公开(公告)号：US08028340B2

公开(公告)日：2011-09-27

申请号：US12551673

申请日：2009-09-01

申请人： E. John Sebes ,  Rishi Bhargava ,  Dilip Naik

发明人： E. John Sebes ,  Rishi Bhargava ,  Dilip Naik

IPC分类号： H04L9/00

CPC分类号： G06F21/125

摘要： A method for providing solidified software in a computing environment includes creating a new reference for a function in a function table; copying an address of the function and associating the address with the new reference; replacing the address associated with an old reference of the function with a dummy address; and substituting each old reference in normal code with the new reference, where injected code is not able to execute in the computing environment. The function table entries can be further randomized by reordering the entries, introducing intermediate mappings, or providing non-operative entries. Alternatively, all or part of the code of the function can be copied and moved to a different storage location and associated with the new reference. The copied code can be further randomized by the insertion of dummy code, utilizing reverse peephole techniques, varying the size of the copied portion, or interleaving non-operative code.

摘要翻译： 一种用于在计算环境中提供固化软件的方法包括为功能表中的功能创建新的参考; 复制函数的地址并将地址与新引用相关联; 用虚拟地址替换与该功能的旧引用相关联的地址; 并用正常代码中的每个旧引用替换新的引用，其中注入的代码不能在计算环境中执行。 功能表条目可以通过重新排序条目，引入中间映射或提供非操作条目来进一步随机化。 或者，可以将功能的全部或部分代码复制并移动到不同的存储位置并与新引用相关联。 复制的代码可以通过插入伪代码进一步随机化，利用反向窥视技术，改变复制部分的大小或交织非操作代码。

公开(公告)号：US20090320140A1

公开(公告)日：2009-12-24

申请号：US12551673

申请日：2009-09-01

申请人： E. John Sebes ,  Rishi Bhargava ,  Dilip Naik

发明人： E. John Sebes ,  Rishi Bhargava ,  Dilip Naik

IPC分类号： G06F21/00

CPC分类号： G06F21/125

摘要： A method for providing solidified software in a computing environment includes creating a new reference for a function in a function table; copying an address of the function and associating the address with the new reference; replacing the address associated with an old reference of the function with a dummy address; and substituting each old reference in normal code with the new reference, where injected code is not able to execute in the computing environment. The function table entries can be further randomized by reordering the entries, introducing intermediate mappings, or providing non-operative entries. Alternatively, all or part of the code of the function can be copied and moved to a different storage location and associated with the new reference. The copied code can be further randomized by the insertion of dummy code, utilizing reverse peephole techniques, varying the size of the copied portion, or interleaving non-operative code.

摘要翻译： 一种用于在计算环境中提供固化软件的方法包括为功能表中的功能创建新的参考; 复制函数的地址并将地址与新引用相关联; 用虚拟地址替换与该功能的旧引用相关联的地址; 并用正常代码中的每个旧引用替换新的引用，其中注入的代码不能在计算环境中执行。 功能表条目可以通过重新排序条目，引入中间映射或提供非操作条目来进一步随机化。 或者，可以将功能的全部或部分代码复制并移动到不同的存储位置并与新引用相关联。 复制的代码可以通过插入伪代码进一步随机化，利用反向窥视技术，改变复制部分的大小或交织非操作代码。

公开(公告)号：US07603552B1

公开(公告)日：2009-10-13

申请号：US11122872

申请日：2005-05-04

申请人： E. John Sebes ,  Rishi Bhargava ,  Dilip Naik

发明人： E. John Sebes ,  Rishi Bhargava ,  Dilip Naik

IPC分类号： H04L9/00

CPC分类号： G06F21/125

摘要： A method for providing solidified software in a computing environment includes creating a new reference for a function in a function table; copying an address of the function and associating the address with the new reference; replacing the address associated with an old reference of the function with a dummy address; and substituting each old reference in normal code with the new reference, where injected code is not able to execute in the computing environment. The function table entries can be further randomized by reordering the entries, introducing intermediate mappings, or providing non-operative entries. Alternatively, all or part of the code of the function can be copied and moved to a different storage location and associated with the new reference. The copied code can be further randomized by the insertion of dummy code, utilizing reverse peephole techniques, varying the size of the copied portion, or interleaving non-operative code.

摘要翻译： 一种用于在计算环境中提供固化软件的方法包括为功能表中的功能创建新的参考; 复制函数的地址并将地址与新引用相关联; 用虚拟地址替换与该功能的旧引用相关联的地址; 并用正常代码中的每个旧引用替换新的引用，其中注入的代码不能在计算环境中执行。 功能表条目可以通过重新排序条目，引入中间映射或提供非操作条目来进一步随机化。 或者，可以将功能的全部或部分代码复制并移动到不同的存储位置并与新引用相关联。 复制的代码可以通过插入伪代码进一步随机化，利用反向窥视技术，改变复制部分的大小或交织非操作代码。

公开(公告)号：US07870387B1

公开(公告)日：2011-01-11

申请号：US11400085

申请日：2006-04-07

申请人： Rishi Bhargava ,  E. John Sebes

发明人： Rishi Bhargava ,  E. John Sebes

IPC分类号： H04L29/06

CPC分类号： H04L63/102 ,  G06F21/52 ,  H04L63/0236

摘要： Techniques which allow definition and enforcement of program-based action authorization policies. On a computer, an action or execution attempt is intercepted in real-time. The subject process, the program file of the subject process, the attempted action and the object of the attempted action are determined. An authorization policy considering the program file indicates whether the attempted action is authorized or not. In a tracking mode, the attempted action and its authorization are logged and the attempted action is allowed to proceed. In an enforcement mode, unauthorized attempts are blocked and logged, thereby enforcing the authorization policy.

摘要翻译： 允许定义和执行基于程序的行动授权策略的技术。 在计算机上，实时拦截动作或执行尝试。 确定主题进程，主题进程的程序文件，尝试的动作和尝试动作的对象。 考虑到程序文件的授权策略指示尝试的操作是否被授权。 在跟踪模式中，记录尝试的操作及其授权，并允许尝试的操作继续。 在强制模式中，未经授权的尝试被阻止和记录，从而执行授权策略。

公开(公告)号：US08307437B2

公开(公告)日：2012-11-06

申请号：US12944567

申请日：2010-11-11

申请人： E. John Sebes ,  Rishi Bhargava

发明人： E. John Sebes ,  Rishi Bhargava

IPC分类号： G06F7/40

CPC分类号： G06F21/51

摘要： A method and system for the classification of software in networked systems, includes: determining a software received by a sensor is attempting to execute on a computer system of the sensor; classifying the software as authorized or unauthorized to execute, and gathering information on the software by the sensor if the software is classified as unauthorized to execute. The sensor sends the information on the software to one or more actuators, which determine whether or not to act on one or more targets based on the information. If so, then the actuator sends a directive to the target(s). The target(s) updates its responses according to the directive. The classification of the software is definitive and is not based on heuristics or rules or policies and without any need to rely on any a priori information about the software.

摘要翻译： 一种用于网络系统中的软件分类的方法和系统，包括：确定由传感器接收的软件正在尝试在传感器的计算机系统上执行; 将软件分类为授权或未经授权执行，并且如果软件被分类为未经授权执行，则由传感器收集关于软件的信息。 传感器将软件上的信息发送到一个或多个执行器，这些执行器基于该信息确定是否对一个或多个目标进行操作。 如果是这样，则执行器向目标发送一个指令。 目标根据指令更新其响应。 软件的分类是确定性的，不是基于启发式或规则或策略，也不需要依赖任何有关该软件的先验信息。

公开(公告)号：US20110138461A1

公开(公告)日：2011-06-09

申请号：US13022148

申请日：2011-02-07

申请人： Rishi Bhargava ,  E. John Sebes

发明人： Rishi Bhargava ,  E. John Sebes

IPC分类号： G06F21/00

CPC分类号： G06F21/566 ,  G06F21/31 ,  G06F21/44 ,  G06F21/53 ,  G06F21/554 ,  G06F21/56 ,  G06F21/60 ,  G06F21/6218 ,  G06F2221/2149

摘要： A method is described to maintain (including generate) an inventory of a system of a plurality of containers accessible by a computer system. At least one container is considered to determine whether the container is executable in at least one of a plurality of execution environments characterizing the computer system. Each execution environment is in the group comprising a native binary execution environment configured to execute native machine language instructions and a non-native execution environment configured to execute at least one program to process non-native machine language instructions to yield native machine language instructions. The inventory is maintained based on a result of the considering step. The inventory may be used to exercise control over what executables are allowed to execute on the computer system.

摘要翻译： 描述了一种维护（包括生成）可由计算机系统访问的多个容器的系统的库存的方法。 考虑至少一个容器来确定容器是否在表征计算机系统的多个执行环境中的至少一个中是可执行的。 每个执行环境在包括被配置为执行本地机器语言指令的本地二进制执行环境的组中，以及被配置为执行至少一个程序以处理非本地机器语言指令以产生本地机器语言指令的非本地执行环境。 基于考虑步骤的结果维护库存。 库存可用于对计算机系统上允许执行的可执行文件进行控制。

公开(公告)号：US20130247027A1

公开(公告)日：2013-09-19

申请号：US11060683

申请日：2005-02-16

申请人： Bakul Shah ,  Rishi Bhargava ,  E. John Sebes

发明人： Bakul Shah ,  Rishi Bhargava ,  E. John Sebes

IPC分类号： G06F9/445

CPC分类号： G06F8/61 ,  G06F8/447

摘要： Techniques relating to the distribution and installation of solidified (or “frozen”) software on a computer are disclosed. Any additional software installed on the computer after the solidification process will not execute, regardless of whether the installation is initiated or otherwise performed by a person with administrative privilege. The installation of the solidified software can be carried out by installing pre-solidified software, by solidifying the software at the source code level and by solidifying the software by the compiler. The solidification can also be performed when software distributions are manufactured, for example on CDs, or as part of an installation procedure that can run and/or install differently each time. A business process for billing customers for the transfer or usage of solidified software is also disclosed.

摘要翻译： 公开了在计算机上分发和安装固化（或“冻结”）软件的技术。 在凝固过程之后，计算机上安装的任何其他软件将无法执行，无论安装是由启动还是以具有管理权限的人员执行。 固化软件的安装可以通过安装预固化软件，通过在源代码级别固化软件，并通过编译器固化软件来进行。 也可以在制作软件分发时进行固化，例如在CD上执行，也可以在每次可以运行和/或安装不同的安装过程的一部分进行。 还披露了用于计费客户转移或使用固化软件的业务流程。

公开(公告)号：US07895573B1

公开(公告)日：2011-02-22

申请号：US11277596

申请日：2006-03-27

申请人： Rishi Bhargava ,  E. John Sebes

发明人： Rishi Bhargava ,  E. John Sebes

IPC分类号： G06F9/44

CPC分类号： G06F21/6218 ,  G06F21/31 ,  G06F21/44 ,  G06F21/554 ,  G06F21/56 ,  G06F21/60 ,  G06F2221/2149

摘要： A method is described to maintain (including generate) an inventory of a system of a plurality of containers accessible by a computer system. At least one container is considered to determine whether the container is executable in at least one of a plurality of execution environments characterizing the computer system. Each execution environment is in the group comprising a native binary execution environment configured to execute native machine language instructions and a non-native execution environment configured to execute at least one program to process non-native machine language instructions to yield native machine language instructions. The inventory is maintained based on a result of the considering step. The inventory may be used to exercise control over what executables are allowed to execute on the computer system.

摘要翻译： 描述了一种维护（包括生成）可由计算机系统访问的多个容器的系统的库存的方法。 考虑至少一个容器来确定容器是否在表征计算机系统的多个执行环境中的至少一个中是可执行的。 每个执行环境在包括被配置为执行本地机器语言指令的本地二进制执行环境的组中，以及被配置为执行至少一个程序以处理非本地机器语言指令以产生本地机器语言指令的非本地执行环境。 基于考虑步骤的结果维护库存。 库存可用于对计算机系统上允许执行的可执行文件进行控制。

公开(公告)号：US20140101783A1

公开(公告)日：2014-04-10

申请号：US14045208

申请日：2013-10-03

申请人： Rishi Bhargava ,  E. John Sebes

发明人： Rishi Bhargava ,  E. John Sebes

IPC分类号： G06F21/60

CPC分类号： G06F21/6218 ,  G06F21/31 ,  G06F21/44 ,  G06F21/554 ,  G06F21/56 ,  G06F21/60 ,  G06F2221/2149

摘要： A method is described to maintain (including generate) an inventory of a system of a plurality of containers accessible by a computer system. At least one container is considered to determine whether the container is executable in at least one of a plurality of execution environments characterizing the computer system. Each execution environment is in the group comprising a native binary execution environment configured to execute native machine language instructions and a non-native execution environment configured to execute at least one program to process non-native machine language instructions to yield native machine language instructions. The inventory is maintained based on a result of the considering step. The inventory may be used to exercise control over what executables are allowed to execute on the computer system.

摘要翻译： 描述了一种维护（包括生成）可由计算机系统访问的多个容器的系统的库存的方法。 考虑至少一个容器来确定容器是否在表征计算机系统的多个执行环境中的至少一个中是可执行的。 每个执行环境在包括被配置为执行本地机器语言指令的本地二进制执行环境的组中，以及被配置为执行至少一个程序以处理非本地机器语言指令以产生本地机器语言指令的非本地执行环境。 基于考虑步骤的结果维护库存。 库存可用于对计算机系统上允许执行的可执行文件进行控制。

公开(公告)号：US08321932B2

公开(公告)日：2012-11-27

申请号：US12975745

申请日：2010-12-22

申请人： Rishi Bhargava ,  E. John Sebes

发明人： Rishi Bhargava ,  E. John Sebes

IPC分类号： G06F21/00

CPC分类号： H04L63/102 ,  G06F21/52 ,  H04L63/0236

摘要： Techniques which allow definition and enforcement of program-based action authorization policies. On a computer, an action or execution attempt is intercepted in real-time. The subject process, the program file of the subject process, the attempted action and the object of the attempted action are determined. An authorization policy considering the program file indicates whether the attempted action is authorized or not. In a tracking mode, the attempted action and its authorization are logged and the attempted action is allowed to proceed. In an enforcement mode, unauthorized attempts are blocked and logged, thereby enforcing the authorization policy.

摘要翻译： 允许定义和执行基于程序的行动授权策略的技术。 在计算机上，实时拦截动作或执行尝试。 确定主题进程，主题进程的程序文件，尝试的动作和尝试动作的对象。 考虑到程序文件的授权策略指示尝试的操作是否被授权。 在跟踪模式下，记录尝试的操作及其授权，并允许尝试的操作继续。 在强制模式中，未经授权的尝试被阻止和记录，从而执行授权策略。