-
公开(公告)号:US20130091568A1
公开(公告)日:2013-04-11
申请号:US13508314
申请日:2010-11-04
申请人: Monirul Islam Sharif , Wenke Lee
发明人: Monirul Islam Sharif , Wenke Lee
IPC分类号: G06F21/50
CPC分类号: G06F21/50 , G06F9/45558 , G06F21/6227 , G06F2009/45583 , G06F2009/45587
摘要: Security systems can provide secure and efficient in-VM monitoring. An exemplary security system can be built upon hardware virtualization features and can comprise a virtual machine having a plurality of standard virtual address spaces, as well as a hidden virtual address space. While the standard virtual address spaces can be directly accessible by a kernel in the virtual machine, the hidden virtual address space can be hidden from the kernel, which can be absent a virtual page table corresponding to the hidden virtual address space. A security monitor can reside in the hidden address space, monitoring the kernel without being modifiable by the kernel. A processor can transfer focus from the standard virtual address spaces to the hidden virtual address space only through predetermined entry gates, and the processor can transfer focus from the hidden virtual address space to the standard virtual address spaces only through predetermined exit gates.
摘要翻译: 安全系统可以提供安全有效的虚拟机内监控。 示例性的安全系统可以建立在硬件虚拟化特征上,并且可以包括具有多个标准虚拟地址空间的虚拟机以及隐藏的虚拟地址空间。 虽然标准虚拟地址空间可以由虚拟机中的内核直接访问,但隐藏的虚拟地址空间可以从内核隐藏,这可能不存在与隐藏的虚拟地址空间相对应的虚拟页面表。 安全监视器可以驻留在隐藏的地址空间中,监视内核而不被内核修改。 处理器可以仅通过预定的入口门将焦点从标准虚拟地址空间传送到隐藏的虚拟地址空间,并且处理器可以仅通过预定的出口将焦点从隐藏的虚拟地址空间传送到标准虚拟地址空间。
-
公开(公告)号:US08875303B2
公开(公告)日:2014-10-28
申请号:US13565304
申请日:2012-08-02
申请人: Ashish Bhatia , Min Gyung Kang , Monirul Islam Sharif , Niels Provos , Panayiotis Mavrommatis , Sruthi Bandhakavi
发明人: Ashish Bhatia , Min Gyung Kang , Monirul Islam Sharif , Niels Provos , Panayiotis Mavrommatis , Sruthi Bandhakavi
CPC分类号: G06F21/10 , G06F21/105 , G06F21/121 , G06F21/60 , G06Q50/184 , H04L2463/101
摘要: A method includes receiving a plurality of trusted assets, generating a first signature set for a known software application, and generating a second signature set for a subject software application. Each trusted asset is associated with at least a threshold number of trusted authors. Each signature in the first signature set corresponds to a known asset that is associated with the known software application. Each signature in the second signature set corresponds to a subject asset that is associated with the subject software application. The method further includes generating first and second filtered signature set based on the first and second signature sets, respectively, by excluding signatures corresponding to the trusted assets. The method also includes generating a similarity rating for the subject application based on a comparison of the first filtered signature set and the second filtered signature set.
摘要翻译: 一种方法包括接收多个可信资产,为已知软件应用生成第一签名集,以及为主题软件应用生成第二签名集。 每个可信资产与至少一个阈值数量的可信作者相关联。 第一签名集中的每个签名对应于与已知软件应用相关联的已知资产。 第二签名集中的每个签名对应于与主题软件应用相关联的主题资产。 该方法还包括通过排除与可信资产相对应的签名,分别基于第一和第二签名集来生成第一和第二过滤签名集。 该方法还包括基于第一过滤签名集和第二过滤签名集的比较来生成针对主题应用的相似性等级。
-
公开(公告)号:US09129106B2
公开(公告)日:2015-09-08
申请号:US13508314
申请日:2010-11-04
申请人: Monirul Islam Sharif , Wenke Lee
发明人: Monirul Islam Sharif , Wenke Lee
CPC分类号: G06F21/50 , G06F9/45558 , G06F21/6227 , G06F2009/45583 , G06F2009/45587
摘要: Security systems can provide secure and efficient in-VM monitoring. An exemplary security system can be built upon hardware virtualization features and can comprise a virtual machine having a plurality of standard virtual address spaces, as well as a hidden virtual address space. While the standard virtual address spaces can be directly accessible by a kernel in the virtual machine, the hidden virtual address space can be hidden from the kernel, which can be absent a virtual page table corresponding to the hidden virtual address space. A security monitor can reside in the hidden address space, monitoring the kernel without being modifiable by the kernel. A processor can transfer focus from the standard virtual address spaces to the hidden virtual address space only through predetermined entry gates, and the processor can transfer focus from the hidden virtual address space to the standard virtual address spaces only through predetermined exit gates.
摘要翻译: 安全系统可以提供安全有效的虚拟机内监控。 示例性的安全系统可以建立在硬件虚拟化特征上,并且可以包括具有多个标准虚拟地址空间的虚拟机以及隐藏的虚拟地址空间。 虽然标准虚拟地址空间可以由虚拟机中的内核直接访问,但隐藏的虚拟地址空间可以从内核隐藏,这可能不存在与隐藏的虚拟地址空间相对应的虚拟页面表。 安全监视器可以驻留在隐藏的地址空间中,监视内核而不被内核修改。 处理器可以仅通过预定的入口门将焦点从标准虚拟地址空间传送到隐藏的虚拟地址空间,并且处理器可以仅通过预定的出口将焦点从隐藏的虚拟地址空间传送到标准虚拟地址空间。
-
公开(公告)号:US20140041037A1
公开(公告)日:2014-02-06
申请号:US13565304
申请日:2012-08-02
申请人: Ashish Bhatia , Min Gyung Kang , Monirul Islam Sharif , Niels Provos , Panayiotis Mavrommatis , Sruthi Bandhakavi
发明人: Ashish Bhatia , Min Gyung Kang , Monirul Islam Sharif , Niels Provos , Panayiotis Mavrommatis , Sruthi Bandhakavi
IPC分类号: G06F21/00
CPC分类号: G06F21/10 , G06F21/105 , G06F21/121 , G06F21/60 , G06Q50/184 , H04L2463/101
摘要: A method includes receiving a plurality of trusted assets, generating a first signature set for a known software application, and generating a second signature set for a subject software application. Each trusted asset is associated with at least a threshold number of trusted authors. Each signature in the first signature set corresponds to a known asset that is associated with the known software application. Each signature in the second signature set corresponds to a subject asset that is associated with the subject software application. The method further includes generating first and second filtered signature set based on the first and second signature sets, respectively, by excluding signatures corresponding to the trusted assets. The method also includes generating a similarity rating for the subject application based on a comparison of the first filtered signature set and the second filtered signature set.
摘要翻译: 一种方法包括接收多个可信资产,为已知软件应用生成第一签名集,以及为主题软件应用生成第二签名集。 每个可信资产与至少一个阈值数量的可信作者相关联。 第一签名集中的每个签名对应于与已知软件应用相关联的已知资产。 第二签名集中的每个签名对应于与主题软件应用相关联的主题资产。 该方法还包括通过排除与可信资产相对应的签名,分别基于第一和第二签名集来生成第一和第二过滤签名集。 该方法还包括基于第一过滤签名集和第二过滤签名集的比较来生成针对主题应用的相似性等级。
-
-
-
搜索结果
4 条记录 (耗时 0.015 秒)
