-
1.发明授权System and method of generically detecting the presence of emulated environments 有权一般地检测模拟环境的存在的系统和方法公开(公告)号:US08307429B2
公开(公告)日:2012-11-06
申请号:US11834891
申请日:2007-08-07
申请人: Richard Ford , William Allen , Gerald Marin
发明人: Richard Ford , William Allen , Gerald Marin
IPC分类号: G06F11/00
CPC分类号: G06F21/54 , G06F21/552
摘要: A method of determining that protected software is running in a virtualized environment includes obtaining a set of baseline measurements of system call timings in native operating system environments. Statistical thresholds are established based on the baseline measurements such that there is a predetermined probability that protected software running in a native environment will experience system call durations that exceed the thresholds. The protected software is analyzed and instructions are incorporated within the software such that particular system calls, demonstrated to be differentiating using the set of baseline measurements and the threshold analysis, are executed during the normal running of the protected software. The incorporated instructions are used to estimate the parameter values that are to be compared with the established statistical thresholds. Repeated comparisons of the estimates obtained during the normal running of the protected software are executed to determine whether the software is running in a virtualized environment.
摘要翻译: 确定受保护软件在虚拟化环境中运行的方法包括在本地操作系统环境中获得系统呼叫定时的一组基线测量。 基于基线测量建立统计阈值,使得存在在本机环境中运行的受保护软件将经历超过阈值的系统呼叫持续时间的预定概率。 受保护的软件被分析并且指令被并入软件内,使得在受保护的软件的正常运行期间执行被证明使用该组基线测量和阈值分析来区分的特定系统调用。 结合的指令用于估计要与建立的统计阈值进行比较的参数值。 执行受保护软件正常运行期间获得的估计值的重复比较,以确定软件是否在虚拟化环境中运行。
-
2.发明申请公开(公告)号:US20080147353A1
公开(公告)日:2008-06-19
申请号:US11834891
申请日:2007-08-07
申请人: Richard Ford , William Allen , Gerald Marin
发明人: Richard Ford , William Allen , Gerald Marin
CPC分类号: G06F21/54 , G06F21/552
摘要: A method of determining that protected software is running in a virtualized environment includes obtaining a set of baseline measurements of system call timings in native operating system environments. Statistical thresholds are established based on the baseline measurements such that there is a predetermined probability that protected software running in a native environment will experience system call durations that exceed the thresholds. The protected software is analyzed and instructions are incorporated within the software such that particular system calls, demonstrated to be differentiating using the set of baseline measurements and the threshold analysis, are executed during the normal running of the protected software. The incorporated instructions are used to estimate the parameter values that are to be compared with the established statistical thresholds. Repeated comparisons of the estimates obtained during the normal running of the protected software are executed to determine whether the software is running in a virtualized environment.
摘要翻译: 确定受保护软件在虚拟化环境中运行的方法包括在本地操作系统环境中获得系统呼叫定时的一组基线测量。 基于基线测量建立统计阈值,使得存在在本机环境中运行的受保护软件将经历超过阈值的系统呼叫持续时间的预定概率。 受保护的软件被分析并且指令被并入软件内,使得在受保护的软件的正常运行期间执行被证明使用该组基线测量和阈值分析来区分的特定系统调用。 结合的指令用于估计要与建立的统计阈值进行比较的参数值。 执行受保护软件正常运行期间获得的估计值的重复比较,以确定软件是否在虚拟化环境中运行。
-
搜索结果
2 条记录 (耗时 0.016 秒)
