-
公开(公告)号:US08584254B2
公开(公告)日:2013-11-12
申请号:US13314209
申请日:2011-12-08
申请人: Weidong Cui , Marcus Peinado , Martim Carbone
发明人: Weidong Cui , Marcus Peinado , Martim Carbone
CPC分类号: G06F21/53 , G06F12/1441 , G06F21/566
摘要: Technologies pertaining to detecting accesses to monitored regions of memory and transmitting data to a protection system responsive to the detecting are described herein. A region of memory that includes objects in an object graph utilized by an operating system to determine which processes to execute and an order to execute such processes is monitored. If a process executing on a processor attempts to write to an object in the object graph, a field that is being written to is identified, and a determination is made regarding whether the field includes a pointer. Based upon whether the field includes a pointer, a type of write desirably undertaken by the object is ascertained, and an object event is transmitted to the protection system that informs the protection system of the type of write.
摘要翻译: 本文描述了关于检测对监视的存储器区域的访问以及响应于检测将数据发送到保护系统的技术。 包括由操作系统使用的对象图中的对象来确定执行哪些进程和执行这些处理的命令的内存区域。 如果在处理器上执行的进程尝试写入对象图中的对象,则识别正被写入的字段,并且确定该字段是否包括指针。 基于该字段是否包括指针,确定由对象期望地执行的写入类型,并且将对象事件发送到向保护系统通知写入类型的保护系统。
-
公开(公告)号:US20130152207A1
公开(公告)日:2013-06-13
申请号:US13314209
申请日:2011-12-08
申请人: Weidong Cui , Marcus Peinado , Martim Carbone
发明人: Weidong Cui , Marcus Peinado , Martim Carbone
CPC分类号: G06F21/53 , G06F12/1441 , G06F21/566
摘要: Technologies pertaining to detecting accesses to monitored regions of memory and transmitting data to a protection system responsive to the detecting are described herein. A region of memory that includes objects in an object graph utilized by an operating system to determine which processes to execute and an order to execute such processes is monitored. If a process executing on a processor attempts to write to an object in the object graph, a field that is being written to is identified, and a determination is made regarding whether the field includes a pointer. Based upon whether the field includes a pointer, a type of write desirably undertaken by the object is ascertained, and an object event is transmitted to the protection system that informs the protection system of the type of write.
摘要翻译: 本文描述了关于检测对监视的存储器区域的访问以及响应于检测将数据发送到保护系统的技术。 包括由操作系统使用的对象图中的对象来确定执行哪些进程和执行这些处理的命令的内存区域。 如果在处理器上执行的进程尝试写入对象图中的对象,则识别正被写入的字段,并且确定该字段是否包括指针。 基于该字段是否包括指针,确定由对象期望地执行的写入类型,并且将对象事件发送到向保护系统通知写入类型的保护系统。
-
公开(公告)号:US09329845B2
公开(公告)日:2016-05-03
申请号:US12477954
申请日:2009-06-04
申请人: Weidong Cui , Marcus Peinado
发明人: Weidong Cui , Marcus Peinado
IPC分类号: G06F9/45
CPC分类号: G06F8/434
摘要: A system described herein includes a receiver component that receives source code from a computer-readable medium of a computing device and a static analysis component that executes a points-to analysis algorithm over the source code to cause generation of a points-to graph, wherein the points-to graph is a directed graph that comprises a plurality of nodes and a plurality of edges, wherein nodes of the points-to graph represent pointers in the source code and edges represent inclusion relationships in the source code. The system also includes an inference component that infers target types for generic pointers in the source code based at least in part upon known type definitions and global variables in the source code.
摘要翻译: 本文描述的系统包括从计算设备的计算机可读介质接收源代码的接收器组件和在源代码上执行点对分析算法以产生点对图的静态分析组件,其中 点对图是包括多个节点和多个边缘的有向图,其中点对图的节点表示源代码中的指针,边缘表示源代码中的包含关系。 该系统还包括至少部分地基于源代码中的已知类型定义和全局变量来推断源代码中的通用指针的目标类型的推理组件。
-
公开(公告)号:US08613096B2
公开(公告)日:2013-12-17
申请号:US11948681
申请日:2007-11-30
IPC分类号: H04L29/06
CPC分类号: H04L63/1433 , G06F21/577
摘要: The claimed subject matter provides a system and/or method that generates data patches for vulnerabilities. The system can include devices and components that examine exploits received or obtained from data streams, constructs probes and determines whether the probes take advantage of vulnerabilities. Based at least in part on such determinations data patches are dynamically generated to remedy the hitherto vulnerabilities.
摘要翻译: 所要求保护的主题提供了生成用于漏洞的数据补丁的系统和/或方法。 该系统可以包括检查从数据流接收或获取的漏洞的设备和组件,构建探测并确定探针是否利用漏洞。 至少部分地基于这样的确定,动态地产生数据补丁以补救迄今为止的漏洞。
-
5.发明申请DEMAND-DRIVEN ANALYSIS OF POINTERS FOR SOFTWARE PROGRAM ANALYSIS AND DEBUGGING 有权软件程序分析和调试指标的需求驱动分析公开(公告)号:US20130055207A1
公开(公告)日:2013-02-28
申请号:US13220651
申请日:2011-08-29
申请人: Weidong Cui , Marcus Peinado , Zhilei Xu
发明人: Weidong Cui , Marcus Peinado , Zhilei Xu
IPC分类号: G06F9/44
CPC分类号: G06F8/434 , G06F11/3608
摘要: A “Demand-Driven Pointer Analyzer” (DDPA) provides a “demand-driven” field-sensitive pointer analysis process. This process rapidly and accurately identifies alias sets for selected pointers in software modules or programs of any size, including large-scale C/C++ programs such as a complete operating system (OS). The DDPA formulates the pointer analysis task as a Context-Free Language (CFL) reachability problem that operates using a Program Expression Graph (PEG) automatically constructed from the program code. The PEG provides a node and edge-based graph representation of all expressions and assignments in the program and allows the DDPA to rapidly identify aliases for pointers in the program by traversing the graph as a CFL reachability problem to determine pointer alias sets. In various embodiments, the DDPA is also context-sensitive.
摘要翻译: 需求驱动指针分析器(DDPA)提供了一种需求驱动的现场敏感指针分析过程。 此过程可快速准确地识别软件模块或任何大小的程序(包括大型C / C ++程序,如完整的操作系统(OS))中的所选指针的别名集。 DDPA使用由程序代码自动构建的程序表达式图(PEG)来运行,使指针分析任务形成为无上下文语言(CFL)可达性问题。 PEG提供程序中所有表达式和赋值的节点和边缘图表示,并允许DDPA通过遍历图形来快速识别程序中的指针的别名,作为CFL可达性问题,以确定指针别名集。 在各种实施例中,DDPA也是上下文相关的。
-
公开(公告)号:US20090144827A1
公开(公告)日:2009-06-04
申请号:US11948681
申请日:2007-11-30
IPC分类号: G06F15/18
CPC分类号: H04L63/1433 , G06F21/577
摘要: The claimed subject matter provides a system and/or method that generates data patches for vulnerabilities. The system can include devices and components that examine exploits received or obtained from data streams, constructs probes and determines whether the probes take advantage of vulnerabilities. Based at least in part on such determinations data patches are dynamically generated to remedy the hitherto vulnerabilities.
摘要翻译: 所要求保护的主题提供了生成用于漏洞的数据补丁的系统和/或方法。 该系统可以包括检查从数据流接收或获取的漏洞的设备和组件,构建探测并确定探针是否利用漏洞。 至少部分地基于这样的确定,动态地产生数据补丁以补救迄今为止的漏洞。
-
7.发明授权Demand-driven analysis of pointers for software program analysis and debugging 有权软件程序分析和调试指针的需求驱动分析公开(公告)号:US08589888B2
公开(公告)日:2013-11-19
申请号:US13220651
申请日:2011-08-29
申请人: Weidong Cui , Marcus Peinado , Zhilei Xu
发明人: Weidong Cui , Marcus Peinado , Zhilei Xu
CPC分类号: G06F8/434 , G06F11/3608
摘要: A “Demand-Driven Pointer Analyzer” (DDPA) provides a “demand-driven” field-sensitive pointer analysis process. This process rapidly and accurately identifies alias sets for selected pointers in software modules or programs of any size, including large-scale C/C++ programs such as a complete operating system (OS). The DDPA formulates the pointer analysis task as a Context-Free Language (CFL) reachability problem that operates using a Program Expression Graph (PEG) automatically constructed from the program code. The PEG provides a node and edge-based graph representation of all expressions and assignments in the program and allows the DDPA to rapidly identify aliases for pointers in the program by traversing the graph as a CFL reachability problem to determine pointer alias sets. In various embodiments, the DDPA is also context-sensitive.
摘要翻译: “需求驱动的指针分析器”(DDPA)提供了一个“需求驱动的”现场敏感指针分析过程。 此过程可快速准确地识别软件模块或任何大小的程序(包括大型C / C ++程序,如完整的操作系统(OS))中的所选指针的别名集。 DDPA使用由程序代码自动构建的程序表达式图(PEG)来运行,使指针分析任务形成为无上下文语言(CFL)可达性问题。 PEG提供程序中所有表达式和赋值的节点和边缘图表示,并允许DDPA通过遍历图形来快速识别程序中的指针的别名,作为CFL可达性问题,以确定指针别名集。 在各种实施例中,DDPA也是上下文相关的。
-
公开(公告)号:US20100313190A1
公开(公告)日:2010-12-09
申请号:US12477954
申请日:2009-06-04
申请人: Weidong Cui , Marcus Peinado
发明人: Weidong Cui , Marcus Peinado
IPC分类号: G06F9/45
CPC分类号: G06F8/434
摘要: A system described herein includes a receiver component that receives source code from a computer-readable medium of a computing device and a static analysis component that executes a points-to analysis algorithm over the source code to cause generation of a points-to graph, wherein the points-to graph is a directed graph that comprises a plurality of nodes and a plurality of edges, wherein nodes of the points-to graph represent pointers in the source code and edges represent inclusion relationships in the source code. The system also includes an inference component that infers target types for generic pointers in the source code based at least in part upon known type definitions and global variables in the source code.
摘要翻译: 本文描述的系统包括从计算设备的计算机可读介质接收源代码的接收器组件和在源代码上执行点到分析算法以产生点对图的静态分析组件,其中 点对图是包括多个节点和多个边缘的有向图,其中点对图的节点表示源代码中的指针,边缘表示源代码中的包含关系。 该系统还包括至少部分地基于源代码中的已知类型定义和全局变量来推断源代码中的通用指针的目标类型的推理组件。
-
公开(公告)号:US08935677B2
公开(公告)日:2015-01-13
申请号:US12098496
申请日:2008-04-07
申请人: Weidong Cui , Marcus Peinado , Karl Chen , Jiahe Helen Wang , Luis Irun-Briz
发明人: Weidong Cui , Marcus Peinado , Karl Chen , Jiahe Helen Wang , Luis Irun-Briz
CPC分类号: G06F8/53
摘要: Systems and methods for automatically reverse engineering an input data format using dynamic data flow analysis. Combining input data with a simulated execution of the binary program using the input data and analyzing the use of the data by the program to generate a BNL-like grammar representing the input data format. The input data can be application level protocols, network protocols or formatted files.
摘要翻译: 使用动态数据流分析自动逆向工程输入数据格式的系统和方法。 将输入数据与使用输入数据的二进制程序的模拟执行相结合,并通过程序分析数据的使用,以生成表示输入数据格式的类BNL语法。 输入数据可以是应用级协议,网络协议或格式化文件。
-
公开(公告)号:US08566944B2
公开(公告)日:2013-10-22
申请号:US12767810
申请日:2010-04-27
申请人: Marcus Peinado , Weidong Cui
发明人: Marcus Peinado , Weidong Cui
IPC分类号: G06F12/16
CPC分类号: G06F21/566 , G06F21/554
摘要: Technology is described for malware investigation by analyzing computer memory in a computing device. The method can include performing static analysis on code for a software environment to form an extended type graph. A raw memory snapshot of the computer memory can be obtained at runtime. The raw memory snapshot may include the software environment executing on the computing device. Dynamic data structures can be found in the raw memory snapshot using the extended type graph to form an object graph. An authorized memory area can be defined having executable code, static data structures, and dynamic data structures. Implicit and explicit function pointers can be identified. The function pointers can be checked to validate that the function pointers reference a valid memory location in the authorized memory area and whether the computer memory is uncompromised.
摘要翻译: 通过分析计算设备中的计算机内存来描述恶意软件调查技术。 该方法可以包括对软件环境的代码执行静态分析以形成扩展类型图。 可以在运行时获取计算机内存的原始内存快照。 原始内存快照可以包括在计算设备上执行的软件环境。 动态数据结构可以使用扩展类型图在原始内存快照中找到,形成对象图。 可以定义授权的存储区域,具有可执行代码,静态数据结构和动态数据结构。 可以识别隐式和显式函数指针。 可以检查函数指针以验证函数指针是否引用了授权内存区域中的有效内存位置以及计算机内存是否不妥协。
-
-
-
-
-
-
-
-
-
搜索结果
23 条记录 (耗时 0.019 秒)
