	US 12,481,750 B2
	Method of processing transactions from an untrusted source
Brendan James Moran, Histon (GB)
Assigned to Arm IP Limited, Cambridge (GB)
Appl. No. 17/040,353
Filed by Arm IP Limited, Cambridge (GB)
PCT Filed Jul. 19, 2019, PCT No. PCT/GB2019/052025 § 371(c)(1), (2) Date Sep. 22, 2020, PCT Pub. No. WO2020/049266, PCT Pub. Date Mar. 12, 2020.
Claims priority of application No. 1814556 (GB), filed on Sep. 6, 2018.
Prior Publication US 2021/0089643 A1, Mar. 25, 2021
Int. Cl. G06F 21/53 (2013.01); G06F 21/56 (2013.01)

CPC G06F 21/53 (2013.01) [G06F 21/566 (2013.01); G06F 2221/033 (2013.01); G06F 2221/2149 (2013.01)]

19 Claims

1. A computer implemented method of processing a transaction that mitigates a malicious attack occurring at an intended target environment resulting from processing the transaction, the computer implemented method comprising:

receiving, at an execution manager, a transaction to be executed, the transaction comprising at least two portions;

executing, in an emulated environment, a first portion of the transaction and monitoring the emulated environment for presence of pre-defined events and/or internal state changes indicative of the malicious attack;

determining a first emulation confidence value (E_CV) relating to the first portion of the transaction based on the presence or absence of any monitored pre-defined events and/or internal state changes;

determining a source confidence value (S_CV) for a source of the transaction;

determining a first transaction confidence value (T_CVv) based on the first emulation confidence value (E_CV),

varying a transaction confidence threshold based on the source confidence value (S_CV); and

comparing the first transaction confidence value to the transaction confidence threshold to determine whether to execute the first portion of the transaction in the target environment;

responsive to determining that the first transaction confidence value exceeds the transaction confidence threshold, transferring the first portion of the transaction to the target environment for execution;

receiving from the target environment a result of executing the first portion of the transaction;

responsive to determining successful execution of the first portion at the target environment based on the result of executing the first portion of the transaction, executing, in an emulated environment, a second portion of the transaction and monitoring the emulated environment for the presence of pre-defined events and/or internal state changes indicative of the malicious attack;

determining a second emulation confidence value (E_CV) relating to the second portion of the transaction based on the presence or absence of any monitored pre-defined events and/or internal state changes;

determining a second transaction confidence value (T_CV) based on the second emulation confidence value (E_CV);

comparing the second transaction confidence value to the transaction confidence threshold to determine whether to execute the second portion of the transaction in the target environment; and

responsive to determining that the second transaction confidence value exceeds the transaction confidence threshold, transferring the second portion of the transaction to the target environment for execution,

wherein the first portion of the transaction is transferred to the target environment before assessing a safety of the second portion of the transaction or emulating a second portion of the transaction in response to successful execution of the first portion at the target environment.