
|