-
1.发明授权公开(公告)号:US08914324B1
公开(公告)日:2014-12-16
申请号:US12580785
申请日:2009-10-16
申请人: Fanglu Guo , Weibao Wu , Tzi-cker Chiueh , Petros Efstathopoulos
发明人: Fanglu Guo , Weibao Wu , Tzi-cker Chiueh , Petros Efstathopoulos
IPC分类号: G06F17/30
CPC分类号: G06F11/1453 , G06F17/30156
摘要: A system and method for backing up files to a single-instance storage system are disclosed. The files may be split into segments, and the file data may be stored in the single-instance storage system as individual segments. The single-instance storage system uses the concept of a file region which covers multiple segments of the file. If a region of a file is unchanged from one backup to the next, the system may use a region object to refer to the unchanged region. This avoids the need to update the reference information for each of the segments within the region, thus increasing the efficiency of backing up the new version of the file.
摘要翻译: 公开了将文件备份到单实例存储系统的系统和方法。 文件可以被分割成段,并且文件数据可以作为单个段存储在单实例存储系统中。 单实例存储系统使用涵盖文件多个段的文件区域的概念。 如果文件的一个区域从一个备份到下一个备份不变,则系统可以使用区域对象来引用未更改的区域。 这避免了需要更新区域内每个段的参考信息,从而提高了备份新版本文件的效率。
-
公开(公告)号:US09483469B1
公开(公告)日:2016-11-01
申请号:US12495141
申请日:2009-06-30
CPC分类号: G06F17/30005 , G06F3/0611 , G06F3/0643 , G06F3/0659 , G06F3/0671
摘要: Techniques for optimizing disk access are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system for optimizing disk access comprising a module for reading files in a filesystem, the files comprising one or more file fragments, a module for determining a relative location of the one or more file fragments on a disk, a module for sorting an index of the one or more file fragments on the disk in one or more fragment tables according to the relative location of the one or more file fragments on the disk, a module for reading the one or more file fragments from the disk, a module for assembling one or more of the files from the one or more file fragments.
摘要翻译: 公开了优化磁盘访问的技术。 在一个特定的示例性实施例中,技术可以被实现为用于优化磁盘访问的系统,其包括用于读取文件系统中的文件的模块,包括一个或多个文件片段的文件,用于确定一个或多个文件的相对位置的模块 磁盘上的片段,用于根据磁盘上的一个或多个文件片段的相对位置对一个或多个片段表中的一个或多个片段上的一个或多个文件片段的索引进行排序的模块,用于读取该片段的模块或 来自磁盘的更多文件片段,用于从一个或多个文件片段组装一个或多个文件的模块。
-
3.发明授权Enforcing the execution exception to prevent packers from evading the scanning of dynamically created code 有权执行执行异常以防止打包者逃避对动态创建代码的扫描公开(公告)号:US08510828B1
公开(公告)日:2013-08-13
申请号:US11967529
申请日:2007-12-31
申请人: Fanglu Guo , Tzi-cker Chiueh
发明人: Fanglu Guo , Tzi-cker Chiueh
IPC分类号: H04L29/06
CPC分类号: G06F21/566
摘要: To detect possible malicious code that is unpacked at runtime before it is executed, antivirus software requires that any dynamically created code be scanned before it can be executed by a host computer system. This requirement may be enforced by requiring memory pages to be either executable or writable, but not both. Before changing from writable but not executable to executable but not writable, the page is scanned for malicious code. To prevent packers from evading this scanning, the software may enforce the execution exception to prevent packers from changing whether a page is executable and thereby evading the scanning of dynamically created code. The software may also include exception handlers to allow a program to write to a page that contains the code being executed, but also limit such an operation (e.g., to a single step) to avoid evasion of the antivirus software.
摘要翻译: 为了检测在执行之前在运行时解包的恶意代码,防病毒软件要求在主机计算机系统执行之前扫描任何动态创建的代码。 该要求可以通过要求存储器页面是可执行的或可写的来实现的,但是不是两者都是可执行的。 在从可写但不可执行到可执行但不能写入之前,将扫描该页面以查找恶意代码。 为了防止封隔器回避此扫描,软件可能会执行执行异常,以防止打包程序更改页面是否可执行,从而避免扫描动态创建的代码。 该软件还可以包括允许程序写入包含正在执行的代码的页面的异常处理程序,而且还限制这样的操作(例如,到一个步骤)以避免逃避防病毒软件。
-
4.发明授权Automated unpacking of executables packed by multiple layers of arbitrary packers 有权自动打包由多层任意打包机打包的可执行文件公开(公告)号:US07996904B1
公开(公告)日:2011-08-09
申请号:US11960426
申请日:2007-12-19
申请人: Tzi-cker Chiueh , Fanglu Guo
发明人: Tzi-cker Chiueh , Fanglu Guo
IPC分类号: G06F11/00
CPC分类号: G06F21/566
摘要: The packing manager provides an automated method that allows existing AV scanning technology to be applied to detect known malware samples packed by one or more packers that are potentially proprietary. The packing manager tracks the memory areas to which an executable binary writes and executes, and so can unpack programs packed by multiple arbitrary packers without requiring reverse-engineering of the packers or any human intervention. By tracking page modification and execution of an executable binary at run time, the packing control module can detect the instant at which the program's control is first transferred to a page whose content is dynamically generated, so AV scanning can then be invoked. Thus, code cannot be executed under the packing control manager without being scanned by an AV scanner first.
摘要翻译: 包装经理提供了一种自动化方法,允许现有的AV扫描技术应用于检测由一个或多个潜在专有的打包机打包的已知恶意软件样本。 打包管理器跟踪可执行二进制程序写入和执行的内存区域,因此可以打开由多个任意打包程序打包的程序,而不需要对打包程序进行逆向工程或任何人为干预。 通过在运行时跟踪页面修改和执行可执行二进制文件,打包控制模块可以检测到程序的控制首先被传送到动态生成其内容的页面的时刻,因此可以调用AV扫描。 因此,代码不能在打包控制管理器下执行,而不必首先被AV扫描仪扫描。
-
5.发明授权Insertion and invocation of virtual appliance agents through exception handling regions of virtual machines 有权通过虚拟机的异常处理区域插入和调用虚拟设备代理公开(公告)号:US08225317B1
公开(公告)日:2012-07-17
申请号:US12477810
申请日:2009-06-03
申请人: Tzi-cker Chiueh , Matthew Conover
发明人: Tzi-cker Chiueh , Matthew Conover
CPC分类号: G06F9/455
摘要: A method for inserting an agent of a virtual appliance into a virtual machine. The method may include inserting, into an exception handler memory location of a virtual machine, one or more computer-executable instructions configured to facilitate transfer of control from the virtual machine to an agent-insertion module. The method may also include triggering an exception during execution of the virtual machine to cause the one or more computer-executable instructions in the exception handler memory location to be executed. The method may further include obtaining control from the virtual machine after the at least one computer-executable instruction executes. The method may include inserting the agent of the virtual appliance into the virtual machine. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译: 一种将虚拟设备的代理插入到虚拟机中的方法。 该方法可以包括将虚拟机的异常处理程序存储器位置插入到一个或多个计算机可执行指令中,该指令被配置为便于将控制从虚拟机传送到代理插入模块。 该方法还可以包括在执行虚拟机期间触发异常以使执行异常处理程序存储器位置中的一个或多个计算机可执行指令。 所述方法还可以包括在所述至少一个计算机可执行指令执行之后从所述虚拟机获得控制。 该方法可以包括将虚拟设备的代理插入到虚拟机中。 还公开了各种其它方法,系统和计算机可读介质。
-
6.发明授权Systems and methods for library function identification in automatic malware signature generation 有权用于自动恶意软件签名生成的库函数识别的系统和方法公开(公告)号:US08881287B1
公开(公告)日:2014-11-04
申请号:US12408277
申请日:2009-03-20
申请人: Kent Griffin , Xin Hu , Tzi-cker Chiueh , Scott Schneider
发明人: Kent Griffin , Xin Hu , Tzi-cker Chiueh , Scott Schneider
IPC分类号: G06F11/00
CPC分类号: G06F21/564 , H04L63/145
摘要: A computer-implemented method for facilitating automatic malware signature generation may comprise disassembling a malware program, identifying one or more byte sequences within the disassembled malware program that have a likelihood of being representative of one or more library functions contained within the malware program, and preventing the one or more byte sequences from being included within one or more malware signatures. Corresponding systems and computer-readable storage media are also disclosed.
摘要翻译: 用于促进自动恶意软件签名生成的计算机实现的方法可以包括拆卸恶意软件程序,识别反汇编的恶意软件程序中可能代表包含在恶意软件程序中的一个或多个库功能的可能性的一个或多个字节序列,并且防止 一个或多个字节序列被包括在一个或多个恶意软件签名内。 还公开了相应的系统和计算机可读存储介质。
-
公开(公告)号:US08239948B1
公开(公告)日:2012-08-07
申请号:US12340420
申请日:2008-12-19
申请人: Kent E. Griffin , Tzi-cker Chiueh , Scott Schneider , Xin Hu
发明人: Kent E. Griffin , Tzi-cker Chiueh , Scott Schneider , Xin Hu
IPC分类号: G06F11/00
CPC分类号: H04L63/1416 , G06F21/564 , G06F21/577 , H04L63/1433
摘要: A set of candidate signatures for a malicious software (malware) is generated. The candidate signatures in the set are scored based on features that indicate the signatures are more unique and thus less likely to generically occur non-malicious programs. A malware signature for the malware entity is selected from among the candidate malware signatures based on the scores. The selected malware signature is stored.
摘要翻译: 生成一组恶意软件(恶意软件)的候选签名。 基于表示签名更加独特,因此不太可能普遍发生非恶意程序的特征,对该集合中的候选签名进行评分。 基于分数从候选恶意软件签名中选择恶意软件实体的恶意软件签名。 所选的恶意软件签名被存储。
-
8.发明授权Systems and methods for recording behavioral information of an unverified component 有权用于记录未验证组件的行为信息的系统和方法公开(公告)号:US08065567B1
公开(公告)日:2011-11-22
申请号:US12397009
申请日:2009-03-03
申请人: Matthew Conover , Tzi-cker Chiueh
发明人: Matthew Conover , Tzi-cker Chiueh
IPC分类号: G06F21/00
CPC分类号: G06F21/566 , G06F21/577
摘要: A computer-implemented method for recording behavioral information of an unverified component is described. Interactions between a first process and an unverified component loaded in the first process are monitored. A fault is detected from the monitored interactions. Information associated with an event is sent to a proxy module loaded in a second process. The execution of the event in the second process is verified. Information associated with the behavior of the unverified component during the execution of the event is recorded.
摘要翻译: 描述用于记录未验证组件的行为信息的计算机实现的方法。 监视第一进程和加载在第一进程中的未验证组件之间的交互。 从监控的交互中检测到故障。 与事件相关联的信息被发送到在第二进程中加载的代理模块。 验证第二个进程中事件的执行。 记录在执行事件期间与未验证组件的行为相关联的信息。
-
9.发明授权Buffer overflow vulnerability detection and patch generation system and method 有权缓冲区溢出漏洞检测和补丁生成系统及方法公开(公告)号:US08037529B1
公开(公告)日:2011-10-11
申请号:US12051441
申请日:2008-03-19
申请人: Tzi-cker Chiueh , Kent “E” Griffin
发明人: Tzi-cker Chiueh , Kent “E” Griffin
CPC分类号: G06F11/3604 , G06F21/577
摘要: A computer-implemented method includes identifying a buffer overflow vulnerability in a vulnerable program including identifying a victim buffer creation site that created a victim buffer and identifying a vulnerability site that overflowed the victim buffer. A patch is created for the vulnerable program to prevent the vulnerability site from overflowing a potential victim buffer created by the victim buffer creation site. In this manner, the information obtained in identifying the buffer overflow vulnerability is used to automatically derive a patch that accurately seals the vulnerability, greatly reduces the false positive and negative rate, while at the same time shortens the response time to new threats.
摘要翻译: 计算机实现的方法包括识别脆弱程序中的缓冲区溢出漏洞,包括识别创建受害缓冲区的受害缓冲区创建站点,并识别溢出受害缓冲区的漏洞站点。 为易受攻击的程序创建修补程序,以防止漏洞站点溢出由受害缓冲区创建站点创建的潜在的受害者缓冲区。 以这种方式,在识别缓冲区溢出漏洞中获得的信息被用于自动导出准确地密封漏洞的补丁,大大减少了错误的正负率,同时缩短了对新威胁的响应时间。
-
公开(公告)号:US08880784B2
公开(公告)日:2014-11-04
申请号:US13512783
申请日:2010-05-18
申请人: Tzi-cker Chiueh , Maohua Lu , Pi-Yuan Cheng , Goutham Meruva
发明人: Tzi-cker Chiueh , Maohua Lu , Pi-Yuan Cheng , Goutham Meruva
CPC分类号: G06F12/0246 , G06F2212/1016 , G06F2212/7201 , G06F2212/7202 , G06F2212/7203 , G06F2212/7205
摘要: Disclosed is a method for managing logical block write requests for a flash drive. The method includes receiving a logical block write request from a file system; assigning a category to the logical block; and generating at least three writes from the logical block write request, a first write writes the logical block to an Erasure Unit (EU) according to the category assigned to each logical block, a second write inserts a Block Mapping Table (BMT) update entry to a BMT update log, and a third write commits the BMT update entry to an on-disk BMT, wherein the first and second writes are performed synchronously and the third write is performed asynchronously and in a batched fashion.
摘要翻译: 公开了一种用于管理闪存驱动器的逻辑块写入请求的方法。 该方法包括从文件系统接收逻辑块写入请求; 将类别分配给逻辑块; 并且从逻辑块写入请求产生至少三次写入,第一次写入根据分配给每个逻辑块的类别将逻辑块写入擦除单元(EU),第二次写入插入块映射表(BMT)更新条目 到BMT更新日志,并且第三次写入将BMT更新条目提交到磁盘BMT,其中第一和第二写入被同步地执行,并且以批量方式异步地执行第三写入。
-
-
-
-
-
-
-
-
-
搜索结果
21 条记录 (耗时 0.026 秒)
