-
公开(公告)号:US07715396B2
公开(公告)日:2010-05-11
申请号:US11118240
申请日:2005-04-28
摘要: To reduce the dependency of overlay networks on underlay networks to route messages, a virtual ring routing architecture may be formed that leverages the design of the overlay network to achieve their desirable scaling and robustness properties but also reduce the dependency on any underlay network to setup and maintain connectivity. More particularly, each node may have a single, fixed, location independent node identifier, to organize the nodes into a virtual ring. The connectivity between nodes through the actual network topology may be formed by a plurality of nodes in the virtual ring by maintaining connectivity to those nodes identified as virtual neighbor nodes within the virtual ring. The path segments defining communication connections between virtual neighbor nodes may be used to route messages between any pair of nodes in the network and may reduce route discovery overhead, reduce delay in transmission, and reduce or eliminate flooding to setup or maintain the path segments.
摘要翻译: 为了减少叠加网络对底层网络的依赖性以路由消息,可以形成利用覆盖网络的设计来实现其期望的缩放和鲁棒性属性的虚拟环路由架构,而且还减少对任何底层网络的依赖,以建立和 保持连接。 更具体地,每个节点可以具有单个,固定的,位置独立的节点标识符,以将节点组织成虚拟环。 通过实际网络拓扑的节点之间的连接可以由虚拟环中的多个节点通过维持与被识别为虚拟环内的虚拟邻居节点的那些节点的连接来形成。 定义虚拟相邻节点之间的通信连接的路径段可以用于在网络中的任何一对节点之间路由消息,并且可以减少路由发现开销,减少传输中的延迟,以及减少或消除洪泛以建立或维护路径段。
-
公开(公告)号:US20060039371A1
公开(公告)日:2006-02-23
申请号:US11118240
申请日:2005-04-28
申请人: Miguel Castro , Antony Rowstron , Matthew Caesar
发明人: Miguel Castro , Antony Rowstron , Matthew Caesar
IPC分类号: H04L12/28
摘要: To reduce the dependency of overlay networks on underlay networks to route messages, a virtual ring routing architecture may be formed that leverages the design of the overlay network to achieve their desirable scaling and robustness properties but also reduce the dependency on any underlay network to setup and maintain connectivity. More particularly, each node may have a single, fixed, location independent node identifier, to organize the nodes into a virtual ring. The connectivity between nodes through the actual network topology may be formed by a plurality of nodes in the virtual ring by maintaining connectivity to those nodes identified as virtual neighbor nodes within the virtual ring. The path segments defining communication connections between virtual neighbor nodes may be used to route messages between any pair of nodes in the network and may reduce route discovery overhead, reduce delay in transmission, and reduce or eliminate flooding to setup or maintain the path segments.
摘要翻译: 为了减少叠加网络对底层网络的依赖性以路由消息,可以形成利用覆盖网络的设计来实现其期望的缩放和鲁棒性属性的虚拟环路由架构,而且还减少对任何底层网络的依赖,以建立和 保持连接。 更具体地,每个节点可以具有单个,固定的,位置独立的节点标识符,以将节点组织成虚拟环。 通过实际网络拓扑的节点之间的连接可以由虚拟环中的多个节点通过维持与被识别为虚拟环内的虚拟邻居节点的那些节点的连接来形成。 定义虚拟相邻节点之间的通信连接的路径段可以用于在网络中的任何一对节点之间路由消息,并且可以减少路由发现开销,减少传输中的延迟,以及减少或消除洪泛以建立或维护路径段。
-
公开(公告)号:US07634812B2
公开(公告)日:2009-12-15
申请号:US11095287
申请日:2005-03-30
申请人: Manuel Costa , Miguel Castro , Antony Rowstron , Jon Crowcroft
发明人: Manuel Costa , Miguel Castro , Antony Rowstron , Jon Crowcroft
IPC分类号: G06F12/14
CPC分类号: G06F21/57 , G06F21/552
摘要: A containment system may include a protection system which may protect the computing device from future attacks. For example, a patch may be automatically generated which resolves a detected vulnerability in a program. IN another example, a filter may be automatically generated which filters actions and/or messages which take advantage of a detected vulnerability in a program.
摘要翻译: 遏制系统可以包括可以保护计算设备免受未来攻击的保护系统。 例如,可以自动生成修补程序,以解决程序中检测到的漏洞。 在另一示例中,可以自动生成过滤器,其过滤利用程序中检测到的漏洞的动作和/或消息。
-
公开(公告)号:US20070006314A1
公开(公告)日:2007-01-04
申请号:US11095291
申请日:2005-03-30
申请人: Manuel Costa , Miguel Castro , Antony Rowstron , Jon Crowcroft
发明人: Manuel Costa , Miguel Castro , Antony Rowstron , Jon Crowcroft
IPC分类号: G06F11/00
CPC分类号: H04L63/1433 , G06F21/554 , G06F21/577 , H04L63/1416
摘要: A containment system may include generating and/or sending an alert as the basis for safely sharing knowledge about detected worms. An alert may contain information that proves that a given program has a vulnerability. The alert may be self-certifying such that its authenticity may be independently verified by a computing system.
摘要翻译: 遏制系统可以包括生成和/或发送警报作为安全地分享关于检测到的蠕虫的知识的基础。 警报可能包含证明给定程序有漏洞的信息。 警报可以是自我认证的,使得其真实性可以由计算系统独立地验证。
-
公开(公告)号:US20090282393A1
公开(公告)日:2009-11-12
申请号:US12306188
申请日:2007-05-04
申请人: Manuel Costa , Miguel Castro , Tim Harris
发明人: Manuel Costa , Miguel Castro , Tim Harris
IPC分类号: G06F9/06
摘要: The majority of such software attacks exploit software vulnerabilities or flaws to write data to unintended locations. For example, control-data attacks exploit buffer overflows or other vulnerabilities to overwrite a return address in the stack, a function pointer, or some other piece of control data. Non-control-data attacks exploit similar vulnerabilities to overwrite security critical data without subverting the intended control flow in the program. We describe a method for securing software against both control-data and non-control-data attacks. A static analysis is carried out to determine data flow information for a software program. Data-flow tracking instructions are formed in order to track data flow during execution or emulation of that software. Also, checking instructions are formed to check the tracked data flow against the static analysis results and thereby identify potential attacks or errors. Optional optimisations are described to reduce the resulting additional overheads.
摘要翻译: 大多数此类软件攻击利用软件漏洞或漏洞将数据写入非预期位置。 例如,控制数据攻击利用缓冲区溢出或其他漏洞来覆盖堆栈中的返回地址,函数指针或其他一些控制数据。 非控制数据攻击利用类似的漏洞来覆盖安全关键数据,而不会破坏程序中的预期控制流程。 我们描述一种保护软件免受控制数据和非控制数据攻击的方法。 进行静态分析以确定软件程序的数据流信息。 形成数据流跟踪指令,以便在执行或仿真该软件期间跟踪数据流。 此外,形成检查指令以根据静态分析结果检查跟踪的数据流,从而识别潜在的攻击或错误。 描述可选优化,以减少所产生的额外开销。
-
公开(公告)号:US20070225133A1
公开(公告)日:2007-09-27
申请号:US11389649
申请日:2006-03-23
申请人: Miguel Castro
发明人: Miguel Castro
CPC分类号: A63B21/0004 , A63B21/00047 , A63B26/00 , A63B2208/0252 , A63B2225/62
摘要: A spherical exercise apparatus including two flexible inflatable hemispherical members that can be inflated with fluid or air and attached together to form a spherical object. The flat bases of the hemispherical member are made to adjoin with means to attach them, permitting a user to perform exercises on the spherical object, or each hemispherical member. The hemispherical members include gripping and anti-slip features on their round surfaces. The apparatus further includes a plate-like member that acts as a base for the hemispherical members when used individually. Alternately, each hemispherical member can include a permanently attached base member attached to its flat surface, wherein the base members include a means to attach the hemispherical members.
摘要翻译: 一种球形锻炼装置,包括两个柔性的可充气半球形构件,其可以用流体或空气充气并连接在一起以形成球形物体。 使半球形构件的平坦的基座与附接装置相邻,允许使用者对球形物体或每个半球形构件进行锻炼。 半球形构件包括其圆形表面上的夹紧和防滑特征。 该装置还包括一个板状构件,当单独使用时,其作为半球形构件的基座。 或者,每个半球形构件可以包括附接到其平坦表面的永久附接的基底构件,其中基座构件包括附接半球形构件的装置。
-
公开(公告)号:US09390261B2
公开(公告)日:2016-07-12
申请号:US12306188
申请日:2007-05-04
申请人: Manuel Costa , Miguel Castro , Tim Harris
发明人: Manuel Costa , Miguel Castro , Tim Harris
摘要: The majority of such software attacks exploit software vulnerabilities or flaws to write data to unintended locations. For example, control-data attacks exploit buffer overflows or other vulnerabilities to overwrite a return address in the stack, a function pointer, or some other piece of control data. Non-control-data attacks exploit similar vulnerabilities to overwrite security critical data without subverting the intended control flow in the program. We describe a method for securing software against both control-data and non-control-data attacks. A static analysis is carried out to determine data flow information for a software program. Data-flow tracking instructions are formed in order to track data flow during execution or emulation of that software. Also, checking instructions are formed to check the tracked data flow against the static analysis results and thereby identify potential attacks or errors. Optional optimisations are described to reduce the resulting additional overheads.
摘要翻译: 大多数此类软件攻击利用软件漏洞或漏洞将数据写入非预期位置。 例如,控制数据攻击利用缓冲区溢出或其他漏洞来覆盖堆栈中的返回地址,函数指针或其他一些控制数据。 非控制数据攻击利用类似的漏洞来覆盖安全关键数据,而不会破坏程序中的预期控制流程。 我们描述一种用于保护软件免受控制数据和非控制数据攻击的方法。 进行静态分析以确定软件程序的数据流信息。 形成数据流跟踪指令,以便在执行或仿真该软件期间跟踪数据流。 此外,形成检查指令以根据静态分析结果检查跟踪的数据流,从而识别潜在的攻击或错误。 描述可选优化,以减少所产生的额外开销。
-
公开(公告)号:US08352797B2
公开(公告)日:2013-01-08
申请号:US12633326
申请日:2009-12-08
申请人: Richard John Black , Paul Barham , Manuel Costa , Marcus Peinado , Jean-Philippe Martin , Periklis Akritidis , Austin Donnelly , Miguel Castro
发明人: Richard John Black , Paul Barham , Manuel Costa , Marcus Peinado , Jean-Philippe Martin , Periklis Akritidis , Austin Donnelly , Miguel Castro
IPC分类号: G06F11/30
CPC分类号: G06F21/53 , G06F9/468 , G06F12/1483 , G06F21/54 , G06F21/57 , G06F2221/2141 , G06F2221/2149 , H04L63/101
摘要: Software fault isolation methods using byte-granularity memory protection are described. In an embodiment, untrusted drivers or other extensions to a software system are run in a separate domain from the host portion of the software system, but share the same address space as the host portion. Calls between domains are mediated using an interposition library and access control data is maintained for substantially each byte of relevant virtual address space. Instrumentation added to the untrusted extension at compile-time, before load-time, or at runtime and added by the interposition library enforces the isolation between domains, for example by adding access right checks before any writes or indirect calls and by redirecting function calls to call wrappers in the interposition library. The instrumentation also updates the access control data to grant and revoke access rights on a fine granularity according to the semantics of the operation being invoked.
摘要翻译: 描述了使用字节粒度内存保护的软件故障隔离方法。 在一个实施例中,软件系统的不受信任的驱动程序或其他扩展在与软件系统的主机部分分开的域中运行,但是与主机部分共享相同的地址空间。 域之间的调用使用插入库进行调用,并且访问控制数据基本上维持相关虚拟地址空间的每个字节。 在编译期间,在加载时间之前或在运行时添加到不可信扩展的仪器,在插入库中添加的仪器会强制实现域之间的隔离,例如在任何写入或间接调用之前添加访问权限检查,并通过将函数调用重定向到 在插页库中调用包装器。 仪器还会更新访问控制数据,根据正在调用的操作的语义,以精细粒度授予和撤销访问权限。
-
公开(公告)号:US20090089909A1
公开(公告)日:2009-04-09
申请号:US11973600
申请日:2007-10-08
申请人: Miguel Castro
发明人: Miguel Castro
CPC分类号: A63B71/148 , A63B43/005 , A63B2209/10 , A63B2243/0037
摘要: An exercise apparatus comprising at least one glove, at least one sphere and an adhering means that adheres the glove to the sphere. The glove comprises a central panel comprising finger engaging portions and a thumb hole, a plurality of straps extending from either side of the central panel are adapted to be attached together across the back of the hand for securing the glove, and an elevated pad on the central panel disposed in a way to contact the sphere and elevate the hand when performing exercises.
摘要翻译: 一种运动装置,其包括至少一个手套,至少一个球体和将手套粘附到球体上的粘附装置。 手套包括包括手指接合部分和拇指孔的中央面板,从中央面板的任一侧延伸的多个带子适于连接在手的背面,以固定手套,并且将高架垫 中央面板以进行锻炼的方式与球体接触并提升手。
-
公开(公告)号:US20060031933A1
公开(公告)日:2006-02-09
申请号:US11095287
申请日:2005-03-30
申请人: Manuel Costa , Miguel Castro , Antony Rowstron , Jon Crowcroft
发明人: Manuel Costa , Miguel Castro , Antony Rowstron , Jon Crowcroft
CPC分类号: G06F21/57 , G06F21/552
摘要: A containment system may include a protection system which may protect the computing device from future attacks. For example, a patch may be automatically generated which resolves a detected vulnerability in a program. IN another example, a filter may be automatically generated which filters actions and/or messages which take advantage of a detected vulnerability in a program.
-
-
-
-
-
-
-
-
-
搜索结果
21 条记录 (耗时 0.021 秒)
