-
公开(公告)号:US07826396B2
公开(公告)日:2010-11-02
申请号:US11072525
申请日:2005-03-07
CPC分类号: H04L67/104 , H04L43/0858 , H04L43/0864 , H04L43/12 , H04L67/1046 , H04L67/1068
摘要: A method is provided for a host node in a computer network to determine its coordinates in a d-dimensional network space, comprising discovering an address of a peer node in the network, measuring network latency between the host node and the peer node, determining whether network latency has been measured for at least d+1 peer nodes, where, if network latency has not been measured for at least d+1 peer nodes, estimating the network coordinates of the host node, and where, if network latency has been measured for at least d+1 peer nodes, calculating the network coordinates of the host node using d+1 measured latencies.
摘要翻译: 提供了一种用于计算机网络中的主机节点来确定其在d维网络空间中的坐标的方法,包括发现网络中的对等节点的地址,测量主机节点和对等节点之间的网络等待时间,确定是否 已经对至少d + 1个对等节点测量了网络延迟,其中,如果尚未对至少d + 1个对等节点进行网络延迟测量,则估计主机节点的网络坐标,以及如果已经测量了网络延迟 对于至少d + 1个对等节点,使用d + 1测量的延迟来计算主机节点的网络坐标。
-
公开(公告)号:US07634812B2
公开(公告)日:2009-12-15
申请号:US11095287
申请日:2005-03-30
申请人: Manuel Costa , Miguel Castro , Antony Rowstron , Jon Crowcroft
发明人: Manuel Costa , Miguel Castro , Antony Rowstron , Jon Crowcroft
IPC分类号: G06F12/14
CPC分类号: G06F21/57 , G06F21/552
摘要: A containment system may include a protection system which may protect the computing device from future attacks. For example, a patch may be automatically generated which resolves a detected vulnerability in a program. IN another example, a filter may be automatically generated which filters actions and/or messages which take advantage of a detected vulnerability in a program.
摘要翻译: 遏制系统可以包括可以保护计算设备免受未来攻击的保护系统。 例如,可以自动生成修补程序,以解决程序中检测到的漏洞。 在另一示例中,可以自动生成过滤器,其过滤利用程序中检测到的漏洞的动作和/或消息。
-
公开(公告)号:US20070006314A1
公开(公告)日:2007-01-04
申请号:US11095291
申请日:2005-03-30
申请人: Manuel Costa , Miguel Castro , Antony Rowstron , Jon Crowcroft
发明人: Manuel Costa , Miguel Castro , Antony Rowstron , Jon Crowcroft
IPC分类号: G06F11/00
CPC分类号: H04L63/1433 , G06F21/554 , G06F21/577 , H04L63/1416
摘要: A containment system may include generating and/or sending an alert as the basis for safely sharing knowledge about detected worms. An alert may contain information that proves that a given program has a vulnerability. The alert may be self-certifying such that its authenticity may be independently verified by a computing system.
摘要翻译: 遏制系统可以包括生成和/或发送警报作为安全地分享关于检测到的蠕虫的知识的基础。 警报可能包含证明给定程序有漏洞的信息。 警报可以是自我认证的,使得其真实性可以由计算系统独立地验证。
-
公开(公告)号:US20110138476A1
公开(公告)日:2011-06-09
申请号:US12633326
申请日:2009-12-08
申请人: Richard John Black , Paul Barham , Manuel Costa , Marcus Peinado , Jean-Philippe Martin , Periklis Akritidis , Austin Donnelly , Miguel Castro
发明人: Richard John Black , Paul Barham , Manuel Costa , Marcus Peinado , Jean-Philippe Martin , Periklis Akritidis , Austin Donnelly , Miguel Castro
IPC分类号: G06F21/22
CPC分类号: G06F21/53 , G06F9/468 , G06F12/1483 , G06F21/54 , G06F21/57 , G06F2221/2141 , G06F2221/2149 , H04L63/101
摘要: Software fault isolation methods using byte-granularity memory protection are described. In an embodiment, untrusted drivers or other extensions to a software system are run in a separate domain from the host portion of the software system, but share the same address space as the host portion. Calls between domains are mediated using an interposition library and access control data is maintained for substantially each byte of relevant virtual address space. Instrumentation added to the untrusted extension at compile-time, before load-time, or at runtime and added by the interposition library enforces the isolation between domains, for example by adding access right checks before any writes or indirect calls and by redirecting function calls to call wrappers in the interposition library. The instrumentation also updates the access control data to grant and revoke access rights on a fine granularity according to the semantics of the operation being invoked.
摘要翻译: 描述了使用字节粒度内存保护的软件故障隔离方法。 在一个实施例中,软件系统的不受信任的驱动程序或其他扩展在与软件系统的主机部分分开的域中运行,但是与主机部分共享相同的地址空间。 域之间的调用使用插入库进行调用,并且访问控制数据基本上维持相关虚拟地址空间的每个字节。 在编译期间,在加载时间之前或在运行时添加到不可信扩展的仪器,在插入库中添加的这些扩展可以强制实现域之间的隔离,例如在任何写入或间接调用之前添加访问权限检查,并通过重定向函数调用 在插页库中调用包装器。 仪器还会更新访问控制数据,根据正在调用的操作的语义,以精细粒度授予和撤销访问权限。
-
公开(公告)号:US20110004677A1
公开(公告)日:2011-01-06
申请号:US12883346
申请日:2010-09-16
IPC分类号: G06F15/177
CPC分类号: H04L67/104 , H04L43/0858 , H04L43/0864 , H04L43/12 , H04L67/1046 , H04L67/1068
摘要: A method is provided for a host node in a computer network to determine its coordinates in a d-dimensional network space, comprising discovering an address of a peer node in the network, measuring network latency between the host node and the peer node, determining whether network latency has been measured for at least d+1 peer nodes, where, if network latency has not been measured for at least d+1 peer nodes, estimating the network coordinates of the host node, and where, if network latency has been measured for at least d+1 peer nodes, calculating the network coordinates of the host node using d+1 measured latencies.
摘要翻译: 提供了一种用于计算机网络中的主机节点来确定其在d维网络空间中的坐标的方法,包括发现网络中的对等节点的地址,测量主机节点和对等节点之间的网络等待时间,确定是否 已经对至少d + 1个对等节点测量了网络延迟,其中,如果尚未对至少d + 1个对等节点进行网络延迟测量,则估计主机节点的网络坐标,以及如果已经测量了网络延迟 对于至少d + 1个对等节点,使用d + 1测量的延迟来计算主机节点的网络坐标。
-
公开(公告)号:US07634813B2
公开(公告)日:2009-12-15
申请号:US11095291
申请日:2005-03-30
申请人: Manuel Costa , Miguel Castro , Antony Rowstron , Jon Crowcroft
发明人: Manuel Costa , Miguel Castro , Antony Rowstron , Jon Crowcroft
IPC分类号: G06F12/14
CPC分类号: H04L63/1433 , G06F21/554 , G06F21/577 , H04L63/1416
摘要: A containment system may include generating and/or sending an alert as the basis for safely sharing knowledge about detected worms. An alert may contain information that proves that a given program has a vulnerability. The alert may be self-certifying such that its authenticity may be independently verified by a computing system.
摘要翻译: 遏制系统可以包括生成和/或发送警报作为安全地分享关于检测到的蠕虫的知识的基础。 警报可能包含证明给定程序有漏洞的信息。 警报可以是自我认证的,使得其真实性可以由计算系统独立地验证。
-
公开(公告)号:US07603715B2
公开(公告)日:2009-10-13
申请号:US11096054
申请日:2005-03-30
申请人: Manuel Costa , Miguel Castro , Antony Rowstron , Jon Crowcroft
发明人: Manuel Costa , Miguel Castro , Antony Rowstron , Jon Crowcroft
IPC分类号: G06F12/14
CPC分类号: G06F21/566 , H04L63/1416
摘要: One aspect of the invention is a vulnerability detection mechanism that can detect a large class of attacks through dynamic dataflow analysis. Another aspect of the invention includes self-certifying alerts as the basis for safely sharing knowledge about worms. Another aspect of the invention is a resilient and self-organizing protocol to propagate alerts to all non-infected nodes in a timely fashion, even when under active attack during a worm outbreak. Another aspect of the invention is a system architecture that enables a large number of mutually untrusting computers to collaborate in the task of stopping a previously unknown worm, even when the worm is spreading rapidly and exploiting unknown vulnerabilities in popular software packages.
摘要翻译: 本发明的一个方面是可以通过动态数据流分析来检测大类攻击的漏洞检测机制。 本发明的另一方面包括自我认证警报作为安全地共享关于蠕虫的知识的基础。 本发明的另一方面是一种弹性和自组织协议,即使在蠕虫爆发期间受到主动攻击时,也可以及时向所有非感染节点传播警报。 本发明的另一方面是使得大量相互不信任的计算机能够在停止以前未知的蠕虫的任务中进行协作,即使当蠕虫迅速传播并利用流行的软件包中的未知的漏洞时。
-
公开(公告)号:US20090132861A1
公开(公告)日:2009-05-21
申请号:US11941272
申请日:2007-11-16
IPC分类号: G06F11/36
CPC分类号: G06F11/366 , G06F11/0748 , G06F11/0778 , G06F11/3636
摘要: Methods and apparatus for generating error reports with enhanced privacy are described. In an embodiment the error is triggered by an input to a software program. An error report is generated by identifying conditions on an input to the program which ensure that, for any input which satisfies the conditions, the software program will follow the same execution path such that the error can be reproduced. The error report may include these conditions or may include a new input generated using the conditions.
摘要翻译: 描述用于生成具有增强的隐私的错误报告的方法和装置。 在一个实施例中,错误由对软件程序的输入触发。 通过识别程序输入上的条件来生成错误报告,该条件确保对于满足条件的任何输入,软件程序将遵循相同的执行路径,从而可以再现错误。 错误报告可能包括这些条件,或者可能包括使用条件生成的新输入。
-
-
-
-
-
-
-
搜索结果
28 条记录 (耗时 0.025 秒)
