公开(公告)号：US06871344B2

公开(公告)日：2005-03-22

申请号：US09842278

申请日：2001-04-24

Applicant: Michael J. Grier ,  Sanjay G. Shenoy ,  RoseMarie FitzSimons ,  David D'Souza ,  Srivatsan Parthasarathy ,  Micheal Dunn ,  Alan Shi

Inventor： Michael J. Grier ,  Sanjay G. Shenoy ,  RoseMarie FitzSimons ,  David D'Souza ,  Srivatsan Parthasarathy ,  Micheal Dunn ,  Alan Shi

IPC: G06F9/44 ,  G06F9/45

CPC classification number: G06F8/54 ,  G06F8/71 ,  G06F9/44536

Abstract: A method, system and infrastructure that allow an application to run with specified versions of assemblies bound thereto, while allowing the application author, assembly publisher and/or an administrator to change the originally-specified version as desired. Each assembly may exist and run side-by-side on the system with other versions of the same assembly being used by other applications. An application manifest specifies any desired assembly versions, which may be redirected to another version (overridden) by an application configuration. A publisher configuration provided by an assembly publisher can similarly override the specified version. Lastly, an administrator configuration is capable of overriding other configuration versioning information. A table built from the manifest and any configuration redirection may be accessed during execution to quickly locate the appropriate version. The various configuration data structures themselves may be wrapped as assemblies, thereby enabling versioning of configurations.

Abstract translation: 允许应用程序以绑定到其中的程序集的指定版本运行的方法，系统和基础架构，同时允许应用程序作者，程序集发行人和/或管理员根据需要更改原始指定的版本。 每个组件可能存在并且并行运行在系统上，而其他应用程序正在使用相同组件的其他版本。 应用程序清单指定任何所需的程序集版本，它们可能被应用程序配置重定向到另一个版本（被覆盖）。 程序集发布者提供的发布者配置可以同样覆盖指定的版本。 最后，管理员配置能够覆盖其他配置版本控制信息。 可以在执行期间访问从清单构建的表和任何配置重定向，以快速找到适当的版本。 各种配置数据结构本身可以被包装成组件，从而实现配置的版本化。

公开(公告)号：US20050060725A1

公开(公告)日：2005-03-17

申请号：US10973180

申请日：2004-10-26

Applicant: David D'Souza ,  Seetharaman Harikrishnnan ,  Peter Wilson ,  RoseMarie FitzSimons

Inventor： David D'Souza ,  Seetharaman Harikrishnnan ,  Peter Wilson ,  RoseMarie FitzSimons

IPC: G06F9/44 ,  G06F9/445 ,  G06F17/30

CPC classification number: G06F9/44536 ,  Y10S707/99943 ,  Y10S707/99954

Abstract: Methods, systems and data structure are described for implementing local isolated DLL and/or COM components. A version of a shared component is stored in a local directory with an application that uses that particular version. Another version of the shared component exists on the system and is useable by any number of other computer programs. A local file is created in the local directory that indicates the presence of an isolated version of the shared component. When the application calls the shared component, the system uses the isolated version of the shared component stored locally with the application program. Thus, specific versions of components may be provided to a calling application without making any code changes to the calling application or to the component to which the calling application is bound.

公开(公告)号：US6052707A

公开(公告)日：2000-04-18

申请号：US667377

申请日：1996-06-21

Applicant: David D'Souza

Inventor： David D'Souza

IPC: G06F9/48 ,  G06F9/00

CPC classification number: G06F9/4881 ,  G06F2209/484

Abstract: An operating system combines preemptive scheduling with cooperative or non-preemptive scheduling. In particular, tasks are divided into groups of interdependent tasks. Each group includes tasks that should not be run a synchronously relative to each other. The scheduler in the operating system provides each group with a time slot of processor time. The tasks within the group are cooperatively scheduled to exploit the time slot assigned to the group. Dependencies between modules and tasks are maintained to assure that no difficulties arise amongst preemptively scheduled groups.

Abstract translation: 操作系统将抢占式调度与协作或非优先级调度相结合。 特别是任务分为相互依赖的任务组。 每个组包括不应相对于彼此同步运行的任务。 操作系统中的调度器为每个组提供处理器时间的时隙。 组内的任务协调调度，以利用分配给组的时隙。 保持模块和任务之间的依赖关系，以确保在预先安排的组之间不会出现困难。

公开(公告)号：US5666523A

公开(公告)日：1997-09-09

申请号：US553824

申请日：1995-11-06

Applicant: David D'Souza

Inventor： David D'Souza

IPC: G06F9/46 ,  G06F9/48

CPC classification number: G06F9/4843 ,  G06F9/52

Abstract: A method and system for reducing context switches when distributing input to applications are provided. When input is received, it is stored in a system input queue. A system thread distributes the input stored in the system input queue to appropriate thread input queues. Before the system thread can execute code to process system input, the system thread must obtain ownership of a synchronization mechanism. To eliminate unnecessary context switches, the operating system determines whether the synchronization mechanism is already owned before scheduling the system thread to execute and performing a context switch from the context of the currently executing thread to the context of the system thread. If the synchronization mechanism is not already owned, the system thread is granted ownership and distributes the input stored in the system input queue to the appropriate thread input queues. If the synchronization mechanism is already owned, the thread that already owns the synchronization mechanism distributes the input stored in the system input queue to the appropriate thread input queues.

Abstract translation: 提供了一种在向应用程序分发输入时减少上下文切换的方法和系统。 当接收到输入时，它被存储在系统输入队列中。 系统线程将存储在系统输入队列中的输入分配到适当的线程输入队列。 在系统线程可以执行代码来处理系统输入之前，系统线程必须获得同步机制的所有权。 为了消除不必要的上下文切换，操作系统在调度系统线程执行并执行从当前执行的线程的上下文到系统线程的上下文之间的上下文切换之前，确定同步机制是否已经拥有。 如果同步机制尚未拥有，系统线程将被授予所有权，并将存储在系统输入队列中的输入分配给相应的线程输入队列。 如果同步机制已经拥有，则已拥有同步机制的线程将存储在系统输入队列中的输入分配到适当的线程输入队列。

公开(公告)号：US07743421B2

公开(公告)日：2010-06-22

申请号：US11132118

申请日：2005-05-18

Applicant: Francois J. N. Cosquer ,  Bertrand Marquet ,  Robert W. MacIntosh ,  Yvon Leclerc ,  Scott David D'Souza

Inventor： Francois J. N. Cosquer ,  Bertrand Marquet ,  Robert W. MacIntosh ,  Yvon Leclerc ,  Scott David D'Souza

IPC: G06F21/00 ,  G06F15/16 ,  G06F11/30

CPC classification number: H04L63/1416 ,  H04L63/1441

Abstract: Communication network security risk exposure management systems and methods are disclosed. Risks to a communication network are determined by analyzing assets of the communication network and vulnerabilities affecting the assets. Assets may include physical assets such as equipment or logical assets such as software or data. Risk analysis may be adapted to assess risks to a particular feature of a communication network by analyzing assets of the communication network which are associated with that feature and one or more of vulnerabilities which affect the feature and vulnerabilities which affect the assets associated with the feature. A feature may be an asset itself or a function or service offered in the network and supported by particular assets, for example.

Abstract translation: 披露了通信网络安全风险管理系统和方法。 通信网络的风险是通过分析通信网络的资产和影响资产的漏洞来确定的。 资产可能包括物理资产，如设备或逻辑资产，如软件或数据。 可以通过分析与该特征相关联的通信网络的资产以及影响影响与特征相关联的资产的特征和漏洞的一个或多个漏洞来评估风险分析来评估通信网络的特定特征的风险。 特征可以是资产本身或网络中提供并由特定资产支持的功能或服务。

公开(公告)号：US07526803B2

公开(公告)日：2009-04-28

申请号：US10713035

申请日：2003-11-17

Applicant: Scott David D'Souza ,  Dmitri Vinokurov

Inventor： Scott David D'Souza ,  Dmitri Vinokurov

IPC: G06F21/00

CPC classification number: H04L63/1458 ,  H04L29/06027 ,  H04L65/1006 ,  H04L65/1079

Abstract: A method and apparatus directed to detecting DoS (denial of service) attacks against SIP enabled devices. A substantial imbalance between an accounting of SIP INVITE (INV) and SIP 180 Ringing (N180) messages indicates a DoS attack. Preferably the number (H) of INVITE messages including credentials (INVc) that are sent from a user client in response to a 407 Authentication Required message from a proxy server are removed from the accounting before the balance is tested. If the equation INVo+INVc−H=N180 (where INVo is the number of INVITE messages without credentials) is not true within a small margin of error then the presence of a current DoS attack on the proxy server is indicated by the inequality.

Abstract translation: 一种用于检测针对SIP使能设备的DoS（拒绝服务）攻击的方法和装置。 SIP INVITE（INV）和SIP 180 Ringing（N180）消息的计费之间的实质性不平衡表示DoS攻击。 优选地，在平衡被测试之前，包括从用户客户端响应于来自代理服务器的407认证必需消息发送的凭证（INVc）的INVITE消息的数量（H）从计帐中移除。 如果方程式INVo + INVc-H = N180（其中INVo是没有凭证的INVITE消息的数量）在错误的小范围内不是真的，则代理服务器上当前DoS攻击的存在由不等式指示。

公开(公告)号：US07284272B2

公开(公告)日：2007-10-16

申请号：US10158115

申请日：2002-05-31

Applicant: Brett Howard ,  Jean-Marc Robert ,  Paul Kierstead ,  Scott David D'Souza

Inventor： Brett Howard ,  Jean-Marc Robert ,  Paul Kierstead ,  Scott David D'Souza

IPC: G06F11/00 ,  G06F9/00

CPC classification number: H04L63/1408 ,  H04L63/1458

Abstract: Methods of preventing flooding-type denial-of-service attacks in a computer-based network are described. Connection establishing messages known as SYN packets are matched with connection terminating messages (FIN packets) by using a hash algorithm. The hash algorithm or message digest uses source and destination IP addresses, port numbers, and a secret key as input parameters. The SYN packets and FIN packets are mapped to buckets using the hash algorithm and statistics are maintained for each bucket. A correspondence between SYN packets and FIN packets is maintained to close a security hole.

Abstract translation: 描述了在基于计算机的网络中防止洪泛型拒绝服务攻击的方法。 通过使用散列算法，将连接建立消息称为SYN数据包与连接终止消息（FIN数据包）进行匹配。 散列算法或消息摘要使用源和目标IP地址，端口号和密钥作为输入参数。 使用散列算法将SYN数据包和FIN数据包映射到存储桶，并为每个存储桶维护统计信息。 保持SYN数据包与FIN数据包之间的对应关系，以关闭安全漏洞。

公开(公告)号：US07254713B2

公开(公告)日：2007-08-07

申请号：US10659341

申请日：2003-09-11

Applicant: Scott David D'Souza

Inventor： Scott David D'Souza

IPC: G06F1/24

CPC classification number: H04L63/1441 ,  H04L63/1458

Abstract: Systems and methods of mitigating DOS attacks on a victim node in a computer based communication system are presented. According to the methods a node such as a router upstream from the victim analyzes traffic flow directed to the victim node and if a pattern indicating a possible attack is detected a notification to the effect is sent to the victim node. The victim can either ignore the notification or chose to suggest or request attack mitigation measures be implemented by the upstream router. Alternatively the upstream router can implement attack mitigation measures without waiting for input from the victim node.

Abstract translation: 介绍了在基于计算机的通信系统中减轻受害者节点上DOS攻击的系统和方法。 根据方法，诸如来自受害者上游的路由器的节点分析指向受害节点的业务流，并且如果检测到指示可能的攻击的模式，则向该受害节点发送通知。 受害者可以忽略该通知，也可以选择建议或请求由上游路由器实施的攻击缓解措施。 或者，上游路由器可以在不等待受害节点的输入的情况下实现攻击缓解措施。

公开(公告)号：US07114182B2

公开(公告)日：2006-09-26

申请号：US10158116

申请日：2002-05-31

Applicant: Jean-Marc Robert ,  Brett Howard ,  Paul Kierstead ,  Scott David D'Souza

Inventor： Jean-Marc Robert ,  Brett Howard ,  Paul Kierstead ,  Scott David D'Souza

IPC: G06F11/22 ,  H04L9/00

CPC classification number: H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1458

Abstract: Methods of detecting TCP SYN flooding attacks at a router located between a LAN and a network such as the Internet are described. The methods rely on a counting arrangement in which SYN and Fin packets are counted on both the LAN side and the network or Internet side of the router during a time interval. Weighting factors are applied to each count, the factor for the LAN side count having the opposite polarity to the factor for the network side count. The absolute values of the sums of the weighting factors of like polarity are equal. An abnormal number of unsuccessful connection attempts are determined based on a parameter calculated using the weighting factors in conjunction with the respective counts.

公开(公告)号：US07073170B2

公开(公告)日：2006-07-04

申请号：US11085673

申请日：2005-03-21

Applicant: Michael J. Grier ,  Sanjay G. Shenoy ,  RoseMarie FitzSimons ,  David D'Souza ,  Srivatsan Parthasarathy ,  Michael Dunn ,  Alan Shi

Inventor： Michael J. Grier ,  Sanjay G. Shenoy ,  RoseMarie FitzSimons ,  David D'Souza ,  Srivatsan Parthasarathy ,  Michael Dunn ,  Alan Shi

IPC: G06F9/44

CPC classification number: G06F8/54 ,  G06F8/71 ,  G06F9/44536

Abstract: A method, system and infrastructure that allow an application to run with specified versions of assemblies bound thereto, while allowing the application author, assembly publisher and/or an administrator to change the originally-specified version as desired. Each assembly may exist and run side-by-side on the system with other versions of the same assembly being used by other applications. An application manifest specifies any desired assembly versions, which may be redirected to another version (overridden) by an application configuration. A publisher configuration provided by an assembly publisher can similarly override the specified version. Lastly, an administrator configuration is capable of overriding other configuration versioning information. A table built from the manifest and any configuration redirection may be accessed during execution to quickly locate the appropriate version. The various configuration data structures themselves may be wrapped as assemblies, thereby enabling versioning of configurations.

Abstract translation: 允许应用程序以绑定到其中的程序集的指定版本运行的方法，系统和基础架构，同时允许应用程序作者，程序集发行人和/或管理员根据需要更改原始指定的版本。 每个组件可能存在并且并行运行在系统上，而其他应用程序正在使用相同组件的其他版本。 应用程序清单指定任何所需的程序集版本，它们可能被应用程序配置重定向到另一个版本（被覆盖）。 程序集发布者提供的发布者配置可以同样覆盖指定的版本。 最后，管理员配置能够覆盖其他配置版本控制信息。 可以在执行期间访问从清单构建的表和任何配置重定向，以快速找到适当的版本。 各种配置数据结构本身可以被包装成组件，从而实现配置的版本化。