公开(公告)号：US09389839B2

公开(公告)日：2016-07-12

申请号：US12146935

申请日：2008-06-26

申请人： Vladimir Lifliand ,  Evgeney Ryzhyk ,  Yifat Sagiv ,  Maxim Uritsky

发明人： Vladimir Lifliand ,  Evgeney Ryzhyk ,  Yifat Sagiv ,  Maxim Uritsky

IPC分类号： G06F9/45 ,  H04L29/06

CPC分类号： H04L63/1416 ,  G06F8/41

摘要： Described is a technology by which a signature used by network traffic intrusion prevention/detection systems includes logic that helps a prevention/detection engine detect that signature. A signature to detect is compiled into executable logic that is executed to communicate with an engine that evaluates network traffic. The signature logic provides an expression set (such as group of regular expressions) for the engine to match against a token corresponding to the network traffic. When matched, the engine notifies the logic and receives a further expression set to match, or a communication indicative that that the signature was detected. The signature thus directs the analysis, facilitating a lightweight, generic engine. Safety of the signature logic is described as being accomplished through layers, including by publisher signing, and by compilation and execution (e.g., interpretation) in safe environments.

摘要翻译： 描述了由网络流量入侵防御/检测系统使用的签名的技术包括有助于预防/检测引擎检测该签名的逻辑。 要检测的签名被编译成可执行逻辑，该可执行逻辑被执行以与评估网络流量的引擎进行通信。 签名逻辑提供一个表达式集合（如一组正则表达式），用于引擎匹配与网络流量对应的令牌。 当匹配时，引擎通知逻辑并接收另一表达式以匹配，或指示检测到签名的通信。 因此，该签名指导了分析，便于轻量级的通用引擎。 签名逻辑的安全性被描述为通过层次完成，包括通过发布者签名，以及在安全环境中的编译和执行（例如，解释）。

公开(公告)号：US20090328011A1

公开(公告)日：2009-12-31

申请号：US12146935

申请日：2008-06-26

申请人： Vladimir Lifliand ,  Evgeney Ryzhyk ,  Yifat Sagiv ,  Maxim Uritsky

发明人： Vladimir Lifliand ,  Evgeney Ryzhyk ,  Yifat Sagiv ,  Maxim Uritsky

IPC分类号： G06F21/00 ,  G06F9/45

CPC分类号： H04L63/1416 ,  G06F8/41

摘要： Described is a technology by which a signature used by network traffic intrusion prevention/detection systems includes logic that helps a prevention/detection engine detect that signature. A signature to detect is compiled into executable logic that is executed to communicate with an engine that evaluates network traffic. The signature logic provides an expression set (such as group of regular expressions) for the engine to match against a token corresponding to the network traffic. When matched, the engine notifies the logic and receives a further expression set to match, or a communication indicative that that the signature was detected. The signature thus directs the analysis, facilitating a lightweight, generic engine. Safety of the signature logic is described as being accomplished through layers, including by publisher signing, and by compilation and execution (e.g., interpretation) in safe environments.

摘要翻译： 描述了由网络流量入侵防御/检测系统使用的签名的技术包括有助于预防/检测引擎检测该签名的逻辑。 要检测的签名被编译成可执行逻辑，该可执行逻辑被执行以与评估网络流量的引擎进行通信。 签名逻辑提供一个表达式集合（如一组正则表达式），用于引擎匹配与网络流量对应的令牌。 当匹配时，引擎通知逻辑并接收另一表达式以匹配，或指示检测到签名的通信。 因此，该签名指导了分析，便于轻量级的通用引擎。 签名逻辑的安全性被描述为通过层次完成，包括通过发布者签名，以及在安全环境中的编译和执行（例如，解释）。

公开(公告)号：US20070101131A1

公开(公告)日：2007-05-03

申请号：US11265265

申请日：2005-11-01

申请人： Ivan Davtchev ,  Karan Dhillon ,  Nir Zvi ,  Aaron Goldsmid ,  Ping Xie ,  Yifat Sagiv

发明人： Ivan Davtchev ,  Karan Dhillon ,  Nir Zvi ,  Aaron Goldsmid ,  Ping Xie ,  Yifat Sagiv

IPC分类号： H04L9/00

CPC分类号： G06F21/64

摘要： A security flag stored in a trusted store is utilized to determine if the trusted store has been subjected to tampering. The security flag is indicative of a globally unique identifier (GUID), the version of the trusted store, and a counter. The security flag is created when the trusted store is created. Each time a critical event occurs, the security flag is updated to indicate the occurrence thereof. The security flag also is stored in a write-once portion of the system registry. At appropriate times, the security flag stored in the trusted store is compared with the corresponding security flag stored in the write-once registry. If the security flags match within a predetermined tolerance, it is determined that the trusted store has not been subjected to tampering. If the security flags do not match, or if a security flag is missing, it is determined that the trusted store has been subjected to tampering.

摘要翻译： 使用存储在可信存储中的安全标志来确定可信存储是否已经被篡改。 安全标志指示全局唯一标识符（GUID），可信存储的版本和计数器。 创建可信存储时创建安全标志。 每当发生紧急事件时，安全标志被更新以指示其发生。 安全标志也存储在系统注册表的一次写入部分中。 在适当的时间，将存储在可信存储中的安全标志与存储在一次写入注册表中的对应的安全标志进行比较。 如果安全标志在预定公差内匹配，则确定可信存储没有遭受篡改。 如果安全标志不匹配，或者如果安全标志丢失，则确定可信存储已经受到篡改。

公开(公告)号：US07076544B2

公开(公告)日：2006-07-11

申请号：US10104679

申请日：2002-04-08

申请人： Ariel Katz ,  Yifat Sagiv ,  Guy Friedel ,  David E. Heckerman ,  John R. Douceur ,  Joshua Goodman

发明人： Ariel Katz ,  Yifat Sagiv ,  Guy Friedel ,  David E. Heckerman ,  John R. Douceur ,  Joshua Goodman

IPC分类号： G06F15/173 ,  G06F12/16 ,  G06F15/16

CPC分类号： H04L67/2819 ,  H04L29/06 ,  H04L67/2852 ,  H04L67/2876 ,  H04L69/329

摘要： A streaming media caching mechanism and cache manager efficiently establish and maintain the contents of a streaming media cache for use in serving streaming media requests from cache rather than from an original data source when appropriate. The cost of caching is incurred only when the benefits of caching are likely to be experienced. The caching mechanism and cache manager evaluate the request count for each requested URL to determine whether the URL represents a cache candidate, and further analyze the URL request rate to determine whether the content associated with the URL will be cached. In an embodiment, the streaming media cache is maintained with a predetermined amount of reserve capacity rather than being filled to capacity whenever possible.