-
公开(公告)号:US20110047622A1
公开(公告)日:2011-02-24
申请号:US12546520
申请日:2009-08-24
申请人: Ginger M. Myles , Srinivas Vedula , Gianpaolo Fasoli , Julien Lerouge , Tanya Michelle Lattner , Augustin J. Farrugia
发明人: Ginger M. Myles , Srinivas Vedula , Gianpaolo Fasoli , Julien Lerouge , Tanya Michelle Lattner , Augustin J. Farrugia
CPC分类号: G06F21/54 , G06F9/4484 , G06F9/544 , G06F9/545
摘要: Disclosed herein are systems, computer-implemented methods, and computer-readable storage media for call path enforcement. The method includes tracking, during run-time, a run-time call order for a series of function calls in a software program, and when executing a protected function call during run-time, allowing or causing proper execution of a protected function call only if the run-time call order matches a predetermined order. The predetermined order can be an expected run-time call order based on a programmed order of function calls in the software program. The method can include maintaining an evolving value associated with the run-time call order and calling the protected function by passing the evolving value and function parameters corrupted based on the evolving value. The protected function uncorrupts the corrupted parameters based on the passed evolving value and an expected predetermined call order. A buffer containing the uncorrupted parameters can replace the corrupted parameters.
摘要翻译: 本文公开了用于呼叫路径实施的系统,计算机实现的方法和计算机可读存储介质。 该方法包括在运行期间跟踪软件程序中一系列函数调用的运行时调用顺序,以及在运行时执行受保护函数调用时,只允许或导致仅受保护函数调用的正确执行 如果运行时间调用顺序与预定顺序相匹配。 预定顺序可以是基于软件程序中的功能调用的编程顺序的期望的运行时呼叫顺序。 该方法可以包括维护与运行时呼叫顺序相关联的演进值,并通过传递基于演进值而破坏的演进值和功能参数来调用受保护功能。 受保护的功能基于传递的演进值和预期的预定呼叫顺序来破坏已损坏的参数。 包含未受损参数的缓冲区可以替换损坏的参数。
-
公开(公告)号:US08302210B2
公开(公告)日:2012-10-30
申请号:US12546520
申请日:2009-08-24
申请人: Ginger M. Myles , Srinivas Vedula , Gianpaolo Fasoli , Julien Lerouge , Tanya Michelle Lattner , Augustin J. Farrugia
发明人: Ginger M. Myles , Srinivas Vedula , Gianpaolo Fasoli , Julien Lerouge , Tanya Michelle Lattner , Augustin J. Farrugia
IPC分类号: G06F21/00
CPC分类号: G06F21/54 , G06F9/4484 , G06F9/544 , G06F9/545
摘要: Disclosed herein are systems, computer-implemented methods, and computer-readable storage media for call path enforcement. The method includes tracking, during run-time, a run-time call order for a series of function calls in a software program, and when executing a protected function call during run-time, allowing or causing proper execution of a protected function call only if the run-time call order matches a predetermined order. The predetermined order can be an expected run-time call order based on a programmed order of function calls in the software program. The method can include maintaining an evolving value associated with the run-time call order and calling the protected function by passing the evolving value and function parameters corrupted based on the evolving value. The protected function uncorrupts the corrupted parameters based on the passed evolving value and an expected predetermined call order. A buffer containing the uncorrupted parameters can replace the corrupted parameters.
摘要翻译: 本文公开了用于呼叫路径实施的系统,计算机实现的方法和计算机可读存储介质。 该方法包括在运行期间跟踪软件程序中一系列函数调用的运行时调用顺序,以及在运行时执行受保护函数调用时,只允许或导致仅受保护函数调用的正确执行 如果运行时间调用顺序与预定顺序相匹配。 预定顺序可以是基于软件程序中的功能调用的编程顺序的期望的运行时呼叫顺序。 该方法可以包括维护与运行时呼叫顺序相关联的演进值,并通过传递基于演进值而破坏的演进值和功能参数来调用受保护功能。 受保护的功能基于传递的演进值和预期的预定呼叫顺序来破坏已损坏的参数。 包含未受损参数的缓冲区可以替换损坏的参数。
-
公开(公告)号:US20090307657A1
公开(公告)日:2009-12-10
申请号:US12135032
申请日:2008-06-06
申请人: Augustin J. Farrugia , Julien Lerouge , Tanya Michelle Lattner , Ginger M. Myles , Gianpaolo Fasoli
发明人: Augustin J. Farrugia , Julien Lerouge , Tanya Michelle Lattner , Ginger M. Myles , Gianpaolo Fasoli
IPC分类号: G06F9/44
CPC分类号: G06F21/6209 , G06F21/10 , G06F21/6218 , G06F2221/2107
摘要: Disclosed herein are systems, methods, and computer readable-media for obfuscating array contents in a first array, the method comprising dividing the first array into a plurality of secondary arrays having a combined total size equal to or greater than the first array, expanding each respective array in the plurality of the secondary arrays by a respective multiple M to generate a plurality of expanded arrays, and arranging data elements within each of the plurality of expanded arrays such that a data element located at an index I in a respective secondary array is located at an index I*M, wherein M is the respective multiple M in an associated expanded array, wherein data in the first array is obfuscated in the plurality of expanded arrays. One aspect further splits one or more of the secondary arrays by dividing individual data elements in a plurality of sub-arrays. The split sub-arrays may contain more data elements than the respective secondary array. The principles herein may be applied to single dimensional or multi-dimensional arrays. The obfuscated array contents may be accessed via an index to the first array which is translated to retrieve data elements stored in the plurality of expanded arrays.
摘要翻译: 本文公开了用于在第一阵列中模糊阵列内容的系统,方法和计算机可读介质,所述方法包括将第一阵列划分成具有等于或大于第一阵列的组合总大小的多个次阵列, 通过相应的多个M在多个次级阵列中的相应阵列以生成多个扩展阵列,并且在多个扩展阵列中的每一个内布置数据元素,使得位于相应次级阵列中的索引I处的数据元素是 位于索引I * M处,其中M是相关联的扩展阵列中的相应多个M,其中第一阵列中的数据在多个扩展阵列中被模糊化。 一个方面通过划分多个子阵列中的各个数据元素来进一步分割一个或多个次级阵列。 分割子阵列可能包含比相应的辅助阵列更多的数据元素。 这里的原理可以应用于单维或多维阵列。 混淆的阵列内容可以经由第一数组的索引访问,该索引被转换以检索存储在多个扩展阵列中的数据元素。
-
公开(公告)号:US08434061B2
公开(公告)日:2013-04-30
申请号:US12135032
申请日:2008-06-06
申请人: Augustin J. Farrugia , Julien Lerouge , Tanya Michelle Lattner , Gideon M. Myles , Gianpaolo Fasoli
发明人: Augustin J. Farrugia , Julien Lerouge , Tanya Michelle Lattner , Gideon M. Myles , Gianpaolo Fasoli
IPC分类号: G06F9/44
CPC分类号: G06F21/6209 , G06F21/10 , G06F21/6218 , G06F2221/2107
摘要: Disclosed herein are systems, methods, and computer readable-media for obfuscating array contents in a first array, the method comprising dividing the first array into a plurality of secondary arrays having a combined total size equal to or greater than the first array, expanding each respective array in the plurality of the secondary arrays by a respective multiple M to generate a plurality of expanded arrays, and arranging data elements within each of the plurality of expanded arrays such that a data element located at an index I in a respective secondary array is located at an index I*M, wherein M is the respective multiple M in an associated expanded array, wherein data in the first array is obfuscated in the plurality of expanded arrays. One aspect further splits one or more of the secondary arrays by dividing individual data elements in a plurality of sub-arrays. The split sub-arrays may contain more data elements than the respective secondary array. The principles herein may be applied to single dimensional or multi-dimensional arrays. The obfuscated array contents may be accessed via an index to the first array which is translated to retrieve data elements stored in the plurality of expanded arrays.
摘要翻译: 本文公开了用于在第一阵列中模糊阵列内容的系统,方法和计算机可读介质,所述方法包括将第一阵列划分成具有等于或大于第一阵列的组合总大小的多个次阵列, 通过相应的多个M在多个次级阵列中的相应阵列以生成多个扩展阵列,并且在多个扩展阵列中的每一个内布置数据元素,使得位于相应次级阵列中的索引I处的数据元素是 位于索引I * M处,其中M是相关联的扩展阵列中的相应多个M,其中第一阵列中的数据在多个扩展阵列中被模糊化。 一个方面通过划分多个子阵列中的各个数据元素来进一步分割一个或多个次级阵列。 分割子阵列可能包含比相应的辅助阵列更多的数据元素。 这里的原理可以应用于单维或多维阵列。 混淆的阵列内容可以经由第一数组的索引访问,该索引被转换以检索存储在多个扩展阵列中的数据元素。
-
公开(公告)号:US20080291999A1
公开(公告)日:2008-11-27
申请号:US11807045
申请日:2007-05-24
IPC分类号: G11B27/036
CPC分类号: H04N7/1675 , H04N21/23608 , H04N21/23614 , H04N21/23895 , H04N21/8455
摘要: Method and apparatus for marking individual video frames of an H.264/AVC standard compliant or equivalent digital video stream. Each video frame in a H.264/AVC video stream is conventionally divided into NAL units. There are typically a number of NAL units for each video frame. There is specified in the H.264/AVC standard the SEI (Supplemental Enhancement Information) type. This type includes the user data unregistered type, which can contain arbitrary data. In the present method and apparatus, an NAL unit of this type is provided at the beginning of each video frame, preceding the other NAL units associated with that video frame. The data contained in that special SEI unit is typically control information for downstream control of use of the video content. Examples of the type of control information are stream positioning data such as a video frame number; stream bit rate, such as normal, fast forward; decryption data, such as a decryption key or key derivation seed; and validation elements, such as a checksum or hash function value or signature.
摘要翻译: 用于标记H.264 / AVC标准兼容或等效数字视频流的各个视频帧的方法和装置。 H.264 / AVC视频流中的每个视频帧通常被划分成NAL个单元。 每个视频帧通常有多个NAL单元。 在H.264 / AVC标准中规定了SEI(补充增强信息)类型。 这种类型包括可以包含任意数据的用户数据未注册类型。 在本方法和装置中,这种类型的NAL单元在与该视频帧相关联的其他NAL单元之前的每个视频帧的开始处被提供。 包含在该特殊SEI单元中的数据通常是下游控制视频内容的使用的控制信息。 控制信息类型的示例是诸如视频帧号的流定位数据; 流比特率,如正常,快进; 解密数据,如解密密钥或密钥导出种子; 和验证元素,例如校验和或散列函数值或签名。
-
公开(公告)号:US20130232507A1
公开(公告)日:2013-09-05
申请号:US13615974
申请日:2012-09-14
申请人: Augustin J. Farrugia , Daniel F. Reynaud , Gianpaolo Fasoli , Jonathan Gregory McLachlan , Julien Lerouge
发明人: Augustin J. Farrugia , Daniel F. Reynaud , Gianpaolo Fasoli , Jonathan Gregory McLachlan , Julien Lerouge
IPC分类号: G06F9/54
CPC分类号: G06F9/4423 , G06F9/4482 , G06F21/14 , G06F21/52
摘要: Methods, media and systems that use an encoded opaque pointer in an API between a client process and a library process. An encoded opaque pointer, in one embodiment, can be received by the library process from the client process, and the library process can decode the opaque pointer to obtain an address in memory containing a data structure pointed to by the opaque pointer. The library process can operate on the data structure to create a revised or processed data structure, stored in the same or different address in heap memory or stack memory, and the library process can encode and return a new opaque pointer, for the processed data structure, to the client process.
摘要翻译: 在客户端进程和库进程之间的API中使用编码的不透明指针的方法,介质和系统。 在一个实施例中,编码的不透明指针可以由库进程从客户端进程接收,并且库进程可以对不透明指针进行解码以获得包含由不透明指针指向的数据结构的存储器中的地址。 库过程可以对数据结构进行操作以创建存储在堆存储器或堆栈存储器中的相同或不同地址中的修改或处理的数据结构,并且库过程可以编码并返回新的不透明指针,用于处理的数据结构 ,到客户端进程。
-
公开(公告)号:US08719947B2
公开(公告)日:2014-05-06
申请号:US13554889
申请日:2012-07-20
IPC分类号: G06F7/00
CPC分类号: H04N7/163 , H04N5/913 , H04N7/1675 , H04N21/41407 , H04N21/4325 , H04N21/4398 , H04N21/4402 , H04N21/4408 , H04N2005/91364
摘要: Method and apparatus to prevent hacking of encrypted audio or video content during playback. Hackers, using a debugging attachment or other tools, can illicitly access encrypted data in memory in a playback device when the data is decrypted during playback and momentarily stored in digital form. This hacking is defeated here by methodically “poisoning” the encrypted data so that it is no longer playable by a standard decoder. The poisoning involves deliberate alteration of certain bit values. On playback, the player invokes a special secure routine that provides correction of the poisoned bit values, for successful playback.
摘要翻译: 播放期间防止加密音频或视频内容黑客入侵的方法和装置。 使用调试附件或其他工具的黑客可以在播放过程中解密数据并立即以数字形式存储时非法访问播放设备中的加密数据。 这个黑客在这里通过有条不紊地“中毒”加密的数据,使其不能被标准解码器播放,从而被击败。 中毒涉及故意改变某些位值。 在播放时,播放器调用特殊的安全程序,提供中毒位值的校正,以便成功播放。
-
公开(公告)号:US08256005B2
公开(公告)日:2012-08-28
申请号:US11651300
申请日:2007-01-08
IPC分类号: G06F7/00
CPC分类号: H04N7/163 , H04N5/913 , H04N7/1675 , H04N21/41407 , H04N21/4325 , H04N21/4398 , H04N21/4402 , H04N21/4408 , H04N2005/91364
摘要: Method and apparatus to prevent hacking of encrypted audio or video content during playback. Hackers, using a debugging attachment or other tools, can illicitly access encrypted data in memory in a playback device when the data is decrypted during playback and momentarily stored in digital form. This hacking is defeated here by methodically “poisoning” the encrypted data so that it is no longer playable by a standard decoder. The poisoning involves deliberate alteration of certain bit values. On playback, the player invokes a special secure routine that provides correction of the poisoned bit values, for successful playback.
摘要翻译: 播放期间防止加密音频或视频内容黑客入侵的方法和装置。 使用调试附件或其他工具的黑客可以在播放过程中解密数据并立即以数字形式存储时非法访问播放设备中的加密数据。 这个黑客在这里通过有条不紊地“中毒”加密的数据,使其不能被标准解码器播放,从而被击败。 中毒涉及故意改变某些位值。 在播放时,播放器调用特殊的安全程序,提供中毒位值的校正,以便成功播放。
-
9.发明申请SYSTEM AND METHOD FOR ENFORCING SOFTWARE SECURITY THROUGH CPU STATISTICS GATHERED USING HARDWARE FEATURES 审中-公开通过使用硬件特性获得CPU统计信息执行软件安全的系统和方法公开(公告)号:US20120179898A1
公开(公告)日:2012-07-12
申请号:US12987743
申请日:2011-01-10
申请人: Pierre Betouin , Jon McLachlan , Gianpaolo Fasoli , Julien Lerouge , Ganna Zaks , Augustin J. Farrugia
发明人: Pierre Betouin , Jon McLachlan , Gianpaolo Fasoli , Julien Lerouge , Ganna Zaks , Augustin J. Farrugia
IPC分类号: G06F9/30
CPC分类号: G06F9/3005 , G06F9/30076 , G06F9/3851 , G06F11/3476 , G06F21/71 , G06F2201/865 , G06F2201/88 , G06F2221/2101
摘要: This disclosure is directed to measuring hardware-based statistics, such as the number of instructions executed in a specific section of a program during execution, for enforcing software security. The counting can be accomplished through a specific set of instructions, which can either be implemented in hardware or included in the instruction set of a virtual machine. For example, the set of instructions can include atomic instructions of reset, start, stop, get instruction count, and get CPU cycle count. To obtain information on a specific section of code, a software developer can insert start and stop instructions around the desired code section. For each instruction in the identified code block, when the instruction is executed, a counter is incremented. The counter can be stored in a dedicated register. The gathered statistics can be used for a variety of purposes, such as detecting unauthorized code modifications or measuring code performance.
摘要翻译: 本公开涉及测量基于硬件的统计,诸如在执行期间在程序的特定部分中执行的指令的数量,用于执行软件安全性。 计数可以通过一组特定的指令来实现,这些指令可以在硬件中实现,也可以包含在虚拟机的指令集中。 例如,该指令集可以包括复位,开始,停止,获取指令计数以及获取CPU周期计数的原子指令。 要获取有关特定部分代码的信息,软件开发人员可以在所需代码段周围插入启动和停止指令。 对于识别的代码块中的每个指令,执行指令时,计数器递增。 计数器可以存储在专用寄存器中。 收集的统计信息可以用于各种目的,例如检测未经授权的代码修改或测量代码性能。
-
10.发明授权Software or other information integrity verification using variable block length and selection 有权使用可变块长度和选择的软件或其他信息完整性验证公开(公告)号:US07841010B2
公开(公告)日:2010-11-23
申请号:US11651359
申请日:2007-01-08
CPC分类号: G06F21/64
摘要: An integrity verification process and associated apparatus to detect tampering or other alterations to computer code (software) or other computer files, and especially useful to detect tampering with code by hackers who might try to plant their own malicious code in the software. To make the verification process more robust versus hackers, each e.g., object code file to be protected is first selected using some sort of rule, then partitioned into variable length blocks or portions, the lengths varying in an unpredictable manner. Each portion has its checksum or hash value computed. An accompanying verification file is created which includes a vector for each portion including the portion's start address in memory, length, and the computed checksum or hash value. When the code is later to be run (executed) the verification file is conventionally read and each portion is verified by computing its checksum or hash value using the same algorithm as before, and comparing that to the value in the associated verification file vector. Lack of a match in the two values indicates tampering, so execution of the code can be halted.
摘要翻译: 完整性验证过程和相关联的设备,用于检测对计算机代码(软件)或其他计算机文件的篡改或其他更改,并且特别有用于检测骇客可能尝试在软件中种植自己的恶意代码的篡改代码。 为了使验证过程比黑客更健壮,每个例如待保护的目标代码文件首先使用某种规则来选择,然后被分割成可变长度的块或部分,长度以不可预测的方式变化。 每个部分都有其计算的校验和或散列值。 创建伴随的验证文件,其中包括每个部分的向量,包括部分在内存中的起始地址,长度以及计算的校验和或哈希值。 当代码稍后运行(执行)时,常规地读取验证文件,并且通过使用与之前相同的算法计算其校验和或散列值来验证每个部分,并将其与相关联的验证文件向量中的值进行比较。 两个值中缺少匹配表示篡改,因此可以停止执行代码。
-
-
-
-
-
-
-
-
-
搜索结果
61 条记录 (耗时 0.023 秒)