Software fault isolation using byte-granularity memory protection
    1.
    发明授权
    Software fault isolation using byte-granularity memory protection 有权
    软件故障隔离采用字节度记忆保护

    公开(公告)号:US08352797B2

    公开(公告)日:2013-01-08

    申请号:US12633326

    申请日:2009-12-08

    IPC分类号: G06F11/30

    摘要: Software fault isolation methods using byte-granularity memory protection are described. In an embodiment, untrusted drivers or other extensions to a software system are run in a separate domain from the host portion of the software system, but share the same address space as the host portion. Calls between domains are mediated using an interposition library and access control data is maintained for substantially each byte of relevant virtual address space. Instrumentation added to the untrusted extension at compile-time, before load-time, or at runtime and added by the interposition library enforces the isolation between domains, for example by adding access right checks before any writes or indirect calls and by redirecting function calls to call wrappers in the interposition library. The instrumentation also updates the access control data to grant and revoke access rights on a fine granularity according to the semantics of the operation being invoked.

    摘要翻译: 描述了使用字节粒度内存保护的软件故障隔离方法。 在一个实施例中,软件系统的不受信任的驱动程序或其他扩展在与软件系统的主机部分分开的域中运行,但是与主机部分共享相同的地址空间。 域之间的调用使用插入库进行调用,并且访问控制数据基本上维持相关虚拟地址空间的每个字节。 在编译期间,在加载时间之前或在运行时添加到不可信扩展的仪器,在插入库中添加的仪器会强制实现域之间的隔离,例如在任何写入或间接调用之前添加访问权限检查,并通过将函数调用重定向到 在插页库中调用包装器。 仪器还会更新访问控制数据,根据正在调用的操作的语义,以精细粒度授予和撤销访问权限。

    Privacy enhanced error reports
    2.
    发明授权
    Privacy enhanced error reports 有权
    隐私增强错误报告

    公开(公告)号:US08122436B2

    公开(公告)日:2012-02-21

    申请号:US11941272

    申请日:2007-11-16

    IPC分类号: G06F9/44

    摘要: Methods and apparatus for generating error reports with enhanced privacy are described. In an embodiment the error is triggered by an input to a software program. An error report is generated by identifying conditions on an input to the program which ensure that, for any input which satisfies the conditions, the software program will follow the same execution path such that the error can be reproduced. The error report may include these conditions or may include a new input generated using the conditions.

    摘要翻译: 描述用于生成具有增强的隐私的错误报告的方法和装置。 在一个实施例中,错误由对软件程序的输入触发。 通过识别程序输入上的条件来生成错误报告,该条件确保对于满足条件的任何输入,软件程序将遵循相同的执行路径,从而可以再现错误。 错误报告可能包括这些条件,或者可能包括使用条件生成的新输入。

    Software Fault Isolation Using Byte-Granularity Memory Protection
    3.
    发明申请
    Software Fault Isolation Using Byte-Granularity Memory Protection 有权
    使用字节粒度内存保护的软件故障隔离

    公开(公告)号:US20110138476A1

    公开(公告)日:2011-06-09

    申请号:US12633326

    申请日:2009-12-08

    IPC分类号: G06F21/22

    摘要: Software fault isolation methods using byte-granularity memory protection are described. In an embodiment, untrusted drivers or other extensions to a software system are run in a separate domain from the host portion of the software system, but share the same address space as the host portion. Calls between domains are mediated using an interposition library and access control data is maintained for substantially each byte of relevant virtual address space. Instrumentation added to the untrusted extension at compile-time, before load-time, or at runtime and added by the interposition library enforces the isolation between domains, for example by adding access right checks before any writes or indirect calls and by redirecting function calls to call wrappers in the interposition library. The instrumentation also updates the access control data to grant and revoke access rights on a fine granularity according to the semantics of the operation being invoked.

    摘要翻译: 描述了使用字节粒度内存保护的软件故障隔离方法。 在一个实施例中,软件系统的不受信任的驱动程序或其他扩展在与软件系统的主机部分分开的域中运行,但是与主机部分共享相同的地址空间。 域之间的调用使用插入库进行调用,并且访问控制数据基本上维持相关虚拟地址空间的每个字节。 在编译期间,在加载时间之前或在运行时添加到不可信扩展的仪器,在插入库中添加的这些扩展可以强制实现域之间的隔离,例如在任何写入或间接调用之前添加访问权限检查,并通过重定向函数调用 在插页库中调用包装器。 仪器还会更新访问控制数据,根据正在调用的操作的语义,以精细粒度授予和撤销访问权限。

    Privacy Enhanced Error Reports
    4.
    发明申请
    Privacy Enhanced Error Reports 有权
    隐私增强错误报告

    公开(公告)号:US20090132861A1

    公开(公告)日:2009-05-21

    申请号:US11941272

    申请日:2007-11-16

    IPC分类号: G06F11/36

    摘要: Methods and apparatus for generating error reports with enhanced privacy are described. In an embodiment the error is triggered by an input to a software program. An error report is generated by identifying conditions on an input to the program which ensure that, for any input which satisfies the conditions, the software program will follow the same execution path such that the error can be reproduced. The error report may include these conditions or may include a new input generated using the conditions.

    摘要翻译: 描述用于生成具有增强的隐私的错误报告的方法和装置。 在一个实施例中,错误由对软件程序的输入触发。 通过识别程序输入上的条件来生成错误报告,该条件确保对于满足条件的任何输入,软件程序将遵循相同的执行路径,从而可以再现错误。 错误报告可能包括这些条件,或者可能包括使用条件生成的新输入。

    Securing Software By Enforcing Data Flow Integrity
    5.
    发明申请
    Securing Software By Enforcing Data Flow Integrity 有权
    通过执行数据流完整性来保护软件

    公开(公告)号:US20090282393A1

    公开(公告)日:2009-11-12

    申请号:US12306188

    申请日:2007-05-04

    IPC分类号: G06F9/06

    CPC分类号: G06F21/54 G06F21/52

    摘要: The majority of such software attacks exploit software vulnerabilities or flaws to write data to unintended locations. For example, control-data attacks exploit buffer overflows or other vulnerabilities to overwrite a return address in the stack, a function pointer, or some other piece of control data. Non-control-data attacks exploit similar vulnerabilities to overwrite security critical data without subverting the intended control flow in the program. We describe a method for securing software against both control-data and non-control-data attacks. A static analysis is carried out to determine data flow information for a software program. Data-flow tracking instructions are formed in order to track data flow during execution or emulation of that software. Also, checking instructions are formed to check the tracked data flow against the static analysis results and thereby identify potential attacks or errors. Optional optimisations are described to reduce the resulting additional overheads.

    摘要翻译: 大多数此类软件攻击利用软件漏洞或漏洞将数据写入非预期位置。 例如,控制数据攻击利用缓冲区溢出或其他漏洞来覆盖堆栈中的返回地址,函数指针或其他一些控制数据。 非控制数据攻击利用类似的漏洞来覆盖安全关键数据,而不会破坏程序中的预期控制流程。 我们描述一种保护软件免受控制数据和非控制数据攻击的方法。 进行静态分析以确定软件程序的数据流信息。 形成数据流跟踪指令,以便在执行或仿真该软件期间跟踪数据流。 此外,形成检查指令以根据静态分析结果检查跟踪的数据流,从而识别潜在的攻击或错误。 描述可选优化,以减少所产生的额外开销。

    Filter generation
    6.
    发明授权
    Filter generation 失效
    过滤器生成

    公开(公告)号:US07634812B2

    公开(公告)日:2009-12-15

    申请号:US11095287

    申请日:2005-03-30

    IPC分类号: G06F12/14

    CPC分类号: G06F21/57 G06F21/552

    摘要: A containment system may include a protection system which may protect the computing device from future attacks. For example, a patch may be automatically generated which resolves a detected vulnerability in a program. IN another example, a filter may be automatically generated which filters actions and/or messages which take advantage of a detected vulnerability in a program.

    摘要翻译: 遏制系统可以包括可以保护计算设备免受未来攻击的保护系统。 例如,可以自动生成修补程序,以解决程序中检测到的漏洞。 在另一示例中,可以自动生成过滤器,其过滤利用程序中检测到的漏洞的动作和/或消息。

    Self-certifying alert
    7.
    发明申请
    Self-certifying alert 失效
    自我认证警报

    公开(公告)号:US20070006314A1

    公开(公告)日:2007-01-04

    申请号:US11095291

    申请日:2005-03-30

    IPC分类号: G06F11/00

    摘要: A containment system may include generating and/or sending an alert as the basis for safely sharing knowledge about detected worms. An alert may contain information that proves that a given program has a vulnerability. The alert may be self-certifying such that its authenticity may be independently verified by a computing system.

    摘要翻译: 遏制系统可以包括生成和/或发送警报作为安全地分享关于检测到的蠕虫的知识的基础。 警报可能包含证明给定程序有漏洞的信息。 警报可以是自我认证的,使得其真实性可以由计算系统独立地验证。

    Securing software by enforcing data flow integrity
    8.
    发明授权
    Securing software by enforcing data flow integrity 有权
    通过执行数据流完整性来保护软件

    公开(公告)号:US09390261B2

    公开(公告)日:2016-07-12

    申请号:US12306188

    申请日:2007-05-04

    IPC分类号: G06F9/44 G06F21/54 G06F21/52

    CPC分类号: G06F21/54 G06F21/52

    摘要: The majority of such software attacks exploit software vulnerabilities or flaws to write data to unintended locations. For example, control-data attacks exploit buffer overflows or other vulnerabilities to overwrite a return address in the stack, a function pointer, or some other piece of control data. Non-control-data attacks exploit similar vulnerabilities to overwrite security critical data without subverting the intended control flow in the program. We describe a method for securing software against both control-data and non-control-data attacks. A static analysis is carried out to determine data flow information for a software program. Data-flow tracking instructions are formed in order to track data flow during execution or emulation of that software. Also, checking instructions are formed to check the tracked data flow against the static analysis results and thereby identify potential attacks or errors. Optional optimisations are described to reduce the resulting additional overheads.

    摘要翻译: 大多数此类软件攻击利用软件漏洞或漏洞将数据写入非预期位置。 例如,控制数据攻击利用缓冲区溢出或其他漏洞来覆盖堆栈中的返回地址,函数指针或其他一些控制数据。 非控制数据攻击利用类似的漏洞来覆盖安全关键数据,而不会破坏程序中的预期控制流程。 我们描述一种用于保护软件免受控制数据和非控制数据攻击的方法。 进行静态分析以确定软件程序的数据流信息。 形成数据流跟踪指令,以便在执行或仿真该软件期间跟踪数据流。 此外,形成检查指令以根据静态分析结果检查跟踪的数据流,从而识别潜在的攻击或错误。 描述可选优化,以减少所产生的额外开销。

    Containment of worms
    10.
    发明申请

    公开(公告)号:US20060021054A1

    公开(公告)日:2006-01-26

    申请号:US11096054

    申请日:2005-03-30

    IPC分类号: G06F11/00

    CPC分类号: G06F21/566 H04L63/1416

    摘要: One aspect of the invention is a vulnerability detection mechanism that can detect a large class of attacks through dynamic dataflow analysis. Another aspect of the invention includes self-certifying alerts as the basis for safely sharing knowledge about worms. Another aspect of the invention is a resilient and self-organizing protocol to propagate alerts to all non-infected nodes in a timely fashion, even when under active attack during a worm outbreak. Another aspect of the invention is a system architecture that enables a large number of mutually untrusting computers to collaborate in the task of stopping a previously unknown worm, even when the worm is spreading rapidly and exploiting unknown vulnerabilities in popular software packages.