-
公开(公告)号:US07290002B2
公开(公告)日:2007-10-30
申请号:US10786674
申请日:2004-02-25
申请人: Marc Shapiro , James William O'Brien , Caroline Elizabeth Matheson , Pablo R. Rodriguez , Manuel Costa
发明人: Marc Shapiro , James William O'Brien , Caroline Elizabeth Matheson , Pablo R. Rodriguez , Manuel Costa
CPC分类号: G06F17/30067 , Y10S707/99942 , Y10S707/99953
摘要: A system-wide selective action management facility is provided. Such a facility can support selective action management for multiple applications executing on one or more computer systems (including the operating system and its components, such as a file system). A system-wide action management facility can log actions performed on the computer system(s) and record relationships between such actions (e.g., between actions of different sources, including different documents, different applications and even different computer systems). When a user discovers a mistake, the tool allows the user to select one or more past actions (i.e., the “mistake”) for removal or replacement with one or more correction actions. The tool can also re-execute dependent actions to restore the relevant state of the system at the time of the designation, absent the “mistake”. As such, actions throughout the system can be selectively undone, fixed and/or redone in an exemplary system-wide selective action management tool.
摘要翻译: 提供了一个全系统的选择性行动管理设施。 这样的设施可以支持在一个或多个计算机系统(包括操作系统及其组件,例如文件系统)上执行的多个应用的选择性动作管理。 系统范围的行动管理设施可以记录在计算机系统上执行的动作,并记录这些动作之间的关系(例如,不同来源的动作,包括不同的文档,不同的应用程序甚至不同的计算机系统)。 当用户发现错误时,该工具允许用户通过一个或多个修正动作来选择一个或多个过去动作(即,“错误”)来移除或替换。 该工具还可以重新执行相关操作,以在指定时恢复系统的相关状态,而不存在“错误”。 因此,可以在示例性全系统选择性动作管理工具中选择性地撤销,固定和/或重做整个系统中的动作。
-
公开(公告)号:US08310956B2
公开(公告)日:2012-11-13
申请号:US12883346
申请日:2010-09-16
CPC分类号: H04L67/104 , H04L43/0858 , H04L43/0864 , H04L43/12 , H04L67/1046 , H04L67/1068
摘要: A method is provided for a host node in a computer network to determine its coordinates in a d-dimensional network space, comprising discovering an address of a peer node in the network, measuring network latency between the host node and the peer node, determining whether network latency has been measured for at least d+1 peer nodes, where, if network latency has not been measured for at least d+1 peer nodes, estimating the network coordinates of the host node, and where, if network latency has been measured for at least d+1 peer nodes, calculating the network coordinates of the host node using d+1 measured latencies.
摘要翻译: 提供了一种用于计算机网络中的主机节点来确定其在d维网络空间中的坐标的方法,包括发现网络中的对等节点的地址,测量主机节点和对等节点之间的网络等待时间,确定是否 已经对至少d + 1个对等节点测量了网络延迟,其中,如果尚未对至少d + 1个对等节点进行网络延迟测量,则估计主机节点的网络坐标,以及如果已经测量了网络延迟 对于至少d + 1个对等节点,使用d + 1测量的延迟来计算主机节点的网络坐标。
-
公开(公告)号:US20090282393A1
公开(公告)日:2009-11-12
申请号:US12306188
申请日:2007-05-04
申请人: Manuel Costa , Miguel Castro , Tim Harris
发明人: Manuel Costa , Miguel Castro , Tim Harris
IPC分类号: G06F9/06
摘要: The majority of such software attacks exploit software vulnerabilities or flaws to write data to unintended locations. For example, control-data attacks exploit buffer overflows or other vulnerabilities to overwrite a return address in the stack, a function pointer, or some other piece of control data. Non-control-data attacks exploit similar vulnerabilities to overwrite security critical data without subverting the intended control flow in the program. We describe a method for securing software against both control-data and non-control-data attacks. A static analysis is carried out to determine data flow information for a software program. Data-flow tracking instructions are formed in order to track data flow during execution or emulation of that software. Also, checking instructions are formed to check the tracked data flow against the static analysis results and thereby identify potential attacks or errors. Optional optimisations are described to reduce the resulting additional overheads.
摘要翻译: 大多数此类软件攻击利用软件漏洞或漏洞将数据写入非预期位置。 例如,控制数据攻击利用缓冲区溢出或其他漏洞来覆盖堆栈中的返回地址,函数指针或其他一些控制数据。 非控制数据攻击利用类似的漏洞来覆盖安全关键数据,而不会破坏程序中的预期控制流程。 我们描述一种保护软件免受控制数据和非控制数据攻击的方法。 进行静态分析以确定软件程序的数据流信息。 形成数据流跟踪指令,以便在执行或仿真该软件期间跟踪数据流。 此外,形成检查指令以根据静态分析结果检查跟踪的数据流,从而识别潜在的攻击或错误。 描述可选优化,以减少所产生的额外开销。
-
公开(公告)号:US20080301246A1
公开(公告)日:2008-12-04
申请号:US12097963
申请日:2006-12-04
IPC分类号: G06F15/16
CPC分类号: H04L67/104 , H04L29/06 , H04L67/108 , H04L67/22 , H04L67/24 , H04L69/329
摘要: A wire protocol is described which implements connection management and other methods to give enhanced peer-to-peer content distribution. Connections between nodes can be placed in a “notify” state when they are idle but may soon yield useful content. This notify state is also used together with a content request/response cycle to allow a peer to evaluate content available at a neighbour. If no suitable content is available a notify state is entered. When new content is later received at the neighbour it is able to inform the requesting node to allow it to restart the content request/response cycle.
摘要翻译: 描述了一种实现连接管理和其他方法以提供增强的对等内容分发的有线协议。 节点之间的连接可以在空闲时处于“通知”状态,但可能会很快产生有用的内容。 该通知状态也与内容请求/响应周期一起使用,以允许对等体评估邻居可用的内容。 如果没有合适的内容可用,则输入通知状态。 当在邻居稍后接收到新内容时,能够通知请求节点允许其重启内容请求/响应周期。
-
公开(公告)号:US08434064B2
公开(公告)日:2013-04-30
申请号:US12058513
申请日:2008-03-28
申请人: Periklis Akritidis , Manuel Costa , Miguel Castro
发明人: Periklis Akritidis , Manuel Costa , Miguel Castro
CPC分类号: G06F11/3612 , G06F21/52 , G06F21/54
摘要: Methods of detecting memory errors using write integrity testing are described. In an embodiment, additional analysis is performed when a program is compiled. This analysis identifies a set of objects which can be written by each instruction in the program. Additional code is then inserted into the program so that, at runtime, the program checks before performing a write instruction that the particular object being written is one of the set of objects that it is allowed to write. The inserted code causes an exception to be raised if this check fails and allows the write to proceed if the check is successful. In a further embodiment, code may also be inserted to perform checks before indirect control-flow transfer instructions, to ensure that those instructions cannot transfer control to locations different from those intended.
摘要翻译: 描述使用写入完整性测试来检测存储器错误的方法。 在一个实施例中,当编译程序时执行附加分析。 此分析标识可由程序中的每条指令写入的一组对象。 然后将附加代码插入到程序中,使得在运行时,程序在执行写入指令之前检查所写入的特定对象是被允许写入的一组对象之一。 如果此检查失败,则插入的代码会引发异常,如果检查成功,则允许写入继续。 在另一实施例中,还可以插入代码以在间接控制流传输指令之前执行检查,以确保那些指令不能将控制转移到与预期不同的位置。
-
公开(公告)号:US08316448B2
公开(公告)日:2012-11-20
申请号:US11925575
申请日:2007-10-26
申请人: Marcus Peinado , Manuel Costa , Miguel Castro , Lidong Zhou , Lintao Zhang
发明人: Marcus Peinado , Manuel Costa , Miguel Castro , Lidong Zhou , Lintao Zhang
IPC分类号: H04L29/06
CPC分类号: G06F21/55 , G06F21/52 , G06F21/577
摘要: Methods and architectures for automatic filter generation are described. In an embodiment, these filters are generated in order to block inputs which would otherwise disrupt the normal functioning of a program. An initial set of filter conditions is generated by analyzing the path of a program from a point at which a bad input is received to the point at which the malfunctioning of the program is detected and creating conditions on an input which ensure that this path is followed. Having generated the initial set of filter conditions, the set is made less specific by determining which instructions do not influence whether the point of detection of the attack is reached and removing the filter conditions which correspond to these instructions.
摘要翻译: 描述了自动过滤器生成的方法和体系结构。 在一个实施例中,生成这些滤波器以便阻止否则将中断程序的正常功能的输入。 通过从接收到不良输入的点到检测到程序故障的点分析程序的路径并在输入上创建条件来产生初始的过滤条件集合,以确保遵循该路径 。 在产生初始的滤波条件集之后,通过确定哪些指令不影响是否达到攻击的检测点,并且去除与这些指令相对应的滤波条件,使该集合具有较小的特定性。
-
公开(公告)号:US08122436B2
公开(公告)日:2012-02-21
申请号:US11941272
申请日:2007-11-16
IPC分类号: G06F9/44
CPC分类号: G06F11/366 , G06F11/0748 , G06F11/0778 , G06F11/3636
摘要: Methods and apparatus for generating error reports with enhanced privacy are described. In an embodiment the error is triggered by an input to a software program. An error report is generated by identifying conditions on an input to the program which ensure that, for any input which satisfies the conditions, the software program will follow the same execution path such that the error can be reproduced. The error report may include these conditions or may include a new input generated using the conditions.
摘要翻译: 描述用于生成具有增强的隐私的错误报告的方法和装置。 在一个实施例中,错误由对软件程序的输入触发。 通过识别程序输入上的条件来生成错误报告,该条件确保对于满足条件的任何输入,软件程序将遵循相同的执行路径,从而可以再现错误。 错误报告可能包括这些条件,或者可能包括使用条件生成的新输入。
-
公开(公告)号:US20090249289A1
公开(公告)日:2009-10-01
申请号:US12058513
申请日:2008-03-28
申请人: Periklis Akritidis , Manuel Costa , Miguel Castro
发明人: Periklis Akritidis , Manuel Costa , Miguel Castro
IPC分类号: G06F9/44
CPC分类号: G06F11/3612 , G06F21/52 , G06F21/54
摘要: Methods of detecting memory errors using write integrity testing are described. In an embodiment, additional analysis is performed when a program is compiled. This analysis identifies a set of objects which can be written by each instruction in the program. Additional code is then inserted into the program so that, at runtime, the program checks before performing a write instruction that the particular object being written is one of the set of objects that it is allowed to write. The inserted code causes an exception to be raised if this check fails and allows the write to proceed if the check is successful. In a further embodiment, code may also be inserted to perform checks before indirect control-flow transfer instructions, to ensure that those instructions cannot transfer control to locations different from those intended.
摘要翻译: 描述使用写入完整性测试来检测存储器错误的方法。 在一个实施例中,当编译程序时执行附加分析。 此分析标识可由程序中的每条指令写入的一组对象。 然后将附加代码插入到程序中,使得在运行时,程序在执行写入指令之前检查所写入的特定对象是被允许写入的一组对象之一。 如果此检查失败,则插入的代码会引发异常,如果检查成功,则允许写入继续。 在另一实施例中,还可以插入代码以在间接控制流传输指令之前执行检查,以确保那些指令不能将控制转移到与预期不同的位置。
-
公开(公告)号:US20090113550A1
公开(公告)日:2009-04-30
申请号:US11925575
申请日:2007-10-26
申请人: Manuel Costa , Miguel Castro , Lidong Zhou , Lintao Zhang , Marcus Peinado
发明人: Manuel Costa , Miguel Castro , Lidong Zhou , Lintao Zhang , Marcus Peinado
IPC分类号: G06F21/00
CPC分类号: G06F21/55 , G06F21/52 , G06F21/577
摘要: Methods and architectures for automatic filter generation are described. In an embodiment, these filters are generated in order to block inputs which would otherwise disrupt the normal functioning of a program. An initial set of filter conditions is generated by analyzing the path of a program from a point at which a bad input is received to the point at which the malfunctioning of the program is detected and creating conditions on an input which ensure that this path is followed. Having generated the initial set of filter conditions, the set is made less specific by determining which instructions do not influence whether the point of detection of the attack is reached and removing the filter conditions which correspond to these instructions.
摘要翻译: 描述了自动过滤器生成的方法和体系结构。 在一个实施例中,生成这些滤波器以便阻止否则将中断程序的正常功能的输入。 通过从接收到不良输入的点到检测到程序故障的点分析程序的路径并在输入上创建条件来产生初始的过滤条件集合,以确保遵循该路径 。 在产生初始的滤波条件集之后,通过确定哪些指令不影响是否达到攻击的检测点,并且去除与这些指令相对应的滤波条件,使该集合具有较小的特定性。
-
公开(公告)号:US09390261B2
公开(公告)日:2016-07-12
申请号:US12306188
申请日:2007-05-04
申请人: Manuel Costa , Miguel Castro , Tim Harris
发明人: Manuel Costa , Miguel Castro , Tim Harris
摘要: The majority of such software attacks exploit software vulnerabilities or flaws to write data to unintended locations. For example, control-data attacks exploit buffer overflows or other vulnerabilities to overwrite a return address in the stack, a function pointer, or some other piece of control data. Non-control-data attacks exploit similar vulnerabilities to overwrite security critical data without subverting the intended control flow in the program. We describe a method for securing software against both control-data and non-control-data attacks. A static analysis is carried out to determine data flow information for a software program. Data-flow tracking instructions are formed in order to track data flow during execution or emulation of that software. Also, checking instructions are formed to check the tracked data flow against the static analysis results and thereby identify potential attacks or errors. Optional optimisations are described to reduce the resulting additional overheads.
摘要翻译: 大多数此类软件攻击利用软件漏洞或漏洞将数据写入非预期位置。 例如,控制数据攻击利用缓冲区溢出或其他漏洞来覆盖堆栈中的返回地址,函数指针或其他一些控制数据。 非控制数据攻击利用类似的漏洞来覆盖安全关键数据,而不会破坏程序中的预期控制流程。 我们描述一种用于保护软件免受控制数据和非控制数据攻击的方法。 进行静态分析以确定软件程序的数据流信息。 形成数据流跟踪指令,以便在执行或仿真该软件期间跟踪数据流。 此外,形成检查指令以根据静态分析结果检查跟踪的数据流,从而识别潜在的攻击或错误。 描述可选优化,以减少所产生的额外开销。
-
-
-
-
-
-
-
-
-
搜索结果
28 条记录 (耗时 0.034 秒)
