公开(公告)号：US20100100970A1

公开(公告)日：2010-04-22

申请号：US12640098

申请日：2009-12-17

申请人： Rahul Roy-Chowdhury ,  E. John Sebes ,  Jay Vaishnav

发明人： Rahul Roy-Chowdhury ,  E. John Sebes ,  Jay Vaishnav

IPC分类号： G06F21/00

CPC分类号： H04L63/102 ,  G06F8/65 ,  G06F8/70 ,  G06F8/71 ,  G06F21/55 ,  G06F21/57 ,  G06F2221/2101 ,  G06Q10/06 ,  H04L67/26 ,  H04L67/34

摘要： On a host, host content change requests are intercepted in real-time. In a tracking mode, the change requests are logged and allowed to take effect on the host. In an enforcement mode, the change requests are logged and additionally compared against authorized change policies and a determination is made whether to allow the change to take effect or to block the changes, thereby enforcing the authorized change policies on the host. Tracking and enforcement can be done in real-time. In either mode and at any time, the logged changes can be reconciled against a set of approved change orders in order to identify classes of changes, including changes that were deployed but not approved and changes that were approved but not deployed.

摘要翻译： 在主机上，主机内容更改请求被实时拦截。 在跟踪模式下，更改请求被记录并允许在主机上生效。 在执行模式下，记录更改请求，并与授权的更改策略进行比较，并确定是否允许更改生效或阻止更改，从而在主机上执行授权的更改策略。 跟踪和执行可以实时完成。 在任一模式和任何时间，记录的更改可以与一组已批准的更改订单进行对帐，以识别更改类别，包括部署但未批准的更改以及已批准但未部署的更改。

公开(公告)号：US08234713B2

公开(公告)日：2012-07-31

申请号：US12640098

申请日：2009-12-17

申请人： Rahul Roy-Chowdhury ,  E. John Sebes ,  Jay Vaishnav

发明人： Rahul Roy-Chowdhury ,  E. John Sebes ,  Jay Vaishnav

IPC分类号： H04L9/32

CPC分类号： H04L63/102 ,  G06F8/65 ,  G06F8/70 ,  G06F8/71 ,  G06F21/55 ,  G06F21/57 ,  G06F2221/2101 ,  G06Q10/06 ,  H04L67/26 ,  H04L67/34

摘要： On a host, host content change requests are intercepted in real-time. In a tracking mode, the change requests are logged and allowed to take effect on the host. In an enforcement mode, the change requests are logged and additionally compared against authorized change policies and a determination is made whether to allow the change to take effect or to block the changes, thereby enforcing the authorized change policies on the host. Tracking and enforcement can be done in real-time. In either mode and at any time, the logged changes can be reconciled against a set of approved change orders in order to identify classes of changes, including changes that were deployed but not approved and changes that were approved but not deployed.

摘要翻译： 在主机上，主机内容更改请求被实时拦截。 在跟踪模式下，更改请求被记录并允许在主机上生效。 在执行模式下，记录更改请求，并与授权的更改策略进行比较，并确定是否允许更改生效或阻止更改，从而在主机上执行授权的更改策略。 跟踪和执行可以实时完成。 在任一模式和任何时间，记录的更改可以与一组已批准的更改订单进行对帐，以识别更改类别，包括部署但未批准的更改以及已批准但未部署的更改。

公开(公告)号：US07757269B1

公开(公告)日：2010-07-13

申请号：US11346741

申请日：2006-02-02

申请人： Rahul Roy-Chowdhury ,  E. John Sebes ,  Jay Vaishnav

发明人： Rahul Roy-Chowdhury ,  E. John Sebes ,  Jay Vaishnav

IPC分类号： H04L9/00 ,  H04L9/32

CPC分类号： H04L63/102 ,  G06F8/65 ,  G06F8/70 ,  G06F8/71 ,  G06F21/55 ,  G06F21/57 ,  G06F2221/2101 ,  G06Q10/06 ,  H04L67/26 ,  H04L67/34

摘要： On a host, host content change requests are intercepted in real-time. In a tracking mode, the change requests are logged and allowed to take effect on the host. In an enforcement mode, the change requests are logged and additionally compared against authorized change policies and a determination is made whether to allow the change to take effect or to block the changes, thereby enforcing the authorized change policies on the host. Tracking and enforcement can be done in real-time. In either mode and at any time, the logged changes can be reconciled against a set of approved change orders in order to identify classes of changes, including changes that were deployed but not approved and changes that were approved but not deployed.

摘要翻译： 在主机上，主机内容更改请求被实时拦截。 在跟踪模式下，更改请求被记录并允许在主机上生效。 在执行模式下，记录更改请求，并与授权的更改策略进行比较，并确定是否允许更改生效或阻止更改，从而在主机上执行授权的更改策略。 跟踪和执行可以实时完成。 在任一模式和任何时间，记录的更改可以与一组已批准的更改订单进行对帐，以识别更改类别，包括部署但未批准的更改以及已批准但未部署的更改。

公开(公告)号：US20140317592A1

公开(公告)日：2014-10-23

申请号：US14257770

申请日：2014-04-21

申请人： Rahul Roy-Chowdhury ,  E. John Sebes ,  Jay Vaishnav

发明人： Rahul Roy-Chowdhury ,  E. John Sebes ,  Jay Vaishnav

IPC分类号： G06F9/44

CPC分类号： H04L63/102 ,  G06F8/65 ,  G06F8/70 ,  G06F8/71 ,  G06F21/55 ,  G06F21/57 ,  G06F2221/2101 ,  G06Q10/06 ,  H04L67/26 ,  H04L67/34

摘要： On a host, host content change requests are intercepted in real-time. In a tracking mode, the change requests are logged and allowed to take effect on the host. In an enforcement mode, the change requests are logged and additionally compared against authorized change policies and a determination is made whether to allow the change to take effect or to block the changes, thereby enforcing the authorized change policies on the host. Tracking and enforcement can be done in real-time. In either mode and at any time, the logged changes can be reconciled against a set of approved change orders in order to identify classes of changes, including changes that were deployed but not approved and changes that were approved but not deployed.

摘要翻译： 在主机上，主机内容更改请求被实时拦截。 在跟踪模式下，更改请求被记录并允许在主机上生效。 在执行模式下，记录更改请求，并与授权的更改策略进行比较，并确定是否允许更改生效或阻止更改，从而在主机上执行授权的更改策略。 跟踪和执行可以实时完成。 在任一模式和任何时间，记录的更改可以与一组已批准的更改订单进行对帐，以识别更改类别，包括部署但未批准的更改以及已批准但未部署的更改。

公开(公告)号：US08352930B1

公开(公告)日：2013-01-08

申请号：US11379953

申请日：2006-04-24

申请人： E. John Sebes ,  Jay Vaishnav

发明人： E. John Sebes ,  Jay Vaishnav

IPC分类号： G06F9/44 ,  G06F9/445 ,  G06F17/28

CPC分类号： G06F8/65

摘要： A method is employed to group computers to facilitate application of a software modification to the computers. The method includes identifying a global set of computers to which it is desired to apply the software modification. Based on characteristics of software configurations of the computers of the identified global set, the computers of the identified global set are grouped into a plurality of clusters. Grouping the computers into a plurality of clusters includes processing syntactic information about the computers to identify the plurality of clusters and applying the software modification to the computers of the clusters. The software modification is applied with an adjustment for each cluster in an attempt to avoid software breakage of the computers of that cluster.

摘要翻译： 采用一种方法来分组计算机以便于对计算机应用软件修改。 该方法包括识别期望应用软件修改的全局计算机集合。 基于所识别的全局集合的计算机的软件配置的特征，所识别的全局集合的计算机被分组成多个集群。 将计算机分组成多个群集包括处理关于计算机的句法信息以识别多个群集并将该软件修改应用于群集的计算机。 软件修改应用于每个集群的调整，以避免软件破坏该集群的计算机。

公开(公告)号：US20120278853A1

公开(公告)日：2012-11-01

申请号：US13540448

申请日：2012-07-02

申请人： Rahul Roy-Chowdhury ,  E. John Sebes ,  Jay Vaishnav

发明人： Rahul Roy-Chowdhury ,  E. John Sebes ,  Jay Vaishnav

IPC分类号： G06F21/00

CPC分类号： H04L63/102 ,  G06F8/65 ,  G06F8/70 ,  G06F8/71 ,  G06F21/55 ,  G06F21/57 ,  G06F2221/2101 ,  G06Q10/06 ,  H04L67/26 ,  H04L67/34

摘要： On a host, host content change requests are intercepted in real-time. In a tracking mode, the change requests are logged and allowed to take effect on the host. In an enforcement mode, the change requests are logged and additionally compared against authorized change policies and a determination is made whether to allow the change to take effect or to block the changes, thereby enforcing the authorized change policies on the host. Tracking and enforcement can be done in real-time. In either mode and at any time, the logged changes can be reconciled against a set of approved change orders in order to identify classes of changes, including changes that were deployed but not approved and changes that were approved but not deployed.

摘要翻译： 在主机上，主机内容更改请求被实时拦截。 在跟踪模式下，更改请求被记录并允许在主机上生效。 在执行模式下，记录更改请求，并与授权的更改策略进行比较，并确定是否允许更改生效或阻止更改，从而在主机上执行授权的更改策略。 跟踪和执行可以实时完成。 在任一模式和任何时间，记录的更改可以与一组已批准的更改订单进行对帐，以识别更改类别，包括部署但未批准的更改以及已批准但未部署的更改。

公开(公告)号：US08707446B2

公开(公告)日：2014-04-22

申请号：US13540448

申请日：2012-07-02

申请人： Rahul Roy-Chowdhury ,  E. John Sebes ,  Jay Vaishnav

发明人： Rahul Roy-Chowdhury ,  E. John Sebes ,  Jay Vaishnav

IPC分类号： H04L9/32

CPC分类号： H04L63/102 ,  G06F8/65 ,  G06F8/70 ,  G06F8/71 ,  G06F21/55 ,  G06F21/57 ,  G06F2221/2101 ,  G06Q10/06 ,  H04L67/26 ,  H04L67/34

摘要： On a host, host content change requests are intercepted in real-time. In a tracking mode, the change requests are logged and allowed to take effect on the host. In an enforcement mode, the change requests are logged and additionally compared against authorized change policies and a determination is made whether to allow the change to take effect or to block the changes, thereby enforcing the authorized change policies on the host. Tracking and enforcement can be done in real-time. In either mode and at any time, the logged changes can be reconciled against a set of approved change orders in order to identify classes of changes, including changes that were deployed but not approved and changes that were approved but not deployed.

摘要翻译： 在主机上，主机内容更改请求被实时拦截。 在跟踪模式下，更改请求被记录并允许在主机上生效。 在执行模式下，记录更改请求，并与授权的更改策略进行比较，并确定是否允许更改生效或阻止更改，从而在主机上执行授权的更改策略。 跟踪和执行可以实时完成。 在任一模式和任何时间，记录的更改可以与一组已批准的更改订单进行对帐，以识别更改类别，包括部署但未批准的更改以及已批准但未部署的更改。

公开(公告)号：US08028340B2

公开(公告)日：2011-09-27

申请号：US12551673

申请日：2009-09-01

申请人： E. John Sebes ,  Rishi Bhargava ,  Dilip Naik

发明人： E. John Sebes ,  Rishi Bhargava ,  Dilip Naik

IPC分类号： H04L9/00

CPC分类号： G06F21/125

摘要： A method for providing solidified software in a computing environment includes creating a new reference for a function in a function table; copying an address of the function and associating the address with the new reference; replacing the address associated with an old reference of the function with a dummy address; and substituting each old reference in normal code with the new reference, where injected code is not able to execute in the computing environment. The function table entries can be further randomized by reordering the entries, introducing intermediate mappings, or providing non-operative entries. Alternatively, all or part of the code of the function can be copied and moved to a different storage location and associated with the new reference. The copied code can be further randomized by the insertion of dummy code, utilizing reverse peephole techniques, varying the size of the copied portion, or interleaving non-operative code.

摘要翻译： 一种用于在计算环境中提供固化软件的方法包括为功能表中的功能创建新的参考; 复制函数的地址并将地址与新引用相关联; 用虚拟地址替换与该功能的旧引用相关联的地址; 并用正常代码中的每个旧引用替换新的引用，其中注入的代码不能在计算环境中执行。 功能表条目可以通过重新排序条目，引入中间映射或提供非操作条目来进一步随机化。 或者，可以将功能的全部或部分代码复制并移动到不同的存储位置并与新引用相关联。 复制的代码可以通过插入伪代码进一步随机化，利用反向窥视技术，改变复制部分的大小或交织非操作代码。

公开(公告)号：US20110077948A1

公开(公告)日：2011-03-31

申请号：US12946081

申请日：2010-11-15

申请人： Rosen Sharma ,  Bakul Shah ,  E. John Sebes

发明人： Rosen Sharma ,  Bakul Shah ,  E. John Sebes

IPC分类号： G10L21/00

CPC分类号： G06F8/30 ,  G06F8/20 ,  G06F8/40 ,  G06F9/46 ,  G06F9/541 ,  G06F21/00 ,  G06F21/12 ,  G06F21/121 ,  G06F21/54 ,  G06F21/554 ,  G06F21/564 ,  G06F2209/542 ,  G06F2221/2105 ,  H04N21/8133

摘要： Client software is modified by a translator to use unique variant of linguistic interface of a service. An interceptor pre-processes subsequent client service requests from translated unique linguistic interface to standard linguistic interface implemented by service. Usage of linguistic interfaces of service is contained, rendering service incapable of executing arbitrary input, even if such input is crafted specifically for the service interface.

摘要翻译： 客户端软件被翻译者修改为使用服务的语言界面的独特变体。 拦截器预处理从翻译的独特语言界面到由服务实现的标准语言界面的后续客户端服务请求。 包含服务语言接口的使用，使服务不能执行任意输入，即使这样的输入是专门针对服务接口制定的。

公开(公告)号：US07870387B1

公开(公告)日：2011-01-11

申请号：US11400085

申请日：2006-04-07

申请人： Rishi Bhargava ,  E. John Sebes

发明人： Rishi Bhargava ,  E. John Sebes

IPC分类号： H04L29/06

CPC分类号： H04L63/102 ,  G06F21/52 ,  H04L63/0236

摘要： Techniques which allow definition and enforcement of program-based action authorization policies. On a computer, an action or execution attempt is intercepted in real-time. The subject process, the program file of the subject process, the attempted action and the object of the attempted action are determined. An authorization policy considering the program file indicates whether the attempted action is authorized or not. In a tracking mode, the attempted action and its authorization are logged and the attempted action is allowed to proceed. In an enforcement mode, unauthorized attempts are blocked and logged, thereby enforcing the authorization policy.

摘要翻译： 允许定义和执行基于程序的行动授权策略的技术。 在计算机上，实时拦截动作或执行尝试。 确定主题进程，主题进程的程序文件，尝试的动作和尝试动作的对象。 考虑到程序文件的授权策略指示尝试的操作是否被授权。 在跟踪模式中，记录尝试的操作及其授权，并允许尝试的操作继续。 在强制模式中，未经授权的尝试被阻止和记录，从而执行授权策略。