公开(公告)号：US20240354413A1

公开(公告)日：2024-10-24

申请号：US18757995

申请日：2024-06-28

申请人： MICRO FOCUS LLC

发明人： Douglas M. Grover ,  Duane F. Buss ,  Michael F. Angelo

IPC分类号： G06F21/56 ,  G06F21/52 ,  G06F21/55 ,  G06N20/00

CPC分类号： G06F21/566 ,  G06F21/554 ,  G06N20/00 ,  G06F21/52 ,  G06F21/552 ,  G06F2221/033

摘要： Embodiments provide for detecting viruses and other malware in executing process threads based on thread patterns. According to one embodiment, detecting previously unknown malware associated with process threads can comprise capturing context information for each thread of a plurality of threads executing on a processor. The context information can define a thread pattern for the thread. The thread pattern for each thread can be compared to stored information defining one or more known patterns for thread execution based on previous execution of one or more threads. A thread pattern variation can be detected when the thread pattern for one or more threads does not match the stored information defining the known thread patterns. A determination can be made as to whether the detected thread pattern variation indicates presence of malware and actions can be performed based on determining the detected thread pattern variation indicates the presence of malware.

公开(公告)号：US20240330433A1

公开(公告)日：2024-10-03

申请号：US18128485

申请日：2023-03-30

申请人： Oracle International Corporation

发明人： Rajeev Agrawal

IPC分类号： G06F21/52 ,  G06Q10/0631

CPC分类号： G06F21/52 ,  G06Q10/06311 ,  G06F2221/033

摘要： Systems and methods for automated validation of application stacks are described herein. A method for automated validation of application stacks can include receiving identification of a stack for validation at a publication service system from a customer tenancy in a cloud computing environment. The stack can include an associated stack identifier. The method can include retrieving with the publication service system job information from the customer tenancy relevant to the stack and determining validation status of the stack based on the retrieved job information. The method can include designating the stack as a valid stack when it is determined that the stack is valid.

公开(公告)号：US20240329844A1

公开(公告)日：2024-10-03

申请号：US18741701

申请日：2024-06-12

申请人： Microsoft Technology Licensing, LLC

发明人： David Thomas CHISNALL ,  Hongyan XIA ,  Nathaniel Wesley FILARDO ,  Robert McNeill NORTON-WRIGHT

IPC分类号： G06F3/06 ,  G06F9/38 ,  G06F12/14 ,  G06F21/52

CPC分类号： G06F3/0611 ,  G06F3/0629 ,  G06F3/0673 ,  G06F9/3867 ,  G06F12/145 ,  G06F21/52 ,  G06F2212/1032 ,  G06F2212/1052

摘要： A hardware revocation engine for invalidating a pointer, that refers to a deallocated object, from memory in a memory constrained system. The hardware revocation engine has a revocation pipeline coupled to a pipeline of a main processor of the memory constrained system. The revocation pipeline shares access to memory with the main pipeline, the revocation pipeline comprising at least a first stage and a subsequent second stage. In a first cycle of the revocation pipeline, the first stage of the revocation pipeline loads a first pointer-sized value from the memory. In a second cycle: the second stage checks whether the first loaded pointer-sized value is a pointer referring to deallocated memory. In a third cycle: in response to the outcome of the check indicating that the first loaded pointer-sized value is a pointer referring to deallocated memory, the first stage invalidates the first pointer-sized value.

公开(公告)号：US12093959B2

公开(公告)日：2024-09-17

申请号：US15806368

申请日：2017-11-08

申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION

发明人： Boas Betzler ,  Petra S. Buehrer ,  Tim U. Scheideler ,  Matthias Seul

IPC分类号： G06Q20/40 ,  G06F21/52 ,  G06F21/62 ,  G06Q20/02 ,  H04L9/40

CPC分类号： G06Q20/4016 ,  G06F21/52 ,  G06F21/6254 ,  G06Q20/02 ,  G06Q20/4014 ,  H04L63/1408

摘要： Methods, computer program products, and systems are presented. The methods include customer specific information exchange and an adjustment of the privacy level of this information. For this purpose an abstraction layer and an obfuscation module are introduced. Using a “fraud vector” a risk assessment is performed on the obfuscated transaction data.

公开(公告)号：US12093385B2

公开(公告)日：2024-09-17

申请号：US17646555

申请日：2021-12-30

申请人： Virsec Systems, Inc.

发明人： Satya V. Gupta

IPC分类号： G06F21/56 ,  G06F21/52 ,  G06F21/64

CPC分类号： G06F21/565 ,  G06F21/52 ,  G06F21/64 ,  G06F2221/033

摘要： Embodiments provide improved functionality to monitor processes. One such embodiment is directed to a system that includes a centralized database storing approved file signatures. The system also includes a processor that is configured, in response to a user request to run an executable file, to suspend a process implementing execution of the executable file. In turn, the processor determines a signature of the executable file and compares the determined signature of the executable file to the approved file signatures stored in the centralized database. Then, the processor maintains or stops suspension of the process based on the comparison. In an embodiment, the processor stops suspension if the signatures match and takes a protection action if the signatures do not match.

公开(公告)号：US12086293B2

公开(公告)日：2024-09-10

申请号：US18332202

申请日：2023-06-09

申请人： TEXAS INSTRUMENTS INCORPORATED

发明人： Gregory R. Conti

IPC分类号： G06F21/74 ,  G06F1/24 ,  G06F1/3287 ,  G06F21/52 ,  G06F21/53 ,  G06F21/56 ,  G06F21/81 ,  H04L9/40

CPC分类号： G06F21/74 ,  G06F1/24 ,  G06F1/3287 ,  G06F21/52 ,  G06F21/53 ,  G06F21/567 ,  G06F21/81 ,  G06F2221/034 ,  G06F2221/2101 ,  G06F2221/2105 ,  G06F2221/2111 ,  G06F2221/2113 ,  G06F2221/2115 ,  G06F2221/2119 ,  G06F2221/2141 ,  G06F2221/2149 ,  G06F2221/2153 ,  H04L63/105 ,  H04L2463/102

摘要： Disclosed embodiments relate to a system having a processor adapted to activate multiple security levels for the system and a monitoring device coupled to the processor and employing security rules pertaining to the multiple security levels. The monitoring device restricts usage of the system if the processor activates the security levels in a sequence contrary to the security rules.

公开(公告)号：US12086237B2

公开(公告)日：2024-09-10

申请号：US17557643

申请日：2021-12-21

申请人： Microsoft Technology Licensing, LLC

发明人： Haim Cohen ,  Graham John Harper ,  Mehmet Iyigun ,  Kenneth D. Johnson

IPC分类号： G06F21/51 ,  G06F21/31 ,  G06F21/52 ,  G06F21/53 ,  G06F21/54 ,  G06F21/57 ,  G06F21/64 ,  G06F21/79

CPC分类号： G06F21/54 ,  G06F21/31 ,  G06F21/64 ,  G06F21/79

摘要： Securely redirecting a system service routine via a provider service table. A service call provider is loaded within an operating system executing in a lower trust security zone. The service call provider comprises metadata indicating a system service routine to be redirected to the service call provider. Based on the metadata, a provider service table is built within a higher trust security zone. The service table redirects the system service routine to the service call provider. Memory page(s) associated with the provider service table are hardware protected, and a read-only view is exposed to the operating system. The provider service table is associated with a user-mode process. A service call for a particular system service routine is received by the operation system from the user-mode process and, based on the provider service table being associated with the user-mode process, the service call is directed to the service call provider.

公开(公告)号：US20240296068A1

公开(公告)日：2024-09-05

申请号：US18657540

申请日：2024-05-07

申请人： NVIDIA Corporation

发明人： Ashutosh Tadkase ,  Ian Tramble ,  Akash Bellubbi ,  Suraj Das ,  Ranvijay Singh ,  Linda Xiong ,  John Lore ,  Albert Davies ,  Ian Howson ,  Peter Boonstoppel ,  Sai Gurrappadi ,  Pulkit Desai ,  Sever Topan ,  Sharat Janapareddy ,  Ashkan Vafaee ,  Michael Cox

IPC分类号： G06F9/48 ,  G06F9/30 ,  G06F9/38 ,  G06F9/50 ,  G06F9/54 ,  G06F11/07 ,  G06F21/52

CPC分类号： G06F9/4881 ,  G06F9/30087 ,  G06F9/3836 ,  G06F9/485 ,  G06F9/5055 ,  G06F9/5083 ,  G06F9/544 ,  G06F11/0721 ,  G06F11/0757 ,  G06F21/52 ,  G06F2221/2151

摘要： One or more embodiments of the present disclosure relate to switching between execution schedules related to execution of tasks, or runnables, by multiple compute engines. The execution schedules includes respective sets of commands that dictate timing and order of execution, by the compute engines, of tasks, or runnables, corresponding to computing applications.

公开(公告)号：US20240281524A1

公开(公告)日：2024-08-22

申请号：US18649765

申请日：2024-04-29

申请人： McAfee, LLC

发明人： Jonathan L. Edwards ,  David McCormack ,  Leandro Ignacio Costantino ,  Manish Kumar

IPC分类号： G06F21/55 ,  G06F21/52

CPC分类号： G06F21/552 ,  G06F21/52 ,  G06F2221/033

摘要： There is disclosed herein a computer-implemented system and method of remediating malicious events on a computing apparatus, including identifying a plurality of events on the computing apparatus that together accomplish malicious work and that were caused by a single parent actor; designating the single parent actor as a fileless attack; and taking a remedial action against the single parent actor.

公开(公告)号：US20240273181A1

公开(公告)日：2024-08-15

申请号：US18646114

申请日：2024-04-25

申请人： Cisco Technology, Inc.

发明人： Ashutosh Kulshreshtha ,  Andy Sloane ,  Hiral Shashikant Patel ,  Uday Krishnaswamy Chettiar ,  Oliver Kempe ,  Bharathwaj Sankara Viswanathan ,  Navindra Yadav

IPC分类号： G06F21/52 ,  G06F18/214 ,  G06F21/51 ,  G06F21/57 ,  G06N20/00

CPC分类号： G06F21/52 ,  G06F18/214 ,  G06F21/51 ,  G06F21/577 ,  G06N20/00

摘要： The present disclosure provides systems, methods, and computer-readable media for implementing security polices at software call stack level. In one example, a method includes generating a call stack classification scheme for an application, detecting a call stack during deployment of the application; using the call stack classification scheme during runtime of the application, classifying the detected call stack as one of an authorized call stack or an unauthorized call stack to yield a classification; and applying a security policy based on the classification.