-
公开(公告)号:US20050198507A1
公开(公告)日:2005-09-08
申请号:US10794292
申请日:2004-03-05
申请人: Scott Brender , Philip Lafornara , Michael Marr , Robert Oliver
发明人: Scott Brender , Philip Lafornara , Michael Marr , Robert Oliver
IPC分类号: H04L9/00
CPC分类号: G06F12/1416 , G06F21/51
摘要: The import address table of a software module is verified in order to prevent detouring attacks. A determination is made regarding which entries in the IAT must be verified; all of the entries may be verified or some subset of the entries that are critical may be verified. For each external function, the external module containing the external function is loaded, if it is not already loaded. The function address in the exported function table is found. That address is compared to the address for the function in the IAT. Additionally, the external module, in one embodiment, is verified to ensure that it has not been modified. For a delay load IAT, a similar procedure is followed; however the delay load IAT may be periodically checked to ensure that the delay load IAT entries are either valid (indicating that the external function has been bound) or in their initial state (indicating that no binding has yet occurred).
摘要翻译: 验证软件模块的导入地址表,以防止迂回攻击。 确定必须验证IAT中的哪些条目; 可以验证所有条目,或者可以验证关键的条目的某些子集。 对于每个外部功能,如果外部模块尚未加载,则会加载包含外部功能的外部模块。 找到导出的功能表中的功能地址。 该地址与IAT中功能的地址进行比较。 此外,在一个实施例中,外部模块被验证以确保其未被修改。 对于延迟负载IAT,遵循类似的过程; 然而,可以定期检查延迟负载IAT以确保延迟负载IAT条目是有效的(指示外部功能已经被绑定)或处于其初始状态(指示还没有发生绑定)。
-
公开(公告)号:US20060026569A1
公开(公告)日:2006-02-02
申请号:US10902244
申请日:2004-07-29
IPC分类号: G06F9/44
CPC分类号: G06F21/51
摘要: Dynamic run-time verification of a module which is loaded in memory (in whole or in part) for execution is enabled by using pre-computed portion-level verification data for portions of the module smaller than the whole (e.g. at the page-level). A portion of the module as loaded into memory for execution can be verified. Pre-computed portion-level verification data is retrieved from storage and used to verify the loaded portions of the executable. Verification data may be, for example, a digitally signed hash of the portion. Where the operating system loader has modified the portion for execution, the modifications are reversed, removing any changes performed by the operating system. If the portion has not been tampered, this will return the portion to its original pre-loaded state. This version is then used to determine validity using the pre-computed portion-level verification. Additionally, during execution of the module, new portions/pages of the module which are loaded can be verified to ensure that they have not been changed, and a list of hot pages of the module can be made, including pages to be continually reverified, in order to ensure that no malicious changes have been made in the module.
摘要翻译: 通过对小于整个模块的部分(例如在页面级别)使用预先计算的部分级验证数据来启用加载在存储器(整体或部分)中用于执行的模块的动态运行时验证 )。 可以验证加载到存储器中用于执行的模块的一部分。 从存储器检索预先计算的部分级验证数据,并用于验证可执行文件的加载部分。 验证数据可以是例如该部分的经数字签名的散列。 在操作系统加载程序修改了执行部分的情况下,修改将相反,从而删除操作系统执行的任何更改。 如果该部分没有被篡改,这将使该部分恢复到原来的预加载状态。 然后使用该版本使用预先计算的部分级验证来确定有效性。 此外,在执行模块期间,可以验证装载的模块的新部分/页面,以确保它们未被更改,并且可以制作模块的热页面列表,包括要不断重新验证的页面, 以确保模块中不会发生恶意更改。
-
公开(公告)号:US20050198051A1
公开(公告)日:2005-09-08
申请号:US10795068
申请日:2004-03-05
申请人: Michael Marr , Scott Brender
发明人: Michael Marr , Scott Brender
IPC分类号: G06F7/00
CPC分类号: G06F21/52 , G06F2221/2125
摘要: Dynamic run-time verification of a module which is loaded in memory (in whole or in part) for execution is enabled by storing hashes of smaller portions of the module (e.g. page-level hashes) as they should look when loaded into memory for execution. After an initial authentication is completed, hashes of smaller portions of the module are stored. These hashes consist of the portion of memory as modified by changes which would be made by the operating system loader operating normally. Thus, the hashes can be used to verify that the portion as loaded into memory for execution is 1) a correct copy of the portion of the software module, 2) correctly modified for execution by the processor, and 3) not tampered with since loading. Additionally, during execution of the module, new portions/pages of the module which are loaded can be verified to ensure that they have not been changed, and a list of hot pages of the module can be made, including pages to be continually re-verified, in order to ensure that no changes have been made in the module.
摘要翻译: 通过将模块的较小部分的哈希值(例如页面级别的哈希)存储在加载到存储器中以用于执行的内存(整体或部分)中的模块的动态运行时验证是可执行的 。 初始认证完成后,存储模块较小部分的散列。 这些散列由由操作系统加载器正常运行的更改所修改的存储器部分组成。 因此,可以使用散列来验证加载到存储器中用于执行的部分是1)软件模块的一部分的正确副本,2)被正确修改以供处理器执行,以及3)由于加载而不被篡改 。 另外,在执行模块期间,可以验证加载的模块的新部分/页面,以确保它们未被更改,并且可以制作模块的热页面列表,包括要连续重新编写的页面, 验证,以确保在模块中没有做出任何改变。
-
公开(公告)号:US20050198645A1
公开(公告)日:2005-09-08
申请号:US10790302
申请日:2004-03-01
申请人: Michael Marr , Scott Brender
发明人: Michael Marr , Scott Brender
IPC分类号: G06F3/00
CPC分类号: G06F21/606 , G06F21/10
摘要: Run-time call stack verification is used to determine that a code module has been called by a legitimate caller. A return address on the stack indicates where execution is to return upon execution of the next return instruction, and this return address is indicative of where the code module was called from. The code module may determine that the call is allowed, or disallowed, based on the location of the return address. A calling convention is provided that allows the code module to be called through an intermediary, while also preserving the original return address that was in effect at the time the intermediary was called and also resisting modification to the call stack during the time that the original return address is being verified.
摘要翻译: 运行时调用堆栈验证用于确定代码模块已由合法调用者调用。 堆栈上的返回地址指示在执行下一个返回指令时执行的返回地址,此返回地址表示代码模块从哪里被调用。 代码模块可以基于返回地址的位置来确定允许或不允许该呼叫。 提供了一种调用约定,允许代码模块通过中介进行调用,同时还保留在中间件被调用时有效的原始返回地址,并且还可以在原始返回的时间内抵制对调用堆栈的修改 地址正在验证。
-
公开(公告)号:US20120102265A1
公开(公告)日:2012-04-26
申请号:US13343985
申请日:2012-01-05
申请人: Shi Cong , Scott Brender , Karan Mehra , Darren G. Moss , William R. Tipton , Surendra Verma
发明人: Shi Cong , Scott Brender , Karan Mehra , Darren G. Moss , William R. Tipton , Surendra Verma
IPC分类号: G06F12/02
CPC分类号: G06F12/121 , G06F3/0611 , G06F3/0656 , G06F3/0673 , G06F11/1435 , G06F11/1471 , G06F12/0638 , G06F2212/2022 , G06F2212/205 , G06F2212/221 , G06F2212/2228 , G11C7/1006
摘要: A method and a processing device are provided for sequentially aggregating data to a write log included in a volume of a random-access medium. When data of a received write request is determined to be suitable for sequentially aggregating to a write log, the data may be written to the write log and a remapping tree, for mapping originally intended destinations on the random-access medium to one or more corresponding entries in the write log, may be maintained and updated. At time periods, a checkpoint may be written to the write log. The checkpoint may include information describing entries of the write log. One or more of the checkpoints may be used to recover the write log, at least partially, after a dirty shutdown. Entries of the write log may be drained to respective originally intended destinations upon an occurrence of one of a number of conditions.
摘要翻译: 提供了一种方法和处理装置,用于将数据顺序地聚合到包括在随机存取介质的卷中的写入日志。 当接收到的写入请求的数据被确定为适合于顺序聚合到写入日志时,数据可被写入写入日志和重新映射树,用于将随机访问介质上的原始目的地映射到一个或多个相应的 写入日志中的条目可以被维护和更新。 在时间段,检查点可能被写入写日志。 检查点可以包括描述写入日志的条目的信息。 一个或多个检查点可用于在脏关闭后至少部分恢复写入日志。 在发生多个条件之一时,写入日志的条目可以被排放到相应的原始目的地。
-
公开(公告)号:US08108450B2
公开(公告)日:2012-01-31
申请号:US13087927
申请日:2011-04-15
申请人: Shi Cong , Scott Brender , Karan Mehra , Darren G. Moss , William R. Tipton , Surendra Verma
发明人: Shi Cong , Scott Brender , Karan Mehra , Darren G. Moss , William R. Tipton , Surendra Verma
IPC分类号: G06F17/30
CPC分类号: G06F12/121 , G06F3/0611 , G06F3/0656 , G06F3/0673 , G06F11/1435 , G06F11/1471 , G06F12/0638 , G06F2212/2022 , G06F2212/205 , G06F2212/221 , G06F2212/2228 , G11C7/1006
摘要: A method and a processing device are provided for sequentially aggregating data to a write log included in a volume of a random-access medium. When data of a received write request is determined to be suitable for sequentially aggregating to a write log, the data may be written to the write log and a remapping tree, for mapping originally intended destinations on the random-access medium to one or more corresponding entries in the write log, may be maintained and updated. At time periods, a checkpoint may be written to the write log. The checkpoint may include information describing entries of the write log. One or more of the checkpoints may be used to recover the write log, at least partially, after a dirty shutdown. Entries of the write log may be drained to respective originally intended destinations upon an occurrence of one of a number of conditions.
摘要翻译: 提供了一种方法和处理装置,用于将数据顺序地聚合到包括在随机存取介质的卷中的写入日志。 当接收到的写入请求的数据被确定为适合于顺序聚合到写入日志时,数据可被写入写入日志和重新映射树,用于将随机访问介质上的原始目的地映射到一个或多个相应的 写入日志中的条目可以被维护和更新。 在时间段,检查点可能被写入写日志。 检查点可以包括描述写入日志的条目的信息。 一个或多个检查点可用于在脏关闭后至少部分恢复写入日志。 在发生多个条件之一时,写入日志的条目可以被排放到相应的原始目的地。
-
公开(公告)号:US20110197016A1
公开(公告)日:2011-08-11
申请号:US13087927
申请日:2011-04-15
申请人: Shi Cong , Scott Brender , Karan Mehra , Darren G. Moss , William R. Tipton , Surendra Verma
发明人: Shi Cong , Scott Brender , Karan Mehra , Darren G. Moss , William R. Tipton , Surendra Verma
IPC分类号: G06F12/02
CPC分类号: G06F12/121 , G06F3/0611 , G06F3/0656 , G06F3/0673 , G06F11/1435 , G06F11/1471 , G06F12/0638 , G06F2212/2022 , G06F2212/205 , G06F2212/221 , G06F2212/2228 , G11C7/1006
摘要: A method and a processing device are provided for sequentially aggregating data to a write log included in a volume of a random-access medium. When data of a received write request is determined to be suitable for sequentially aggregating to a write log, the data may be written to the write log and a remapping tree, for mapping originally intended destinations on the random-access medium to one or more corresponding entries in the write log, may be maintained and updated. At time periods, a checkpoint may be written to the write log. The checkpoint may include information describing entries of the write log. One or more of the checkpoints may be used to recover the write log, at least partially, after a dirty shutdown. Entries of the write log may be drained to respective originally intended destinations upon an occurrence of one of a number of conditions.
摘要翻译: 提供了一种方法和处理装置,用于将数据顺序地聚合到包括在随机存取介质的卷中的写入日志。 当接收到的写入请求的数据被确定为适合于顺序聚合到写入日志时,数据可被写入写入日志和重新映射树,用于将随机访问介质上的原始目的地映射到一个或多个相应的 写入日志中的条目可以被维护和更新。 在时间段,检查点可能被写入写日志。 检查点可以包括描述写入日志的条目的信息。 一个或多个检查点可用于在脏关闭后至少部分恢复写入日志。 在发生多个条件之一时,写入日志的条目可以被排放到相应的原始目的地。
-
公开(公告)号:US07953774B2
公开(公告)日:2011-05-31
申请号:US12234411
申请日:2008-09-19
申请人: Shi Cong , Scott Brender , Karan Mehra , Darren G. Moss , William R. Tipton , Surendra Verma
发明人: Shi Cong , Scott Brender , Karan Mehra , Darren G. Moss , William R. Tipton , Surendra Verma
IPC分类号: G06F17/30
CPC分类号: G06F12/121 , G06F3/0611 , G06F3/0656 , G06F3/0673 , G06F11/1435 , G06F11/1471 , G06F12/0638 , G06F2212/2022 , G06F2212/205 , G06F2212/221 , G06F2212/2228 , G11C7/1006
摘要: A method and a processing device are provided for sequentially aggregating data to a write log included in a volume of a random-access medium. When data of a received write request is determined to be suitable for sequentially aggregating to a write log, the data may be written to the write log and a remapping tree, for mapping originally intended destinations on the random-access medium to one or more corresponding entries in the write log, may be maintained and updated. At time periods, a checkpoint may be written to the write log. The checkpoint may include information describing entries of the write log. One or more of the checkpoints may be used to recover the write log, at least partially, after a dirty shutdown. Entries of the write log may be drained to respective originally intended destinations upon an occurrence of one of a number of conditions.
摘要翻译: 提供了一种方法和处理装置,用于将数据顺序地聚合到包括在随机存取介质的卷中的写入日志。 当接收到的写入请求的数据被确定为适合于顺序聚合到写入日志时,数据可被写入写入日志和重新映射树,用于将随机访问介质上的原始目的地映射到一个或多个相应的 写入日志中的条目可以被维护和更新。 在时间段,检查点可能被写入写日志。 检查点可以包括描述写入日志的条目的信息。 一个或多个检查点可用于在脏关闭后至少部分恢复写入日志。 在发生多个条件之一时,写入日志的条目可以被排放到相应的原始目的地。
-
公开(公告)号:US09448890B2
公开(公告)日:2016-09-20
申请号:US13343985
申请日:2012-01-05
申请人: Shi Cong , Scott Brender , Karan Mehra , Darren G. Moss , William R. Tipton , Surendra Verma
发明人: Shi Cong , Scott Brender , Karan Mehra , Darren G. Moss , William R. Tipton , Surendra Verma
CPC分类号: G06F12/121 , G06F3/0611 , G06F3/0656 , G06F3/0673 , G06F11/1435 , G06F11/1471 , G06F12/0638 , G06F2212/2022 , G06F2212/205 , G06F2212/221 , G06F2212/2228 , G11C7/1006
摘要: A method and a processing device are provided for sequentially aggregating data to a write log included in a volume of a random-access medium. When data of a received write request is determined to be suitable for sequentially aggregating to a write log, the data may be written to the write log and a remapping tree, for mapping originally intended destinations on the random-access medium to one or more corresponding entries in the write log, may be maintained and updated. At time periods, a checkpoint may be written to the write log. The checkpoint may include information describing entries of the write log. One or more of the checkpoints may be used to recover the write log, at least partially, after a dirty shutdown. Entries of the write log may be drained to respective originally intended destinations upon an occurrence of one of a number of conditions.
摘要翻译: 提供了一种方法和处理装置,用于将数据顺序地聚合到包括在随机存取介质的卷中的写入日志。 当接收到的写入请求的数据被确定为适合于顺序聚合到写入日志时,数据可被写入写入日志和重新映射树,用于将随机访问介质上的原始目的地映射到一个或多个对应的 写入日志中的条目可以被维护和更新。 在时间段,检查点可能被写入写日志。 检查点可以包括描述写入日志的条目的信息。 一个或多个检查点可用于在脏关闭后至少部分恢复写入日志。 在发生多个条件之一时,写入日志的条目可以被排放到相应的原始目的地。
-
公开(公告)号:US20100082550A1
公开(公告)日:2010-04-01
申请号:US12234411
申请日:2008-09-19
申请人: Shi Cong , Scott Brender , Karan Mehra , Darren G. Moss , William R. Tipton , Surendra Verma
发明人: Shi Cong , Scott Brender , Karan Mehra , Darren G. Moss , William R. Tipton , Surendra Verma
CPC分类号: G06F12/121 , G06F3/0611 , G06F3/0656 , G06F3/0673 , G06F11/1435 , G06F11/1471 , G06F12/0638 , G06F2212/2022 , G06F2212/205 , G06F2212/221 , G06F2212/2228 , G11C7/1006
摘要: A method and a processing device are provided for sequentially aggregating data to a write log included in a volume of a random-access medium. When data of a received write request is determined to be suitable for sequentially aggregating to a write log, the data may be written to the write log and a remapping tree, for mapping originally intended destinations on the random-access medium to one or more corresponding entries in the write log, may be maintained and updated. At time periods, a checkpoint may be written to the write log. The checkpoint may include information describing entries of the write log. One or more of the checkpoints may be used to recover the write log, at least partially, after a dirty shutdown. Entries of the write log may be drained to respective originally intended destinations upon an occurrence of one of a number of conditions.
摘要翻译: 提供了一种方法和处理装置,用于将数据顺序地聚合到包括在随机存取介质的卷中的写入日志。 当接收到的写入请求的数据被确定为适合于顺序聚合到写入日志时,数据可被写入写入日志和重新映射树,用于将随机访问介质上的原始目的地映射到一个或多个相应的 写入日志中的条目可以被维护和更新。 在时间段,检查点可能被写入写日志。 检查点可以包括描述写入日志的条目的信息。 一个或多个检查点可用于在脏关闭后至少部分恢复写入日志。 在发生多个条件之一时,写入日志的条目可以被排放到相应的原始目的地。
-
-
-
-
-
-
-
-
-
搜索结果
10 条记录 (耗时 0.188 秒)
