公开(公告)号：US09009459B1

公开(公告)日：2015-04-14

申请号：US13418332

申请日：2012-03-12

申请人： Carey Nachenberg ,  Fanglu Guo ,  Susanta Nanda ,  Sandeep Bhatkar ,  Darren Shou ,  Marc Dacier

发明人： Carey Nachenberg ,  Fanglu Guo ,  Susanta Nanda ,  Sandeep Bhatkar ,  Darren Shou ,  Marc Dacier

IPC分类号： G06F15/16 ,  G06F21/56

CPC分类号： G06F21/56 ,  G06F21/568 ,  H04L63/1483

摘要： A computer-implemented method for neutralizing file-format-specific exploits contained within electronic communications may include (1) identifying an electronic communication, (2) identifying at least one file contained within the electronic communication, and then (3) neutralizing any file-format-specific exploits contained within the file. In one example, neutralizing any file-format-specific exploits contained within the file may include applying at least one file-format-conversion operation to the file. Additionally or alternatively, neutralizing any file-format-specific exploits contained within the file may include constructing a sterile version of the file that selectively omits at least a portion of any exploitable content contained within the file. Various other methods, systems, and computer-readable media are also disclosed.

摘要翻译： 用于中和电子通信中包含的文件格式特定漏洞的计算机实现的方法可以包括（1）识别电子通信，（2）识别包含在电子通信中的至少一个文件，然后（3）中和任何文件 - 文件中包含的特定于格式的漏洞利用。 在一个示例中，中和文件中包含的任何文件格式特定的漏洞利用可能包括对文件应用至少一个文件格式转换操作。 另外或替代地，中和文件中包含的任何文件格式特定的漏洞利用可以包括构建文件的无菌版本，其选择性地省略包含在文件内的任何可利用内容的至少一部分。 还公开了各种其它方法，系统和计算机可读介质。

公开(公告)号：US08201255B1

公开(公告)日：2012-06-12

申请号：US12494792

申请日：2009-06-30

申请人： Carey Nachenberg

发明人： Carey Nachenberg

IPC分类号： G06F11/00

CPC分类号： G06F21/566 ,  G06F21/561

摘要： A hygiene-based determination of legitimacy of activities performed by applications on clients is performed. A receiving module receives, from a client, information regarding an application that is performing an activity on the client. A hygiene score module determines a score distribution for hygiene scores of other clients on which the same type of application has performed the same activity. A correlation module correlates the activity being performed by the application on the client with the score distribution for hygiene scores. A reputation computation module computes, based on the correlation, a reputation score for the activity with respect to the application performing the activity. Finally, a legitimacy identification module identifies, based on the reputation score, whether the activity is an illegitimate activity for the application. Where the activity is illegitimate for the application, a malware management module can conduct various techniques for managing the application which is likely infected with malware.

摘要翻译： 执行基于卫生的确定由客户应用程序执行的活动的合法性。 接收模块从客户端接收关于在客户机上执行活动的应用的信息。 卫生评分模块确定相同类型的应用程序在其上执行相同活动的其他客户端的卫生得分的得分分布。 相关模块将由客户端上的应用程序执行的活动与卫生评分的分数分布相关联。 信誉计算模块基于相关性计算相对于执行活动的应用的活动的信誉评分。 最后，合法性识别模块根据信誉评分来识别活动是否是应用程序的非法活动。 如果活动对于应用程序是非法的，恶意软件管理模块可以执行各种管理可能感染恶意软件的应用程序的技术。

公开(公告)号：US20110067086A1

公开(公告)日：2011-03-17

申请号：US12559976

申请日：2009-09-15

申请人： Carey Nachenberg ,  Zulfikar Ramzan

发明人： Carey Nachenberg ,  Zulfikar Ramzan

IPC分类号： H04L9/32

CPC分类号： H04L63/08 ,  G06F21/33 ,  G06F21/552 ,  G06F21/56 ,  G06F21/577 ,  G06F2221/2101 ,  G06F2221/2111 ,  G06F2221/2115 ,  G06F2221/2117 ,  H04L63/105

摘要： To prevent gaming of a reputation system, a security token is generated for a security module using metadata about the client observed during the registration of the security module. The registration server selects metadata for use in generating the security token. The generated security token is provided to identify the client in later transactions. A security server may conduct a transaction with the client and observe metadata about the client during the transaction. The security server also extracts metadata from the security token. The security server correlates the observed metadata during the transaction with the extracted metadata from the security token. Based on the result of the correlation, a security policy is applied. As a result, the metadata in the security token enables stateless verification of the client.

摘要翻译： 为了防止信誉系统的游戏，使用在安全模块注册期间观察到的关于客户端的元数据，为安全模块生成安全令牌。 注册服务器选择用于生成安全令牌的元数据。 提供的生成的安全令牌用于在稍后的事务中标识客户机。 安全服务器可以与客户进行交易，并在交易期间观察有关客户端的元数据。 安全服务器还从安全令牌中提取元数据。 安全服务器将事务期间观察到的元数据与来自安全令牌的提取的元数据相关联。 基于相关性的结果，应用安全策略。 因此，安全令牌中的元数据使客户端能够进行无状态验证。

公开(公告)号：US07774313B1

公开(公告)日：2010-08-10

申请号：US11289148

申请日：2005-11-29

申请人： Carey Nachenberg

发明人： Carey Nachenberg

IPC分类号： G06F7/00

CPC分类号： G06F11/1471 ,  G06F11/1435 ,  G06F11/1464 ,  G06F2201/84

摘要： Policy-based performance of continuous data protection on protected data. A write request targeted to a portion of the protected data is detected. In addition, a journaling policy data structure(s) is accessed. The journaling policy data structure represents policy for how frequently to journal write request to a backup medium and/or what backup medium to journal write requests to depending on one or more characteristics of write request targets. The journaling policy data structure is then used to determine whether the write request should be presently journaled and/or to identify the backup medium that the write request should be journaled to based on the one or more characteristics of the portion of the protected data targeted by the write request. The journaling policy may, but need not, be selected so as to preserve storage and/or network bandwidth associated with the journaling process.

摘要翻译： 基于策略的性能对受保护数据的持续数据保护。 检测到针对受保护数据的一部分的写入请求。 另外，访问日志策略数据结构。 日志记录策略数据结构表示了根据写入请求目标的一个或多个特性来定期向备份介质写入请求的频率和/或用于日志写入请求的备份介质的策略。 然后使用日志策略数据结构来确定写入请求是否应该当前被日志记录和/或基于所针对的受保护数据的部分的一个或多个特性来识别写入请求应被记录的备份介质 写请求。 可以但是不需要选择日志策略来保留与日志记录过程相关联的存储和/或网络带宽。

公开(公告)号：US07406714B1

公开(公告)日：2008-07-29

申请号：US10632857

申请日：2003-07-31

申请人： Carey Nachenberg

发明人： Carey Nachenberg

IPC分类号： G08B23/00 ,  G06F11/00

CPC分类号： G06F21/6218 ,  G06F21/552

摘要： Methods, apparati, and computer-readable media for protecting computer code (1) from malicious retrievers (3). A method embodiment of the present invention comprises the steps of generating (22) retrieval information characteristic of data sent to a retriever (3) by the computer code (1) in response to a retrieval command (5) issued by the retriever (3); accessing at least one rule (6) using at least some of said retrieval information as an input to said at least one rule (6); and, when said at least one rule (6) informs that the retrieval is not acceptable, flagging (28) the retrieval command (5) as suspicious.

摘要翻译： 用于保护计算机代码（1）免受恶意检索器（3）的方法，设备和计算机可读介质。 本发明的方法实施例包括以下步骤：响应于由猎犬（3）发出的检索命令（5），产生（22）通过计算机代码（1）检索发送到检索者（3）的数据的特征信息， ; 使用至少一些所述检索信息来访问至少一个规则（6）作为对所述至少一个规则（6）的输入; 并且当所述至少一个规则（6）通知所述检索不可接受时，将检索命令（5）标记（28）为可疑。

公开(公告)号：US06230316B1

公开(公告)日：2001-05-08

申请号：US09062516

申请日：1998-04-17

申请人： Carey Nachenberg

发明人： Carey Nachenberg

IPC分类号： G06F945

CPC分类号： G06F8/658

摘要： Incremental updating of a file (100) that has been rebased or realigned is accomplished through the use of a canonical form (100B). In terms of rebasing, a canonical form (100B) is one that has been rebased to a predetermined base address (104). In one embodiment this predetermined base address (104) is zero. In terms of realigning, a canonical form (100B) is one that has been realigned in a predetermined way. In one embodiment, the segments (110) of the file (100) are realigned such that there is no gap (114) between the end of one segment (110) and the start of the next segment (110). In another embodiment, the segments (110) of the file (100) are realigned to page boundaries (112) of a predetermined size. An incremental update (124) for the file (100) is determined that transforms the file from the canonical form (100B) to the desired update form (100C). The process of updating the file (100) comprises transforming the file (100) to the canonical form (100B) and applying the incremental update (124) to the canonical form (100B).

摘要翻译： 通过使用规范形式（100B）来实现对已经重新定位或重新对准的文件（100）的增量更新。 在重新定位方面，规范形式（100B）是已经重新定位到预定基地址（104）的格式。 在一个实施例中，该预定基地址（104）为零。 在重新对齐方面，规范形式（100B）是以预定的方式重新排列的。 在一个实施例中，文件（100）的段（110）被重新对准，使得在一个段（110）的末端和下一段（110）的起始点之间没有间隙（114）。 在另一个实施例中，文件（100）的段（110）重新对准预定大小的页面边界（112）。 确定文件（100）的增量更新（124），其将文件从规范形式（100B）转换为期望的更新形式（100C）。 更新文件（100）的过程包括将文件（100）变换为规范形式（100B）并将增量更新（124）应用于规范形式（100B）。

公开(公告)号：US08181036B1

公开(公告)日：2012-05-15

申请号：US11537252

申请日：2006-09-29

申请人： Carey Nachenberg

发明人： Carey Nachenberg

IPC分类号： H04L29/06

CPC分类号： H04L63/1416 ,  H04L63/0227

摘要： Techniques are disclosed that enable extrusion detection (i.e., outgoing confidential information from an enterprise or other entity). The techniques operate to detect outgoing confidential information at the gateway and/or the client, even if that confidential information is encrypted, compressed, or otherwise obfuscated before transmission (e.g., via email or to a portable storage media such as a memory stick).

摘要翻译： 公开了能够进行挤出检测（即来自企业或其他实体的传出机密信息）的技术。 这些技术用于在网关和/或客户端处检测出去的机密信息，即使在传输之前（例如，经由电子邮件或诸如记忆棒的便携式存储介质）机密信息被加密，压缩或以其它方式混淆。

公开(公告)号：US08127360B1

公开(公告)日：2012-02-28

申请号：US11477231

申请日：2006-06-29

申请人： Jeffrey Wilhelm ,  Carey Nachenberg

发明人： Jeffrey Wilhelm ,  Carey Nachenberg

IPC分类号： H04L29/06

CPC分类号： G06F21/552

摘要： A method and apparatus for preventing leakage of sensitive information from a computer is described. The method includes identifying data entered into the computer system as sensitive data, tainting the sensitive data with at least one taint bit to form a tainted data, tracking the tainted data within the computer system and identifying at least one condition that compromises the security of the tainted data. The system is a computer system including taint analysis software for identifying data entered into the computer system as sensitive data, tainting the sensitive data with at least one taint bit to form a tainted data, tracking the tainted data within the computer system and identifying at least one condition that compromises the security of the tainted data.

摘要翻译： 描述了一种用于防止敏感信息从计算机泄露的方法和装置。 该方法包括将输入到计算机系统中的数据识别为敏感数据，用至少一个污染位污染敏感数据以形成污染数据，跟踪计算机系统内的污染数据，并且识别至少一种损害安全性的条件 污染数据。 该系统是包括污染分析软件的计算机系统，用于将输入到计算机系统中的数据识别为敏感数据，用至少一个污染位污染敏感数据以形成污染数据，跟踪计算机系统内的污染数据并至少识别 损害数据的安全性的一个条件。

公开(公告)号：US08127149B1

公开(公告)日：2012-02-28

申请号：US11477501

申请日：2006-06-29

申请人： Carey Nachenberg

发明人： Carey Nachenberg

IPC分类号： H04L29/06

CPC分类号： G06F21/6218 ,  G06F2221/2107

摘要： A method, system and computer-readable medium for encrypting a file on a computer system based on the content of the file. The method is setting an encryption policy, wherein the encryption policy is at least one attribute related to content of at least one file, scanning at least one file on a computer system for content, matching the content of the scanned at least one file to the at least one attribute set in the encryption policy and encrypting the scanned at least one file with a key in response to a match between the content of the scanned at least one file and the at least one attribute set in the encryption policy. The system is a computer system that includes policy-based encryption software that performs the steps embodied by the method.

摘要翻译： 一种用于基于文件的内容来加密计算机系统上的文件的方法，系统和计算机可读介质。 该方法是设置加密策略，其中加密策略是与至少一个文件的内容相关的至少一个属性，扫描计算机系统上的至少一个文件以获取内容，将所扫描的至少一个文件的内容与 加密策略中设置的至少一个属性，并且响应于所扫描的至少一个文件的内容与加密策略中设置的至少一个属性之间的匹配，用密钥对扫描的至少一个文件进行加密。 该系统是包括基于策略的加密软件的计算机系统，其执行该方法所体现的步骤。

公开(公告)号：US07861304B1

公开(公告)日：2010-12-28

申请号：US10841376

申请日：2004-05-07

申请人： Carey Nachenberg ,  Alex Weinstein

发明人： Carey Nachenberg ,  Alex Weinstein

IPC分类号： G06F11/00

CPC分类号： G06F21/564 ,  G06F17/30985

摘要： Methods, apparati, and computer-readable media for matching patterns of symbols within computer systems. A method embodiment of the present invention comprises composing (11) a pattern matching expression; and embedding (12) a function using storage means within the expression to form a character matching string. The expression may be a regular expression. The character matching string is compared (13) against a target string. The target string may be one that is suspected to contain malicious computer code.

摘要翻译： 用于匹配计算机系统内的符号模式的方法，装置和计算机可读介质。 本发明的方法实施例包括组合（11）模式匹配表达式; 并使用表达式中的存储装置嵌入（12）功能以形成字符匹配字符串。 表达式可以是正则表达式。 将字符匹配字符串与目标字符串进行比较（13）。 目标字符串可能是怀疑包含恶意计算机代码的字符串。