摘要:
In various embodiments of the present invention, execution-state transitions occur in a first portion of a system, and a cumulative execution state for each process is maintained by a second portion of the system so that, when a second-portion routine is called, the second-portion routine can determine whether or not the current execution state is suitable for execution of the second-portion routine. In various embodiments, a callpoint log, allocated and maintained for each process, stores the cumulative execution state for the process. In one embodiment, the first portion is an operating system, and the second portion is a secure kernel, with the cumulative execution state used by the secure kernel to prevent unauthorized access by erroneously or maliciously invoked operating-system routines to secure kernel routines. In another embodiment, the cumulative execution state is used as a debugging tool by the second-portion routines to catch errors in the implementation of the first-portion routines.
摘要:
In various embodiments of the present invention, execution-state transitions occur in a first portion of a system, and a cumulative execution state for each process is maintained by a second portion of the system so that, when a second-portion routine is called, the second-portion routine can determine whether or not the current execution state is suitable for execution of the second-portion routine. In various embodiments, a callpoint log, allocated and maintained for each process, stores the cumulative execution state for the process. In one embodiment, the first portion is an operating system, and the second portion is a secure kernel, with the cumulative execution state used by the secure kernel to prevent unauthorized access by erroneously or maliciously invoked operating-system routines to secure kernel routines. In another embodiment, the cumulative execution state is used as a debugging tool by the second-portion routines to catch errors in the implementation of the first-portion routines.
摘要:
Embodiments of the present invention include a variety of different integrated, multi-tiered methods and systems for preventing various types of attacks on computer systems, including denial-of-service attacks and SYN-flood attacks. Components of these integrated methods and systems include probabilistic packet droppers, packet-rate throttles, resource controls, automated firewalls, and efficient connection-state-information storage in memory resources and connection-state-information distribution in order to prevent draining of sufficient communications-related resources within a computer system to seriously degrade or disable electronics communications components within the computer system.
摘要:
Embodiments of the present invention include a variety of different integrated, multi-tiered methods and systems for preventing various types of attacks on computer systems, including denial-of-service attacks and SYN-flood attacks. Components of these integrated methods and systems include probabilistic packet droppers, packet-rate throttles, resource controls, automated firewalls, and efficient connection-state-information storage in memory resources and connection-state-information distribution in order to prevent draining of sufficient communications-related resources within a computer system to seriously degrade or disable electronics communications components within the computer system.
摘要:
A method for detecting unauthorised radio communications devices, the method including the steps of filtering received radio frequency signals into desired signals having a frequency band characteristic of an unauthorised radio communications device and undesired signals having a different frequency band characteristic of an authorised radio communications device, comparing respective levels of the desired and undesired signals with respective predetermined threshold levels, and generating detection signals indicative of the presence of the unauthorised radio communications device only if the desired signals exceed their predetermined threshold level and the undesired signals do not exceed their predetermined threshold level, thereby passively discriminating between the authorised and unauthorised radio communications devices, and interference therebetween.