-
公开(公告)号:US07644287B2
公开(公告)日:2010-01-05
申请号:US10902244
申请日:2004-07-29
申请人: Timothy J. Oerting , Philip J. Lafornara , Robert Ian Oliver , Scott A. Brender , Michael David Marr
发明人: Timothy J. Oerting , Philip J. Lafornara , Robert Ian Oliver , Scott A. Brender , Michael David Marr
IPC分类号: G06F11/30
CPC分类号: G06F21/51
摘要: Dynamic run-time verification of a module which is loaded in memory (in whole or in part) for execution is enabled by using pre-computed portion-level verification data for portions of the module smaller than the whole (e.g. at the page-level). A portion of the module as loaded into memory for execution can be verified. Pre-computed portion-level verification data is retrieved from storage and used to verify the loaded portions of the executable. Verification data may be, for example, a digitally signed hash of the portion. Where the operating system loader has modified the portion for execution, the modifications are reversed, removing any changes performed by the operating system. If the portion has not been tampered, this will return the portion to its original pre-loaded state. This version is then used to determine validity using the pre-computed portion-level verification. Additionally, during execution of the module, new portions/pages of the module which are loaded can be verified to ensure that they have not been changed, and a list of hot pages of the module can be made, including pages to be continually reverified, in order to ensure that no malicious changes have been made in the module.
摘要翻译: 通过对小于整个模块的部分(例如在页面级别)使用预先计算的部分级验证数据来启用加载在存储器(整体或部分)中用于执行的模块的动态运行时验证 )。 可以验证加载到存储器中用于执行的模块的一部分。 从存储器检索预先计算的部分级验证数据,并用于验证可执行文件的加载部分。 验证数据可以是例如该部分的经数字签名的散列。 在操作系统加载程序修改了执行部分的情况下,修改将相反,从而删除操作系统执行的任何更改。 如果该部分没有被篡改,这将使该部分返回到其原始预加载状态。 然后使用该版本使用预先计算的部分级验证来确定有效性。 此外,在执行模块期间,可以验证装载的模块的新部分/页面,以确保它们未被更改,并且可以制作模块的热页面列表,包括要不断重新验证的页面, 以确保模块中不会发生恶意更改。
-
公开(公告)号:US07739516B2
公开(公告)日:2010-06-15
申请号:US10794292
申请日:2004-03-05
CPC分类号: G06F12/1416 , G06F21/51
摘要: The import address table of a software module is verified in order to prevent detouring attacks. A determination is made regarding which entries in the IAT must be verified; all of the entries may be verified or some subset of the entries that are critical may be verified. For each external function, the external module containing the external function is loaded, if it is not already loaded. The function address in the exported function table is found. That address is compared to the address for the function in the IAT. Additionally, the external module, in one embodiment, is verified to ensure that it has not been modified. For a delay load IAT, a similar procedure is followed; however the delay load IAT may be periodically checked to ensure that the delay load IAT entries are either valid (indicating that the external function has been bound) or in their initial state (indicating that no binding has yet occurred).
摘要翻译: 验证软件模块的导入地址表,以防止迂回攻击。 确定必须验证IAT中的哪些条目; 可以验证所有条目,或者可以验证关键的条目的某些子集。 对于每个外部功能,如果外部模块尚未加载,则会加载包含外部功能的外部模块。 找到导出的功能表中的功能地址。 该地址与IAT中功能的地址进行比较。 此外,在一个实施例中,外部模块被验证以确保其未被修改。 对于延迟负载IAT,遵循类似的过程; 然而,可以定期检查延迟负载IAT以确保延迟负载IAT条目是有效的(指示外部功能已经被绑定)或处于其初始状态(指示还没有发生绑定)。
-
公开(公告)号:US07546587B2
公开(公告)日:2009-06-09
申请号:US10790302
申请日:2004-03-01
CPC分类号: G06F21/606 , G06F21/10
摘要: Run-time call stack verification is used to determine that a code module has been called by a legitimate caller. A return address on the stack indicates where execution is to return upon execution of the next return instruction, and this return address is indicative of where the code module was called from. The code module may determine that the call is allowed, or disallowed, based on the location of the return address. A calling convention is provided that allows the code module to be called through an intermediary, while also preserving the original return address that was in effect at the time the intermediary was called and also resisting modification to the call stack during the time that the original return address is being verified.
摘要翻译: 运行时调用堆栈验证用于确定代码模块已被合法调用者调用。 堆栈上的返回地址指示在执行下一个返回指令时执行的返回地址,此返回地址表示代码模块从哪里被调用。 代码模块可以基于返回地址的位置来确定允许或不允许该呼叫。 提供了一种调用约定,允许通过中介方式调用代码模块,同时还保留在中间件被调用时有效的原始返回地址,并且还可以在原始返回的时间内抵制对调用堆栈的修改 地址正在验证。
-
公开(公告)号:US07831838B2
公开(公告)日:2010-11-09
申请号:US10795068
申请日:2004-03-05
IPC分类号: G06F11/30
CPC分类号: G06F21/52 , G06F2221/2125
摘要: Dynamic run-time verification of a module which is loaded in memory (in whole or in part) for execution is enabled by storing hashes of smaller portions of the module (e.g. page-level hashes) as they should look when loaded into memory for execution. After an initial authentication is completed, hashes of smaller portions of the module are stored. These hashes consist of the portion of memory as modified by changes which would be made by the operating system loader operating normally. Thus, the hashes can be used to verify that the portion as loaded into memory for execution is 1) a correct copy of the portion of the software module, 2) correctly modified for execution by the processor, and 3) not tampered with since loading. Additionally, during execution of the module, new portions/pages of the module which are loaded can be verified to ensure that they have not been changed, and a list of hot pages of the module can be made, including pages to be continually re-verified, in order to ensure that no changes have been made in the module.
摘要翻译: 通过将模块的较小部分的哈希值(例如页面级别的哈希)存储在加载到存储器中以用于执行的内存(整体或部分)中的模块的动态运行时验证是可执行的 。 初始认证完成后,存储模块较小部分的散列。 这些散列由由操作系统加载器正常运行的更改所修改的存储器部分组成。 因此,可以使用散列来验证加载到存储器中用于执行的部分是1)软件模块的一部分的正确副本,2)被正确修改以供处理器执行,以及3)由于加载而不被篡改 。 另外,在执行模块期间,可以验证加载的模块的新部分/页面,以确保它们未被更改,并且可以制作模块的热页面列表,包括要连续重新编写的页面, 验证,以确保在模块中没有做出任何改变。
-
公开(公告)号:US20220317746A1
公开(公告)日:2022-10-06
申请号:US17847899
申请日:2022-06-23
申请人: Michael Cieslak , Jiayao Yu , Kai Chen , Farnaz Azmoodeh , Michael David Marr , Jun Huang , Zahra Ferdowsi
发明人: Michael Cieslak , Jiayao Yu , Kai Chen , Farnaz Azmoodeh , Michael David Marr , Jun Huang , Zahra Ferdowsi
摘要: The systems and methods manage thermal states of a device through user configuration of a client application on the device. The systems and methods set thermal thresholds associated with the device. The systems and methods infer the thermal thresholds from information gathered by a client application running on the device. The systems and methods implement a stored policy associated with a violation of one of the thermal thresholds by one of the monitored thermal states.
-
公开(公告)号:US20220276947A1
公开(公告)日:2022-09-01
申请号:US17747812
申请日:2022-05-18
申请人: Michael Cieslak , Jiayao Yu , Kai Chen , Farnaz Azmoodeh , Michael David Marr , Jun Huang , Zahra Ferdowsi , Olamide Valerie Olatunji , David Boyle , Claire Reinert
发明人: Michael Cieslak , Jiayao Yu , Kai Chen , Farnaz Azmoodeh , Michael David Marr , Jun Huang , Zahra Ferdowsi , Olamide Valerie Olatunji , David Boyle , Claire Reinert
摘要: Systems, devices, media, and methods are presented for releasing an application feature in incremental stages while monitoring the application for anomalies. The feature includes a package of code and an action setting. The methods in some implementations include identifying active devices on which the application has been installed, monitoring the application according to a set of metrics, activating the feature by changing its action setting for a first segment of the active devices, pausing the feature if an anomaly is detected among the set of metrics, and generating a repair ticket. As long as no anomaly is detected, the activating step proceeds for subsequent segments of the active devices, iteratively, until the release is completed. A feature rank may be used to process and release a plurality of features in order of priority.
-
公开(公告)号:US20220156179A1
公开(公告)日:2022-05-19
申请号:US17588759
申请日:2022-01-31
申请人: Michael Cieslak , Jiayao Yu , Kai Chen , Farnaz Azmoodeh , Michael David Marr , Jun Huang , Zahra Ferdowsi
发明人: Michael Cieslak , Jiayao Yu , Kai Chen , Farnaz Azmoodeh , Michael David Marr , Jun Huang , Zahra Ferdowsi
IPC分类号: G06F11/36
摘要: Systems, devices, media, and methods are presented for testing the capability of a mobile device to run a particular feature of an application. Each feature may include a package of code, a call, a state, and a condition; each condition correlated with a specific state. The call is a query that includes instructions to evaluate whether the application will run successfully if a particular feature is running. If the call fails, the feature condition remains Off, resulting in a rollback of the feature. If the call succeeds, the feature condition is changed to On. The system may include an experimentation framework on each mobile device for registering features, executing calls, logging results, and maintaining states and conditions.
-
公开(公告)号:US20220121492A1
公开(公告)日:2022-04-21
申请号:US17565776
申请日:2021-12-30
申请人: Michael Cieslak , Jiayao Yu , Kai Chen , Farnaz Azmoodeh , Michael David Marr , Jun Huang , Zahra Ferdowsi
发明人: Michael Cieslak , Jiayao Yu , Kai Chen , Farnaz Azmoodeh , Michael David Marr , Jun Huang , Zahra Ferdowsi
摘要: Systems, devices, media, and methods are presented for throttling (i.e., adjusting) the workload of an application (e.g., number of task requests) in order to improve processor core usage within a heterogeneous multiprocessor system. When high-performance processing is beneficial to the application, the number of task requests may be increased in order to have high-performance processor cores within the heterogeneous multiprocessor system core processor perform the tasks. On the other hand, when high-performance processing is not beneficial, the number of task requests may be decreased in order to have low-performance processor cores within the heterogeneous multiprocessor system perform the tasks. Processor core usage is monitored, and the number of tasks being performed are adjusted to match the processor core usage to a target processor core usage for functions the application is performing.
-
公开(公告)号:US10187309B1
公开(公告)日:2019-01-22
申请号:US13589822
申请日:2012-08-20
IPC分类号: G08C15/00 , H04L12/801
摘要: Disclosed are various embodiments for mitigating congestion in networks employing flow-based hashing to assign flows to routes. A flow of packets is sent from a source endpoint to a destination endpoint by way of a network. The flow of packets is associated with flow identification information. It is detected whether congestion is affecting the flow of packets in the network. A perturbation to the flow identification information for the flow of packets is effected in response to determining that congestion is affecting the flow of packets in the network.
-
公开(公告)号:US09037912B1
公开(公告)日:2015-05-19
申请号:US13592468
申请日:2012-08-23
IPC分类号: G06F11/22 , G06F15/177 , G06Q10/08
CPC分类号: G06F11/263 , G06F11/2205 , G06F11/3664 , G06F11/3688 , G06F2009/45562 , G06Q10/087
摘要: Disclosed are various embodiments of a computing device for acquiring a shipment manifest for a component assembly, the shipment manifest including expected asset data associated with the component assembly and a component of the component assembly. The computing device serves, via a network interface, a boot image executable by the component of the component assembly, the component including a processor. Empirical asset data associated with the component is obtained, via the network, by the computing device, the empirical asset data being supplied by the boot image. The computing device determines a validation response for the component assembly based at least upon a comparison of the empirical asset data with expected asset data.
摘要翻译: 公开了用于获取组件组件的装运清单的计算设备的各种实施例,所述装运清单包括与组件组件相关联的预期资产数据和组件组件的组件。 计算设备经由网络接口提供可由组件组件的组件执行的引导映像,该组件包括处理器。 通过网络,通过计算设备获得与组件相关联的经验资产数据,由启动映像提供的经验资产数据。 至少基于经验资产数据与预期资产数据的比较,计算装置确定组件装配的验证响应。
-
-
-
-
-
-
-
-
-
搜索结果
89 条记录 (耗时 0.063 秒)
