专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20100192026A1 IMPLEMENTATIONS OF PROGRAM RUNTIME CHECKS 审中-公开
标题翻译：方案运行检查的执行情况
公开(公告)号：US20100192026A1
公开(公告)日：2010-07-29
申请号：US12360259
申请日：2009-01-27
申请人： Martin Abadi , Ulfar Erlingsson , Daniel Luchaup , Marcus Peinado
发明人： Martin Abadi , Ulfar Erlingsson , Daniel Luchaup , Marcus Peinado
IPC分类号： G06F11/08
CPC分类号： G06F11/08
摘要： Runtime checks on a program may be used to determine whether a pointer points to a legitimate target before the pointer is dereferenced. Legitimate addresses, such as address-taken local variables (ATLVs), global variables, heap locations, functions, etc., are tracked, so that the legitimate targets of pointers are known. The program may be transformed so that, prior to dereferencing a pointer, the pointer is checked to ensure that it points to a legitimate address. If the pointer points to a legitimate address, then the dereferencing may proceed. Otherwise, an error routine may be invoked. One example way to keep track of legitimate addresses is to group address-taken variables together within a specific range or ranges of memory addresses, and to check that a pointer has a value within that range prior to dereferencing the pointer. However, addresses may be tracked in other ways.
摘要翻译：在指针取消引用之前，可以使用对程序的运行时检查来确定指针是否指向合法目标。跟踪合法的地址，例如地址采取的局部变量（ATLV），全局变量，堆位置，函数等，以便指针的合法目标是已知的。程序可以被转换，使得在取消引用指针之前，检查指针以确保它指向合法的地址。如果指针指向合法的地址，则可以进行取消引用。否则，可以调用错误例程。跟踪合法地址的一个示例方法是将地址采集的变量组合在一个特定的存储器地址范围或范围内，并在取消引用指针之前检查指针是否具有该范围内的值。但是，地址可以以其他方式跟踪。

2. 发明授权

US09916439B2 Securing a computing environment against malicious entities 有权
公开(公告)号：US09916439B2
公开(公告)日：2018-03-13
申请号：US13427342
申请日：2012-03-22
申请人： Mariusz H. Jakubowski , Marcus Peinado
发明人： Mariusz H. Jakubowski , Marcus Peinado
IPC分类号： G06F21/00 , G06F21/53
CPC分类号： G06F21/53
摘要： The subject disclosure is directed towards securing network data traffic through a trusted partition of the computing environment. A proxy service may communicate transaction data from a client to security-critical code within the trusted partition, which compares the transaction data to a security policy from a commercial electronic entity. If the transaction data includes malicious content, a security component framework of the trusted partition may reject the transaction data and terminate communications with the client. If the transaction data does not include malicious content, the security component framework may communicate a secured version of the transaction data and retrieve response data from the commercial electronic entity, which may be further communicated back to the client.

3. 发明授权

US09425965B2 Cryptographic certification of secure hosted execution environments 有权
标题翻译：安全托管执行环境的加密认证
公开(公告)号：US09425965B2
公开(公告)日：2016-08-23
申请号：US13372390
申请日：2012-02-13
申请人： Andrew A. Baumann , Galen C. Hunt , Marcus Peinado
发明人： Andrew A. Baumann , Galen C. Hunt , Marcus Peinado
IPC分类号： G06F21/00 , H04L9/32 , G06F21/57
CPC分类号： H04L9/3263 , G06F21/577 , G06F2221/034
摘要： Implementations for providing a persistent secure execution environment with a hosted computer are described. A host operating system of a computing system provides an encrypted checkpoint to a persistence module that executes in a secure execution environment of a hardware-protected memory area initialized by a security-enabled processor. The encrypted checkpoint is derived at least partly from another secure execution environment that is cryptographically certifiable as including another hardware-protected memory area established in an activation state to refrain from executing software not trusted by the client system.
摘要翻译：描述了用托管计算机提供持久的安全执行环境的实现。计算系统的主机操作系统向在由安全启用的处理器初始化的硬件保护的存储器区域的安全执行环境中执行的持久性模块提供加密的检查点。加密的检查点至少部分地从另一个安全执行环境导出，该安全执行环境被加密地认证为包括在激活状态下建立的另一硬件保护的存储器区域以避免执行不被客户机系统信任的软件。

4. 发明授权

US09413538B2 Cryptographic certification of secure hosted execution environments 有权
标题翻译：安全托管执行环境的加密认证
公开(公告)号：US09413538B2
公开(公告)日：2016-08-09
申请号：US13323465
申请日：2011-12-12
申请人： Andrew A. Baumann , Galen C. Hunt , Marcus Peinado
发明人： Andrew A. Baumann , Galen C. Hunt , Marcus Peinado
IPC分类号： H04L9/32 , G06F21/57
CPC分类号： H04L9/3263 , G06F21/577 , G06F2221/034
摘要： Implementations for providing a secure execution environment with a hosted computer are described. A security-enabled processor establishes a hardware-protected memory area with an activation state that executes only software identified by a client system. The hardware-protected memory area is inaccessible by code that executes outside the hardware-protected memory area. A certification is transmitted to the client system to indicate that the secure execution environment is established, in its activation state, with only the software identified by the request.
摘要翻译：描述了用托管计算机提供安全执行环境的实现。支持安全性的处理器建立具有仅执行由客户端系统识别的软件的激活状态的硬件保护的存储器区域。由硬件保护的存储区域外部执行的代码无法访问硬件保护的存储器区域。将证书发送到客户端系统，以指示安全执行环境在其激活状态下仅由请求识别的软件建立。

5. 发明授权

US09329845B2 Determining target types for generic pointers in source code 有权
标题翻译：确定源代码中通用指针的目标类型
公开(公告)号：US09329845B2
公开(公告)日：2016-05-03
申请号：US12477954
申请日：2009-06-04
申请人： Weidong Cui , Marcus Peinado
发明人： Weidong Cui , Marcus Peinado
IPC分类号： G06F9/45
CPC分类号： G06F8/434
摘要： A system described herein includes a receiver component that receives source code from a computer-readable medium of a computing device and a static analysis component that executes a points-to analysis algorithm over the source code to cause generation of a points-to graph, wherein the points-to graph is a directed graph that comprises a plurality of nodes and a plurality of edges, wherein nodes of the points-to graph represent pointers in the source code and edges represent inclusion relationships in the source code. The system also includes an inference component that infers target types for generic pointers in the source code based at least in part upon known type definitions and global variables in the source code.
摘要翻译：本文描述的系统包括从计算设备的计算机可读介质接收源代码的接收器组件和在源代码上执行点对分析算法以产生点对图的静态分析组件，其中点对图是包括多个节点和多个边缘的有向图，其中点对图的节点表示源代码中的指针，边缘表示源代码中的包含关系。该系统还包括至少部分地基于源代码中的已知类型定义和全局变量来推断源代码中的通用指针的目标类型的推理组件。

6. 发明授权

US09183406B2 Saving and retrieving data based on public key encryption 有权
标题翻译：基于公钥加密保存和检索数据
公开(公告)号：US09183406B2
公开(公告)日：2015-11-10
申请号：US13012573
申请日：2011-01-24
申请人： Paul England , Marcus Peinado
发明人： Paul England , Marcus Peinado
IPC分类号： G06F21/00 , G06F21/62
CPC分类号： G06F21/6218
摘要： In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows the data to be obtained from the ciphertext only if one or more conditions are satisfied. In accordance with another aspect, a bit string is received from a calling program. Data in the bit string is decrypted using public key decryption and returned to the calling program only if one or more conditions included in the bit string are satisfied.
摘要翻译：根据某些方面，从呼叫程序接收数据。使用公钥加密来生成包含数据的密文，只有满足一个或多个条件，才允许从密文获得数据。根据另一方面，从调用程序接收位串。使用公钥解密解密比特串中的数据，只有满足包含在比特串中的一个或多个条件时才返回给调用程序。

7. 发明授权

US08601286B2 Saving and retrieving data based on public key encryption 有权
标题翻译：基于公钥加密保存和检索数据
公开(公告)号：US08601286B2
公开(公告)日：2013-12-03
申请号：US13015440
申请日：2011-01-27
申请人： Paul England , Marcus Peinado
发明人： Paul England , Marcus Peinado
IPC分类号： G06F12/14
CPC分类号： G06F21/6218
摘要： In accordance with certain aspects, data is received and a digital signature is generated and output. The digital signature can be a digital signature of the data and one or more conditions that are to be satisfied in order for the data to be revealed, or a digital signature over data generated using a private key associated with a bound key that is bound to one or more processors.
摘要翻译：根据某些方面，接收数据并生成并输出数字签名。数字签名可以是数据的数字签名以及为了使数据被显示而被满足的一个或多个条件，或者使用与绑定的绑定密钥相关联的私有密钥生成的数据的数字签名一个或多个处理器。

8. 发明授权

US08352797B2 Software fault isolation using byte-granularity memory protection 有权
标题翻译：软件故障隔离采用字节度记忆保护
公开(公告)号：US08352797B2
公开(公告)日：2013-01-08
申请号：US12633326
申请日：2009-12-08
申请人： Richard John Black , Paul Barham , Manuel Costa , Marcus Peinado , Jean-Philippe Martin , Periklis Akritidis , Austin Donnelly , Miguel Castro
发明人： Richard John Black , Paul Barham , Manuel Costa , Marcus Peinado , Jean-Philippe Martin , Periklis Akritidis , Austin Donnelly , Miguel Castro
IPC分类号： G06F11/30
CPC分类号： G06F21/53 , G06F9/468 , G06F12/1483 , G06F21/54 , G06F21/57 , G06F2221/2141 , G06F2221/2149 , H04L63/101
摘要： Software fault isolation methods using byte-granularity memory protection are described. In an embodiment, untrusted drivers or other extensions to a software system are run in a separate domain from the host portion of the software system, but share the same address space as the host portion. Calls between domains are mediated using an interposition library and access control data is maintained for substantially each byte of relevant virtual address space. Instrumentation added to the untrusted extension at compile-time, before load-time, or at runtime and added by the interposition library enforces the isolation between domains, for example by adding access right checks before any writes or indirect calls and by redirecting function calls to call wrappers in the interposition library. The instrumentation also updates the access control data to grant and revoke access rights on a fine granularity according to the semantics of the operation being invoked.
摘要翻译：描述了使用字节粒度内存保护的软件故障隔离方法。在一个实施例中，软件系统的不受信任的驱动程序或其他扩展在与软件系统的主机部分分开的域中运行，但是与主机部分共享相同的地址空间。域之间的调用使用插入库进行调用，并且访问控制数据基本上维持相关虚拟地址空间的每个字节。在编译期间，在加载时间之前或在运行时添加到不可信扩展的仪器，在插入库中添加的仪器会强制实现域之间的隔离，例如在任何写入或间接调用之前添加访问权限检查，并通过将函数调用重定向到在插页库中调用包装器。仪器还会更新访问控制数据，根据正在调用的操作的语义，以精细粒度授予和撤销访问权限。

9. 发明授权

US07975117B2 Enforcing isolation among plural operating systems 有权
标题翻译：在多个操作系统之间实现隔离
公开(公告)号：US07975117B2
公开(公告)日：2011-07-05
申请号：US10741629
申请日：2003-12-19
申请人： Marcus Peinado , Paul England , Bryan Mark Willman , Yuqun Chen , Andrew John Thornton
发明人： Marcus Peinado , Paul England , Bryan Mark Willman , Yuqun Chen , Andrew John Thornton
IPC分类号： G06F13/00
CPC分类号： G06F21/78 , G06F12/1425 , G06F12/1483
摘要： Plural guest operating systems run on a computer, where a security kernel enforces a policy of isolation among the guest operating systems. An exclusion vector defines a set of pages that cannot be accessed by direct memory access (DMA) devices. The security kernel enforces an isolation policy by causing certain pages to be excluded from direct access. Thus, device drivers in guest operating systems are permitted to control DMA devices directly without virtualization of those devices, while each guest is prevented from using DMA devices to access pages that the guest is not permitted to access under the policy.
摘要翻译：多个客户机操作系统在计算机上运行，其中安全内核在客户机操作系统之间执行隔离策略。排除向量定义了一组不能被直接存储器访问（DMA）设备访问的页面。安全内核通过使某些页面被排除在直接访问之外来执行隔离策略。因此，允许来宾操作系统中的设备驱动程序直接控制DMA设备，而不会对这些设备进行虚拟化，同时阻止每个客户端使用DMA设备来访问访客不允许访问策略下的页面。

10. 发明授权

US07689791B2 Protection of content stored on portable memory from unauthorized usage 失效
标题翻译：保护存储在便携式存储器上的内容免于未经授权的使用
公开(公告)号：US07689791B2
公开(公告)日：2010-03-30
申请号：US11064348
申请日：2005-02-22
申请人： Marcus Peinado
发明人： Marcus Peinado
IPC分类号： G06F12/14
CPC分类号： G06F21/10
摘要： A device for securely recording protected content to a portable memory, and for reading the protected content therefrom. The device includes a feature that makes it adapted to read or write specially-configured portable memories that are incompatible with standard read/write devices. For example, the device may be designed to work with memories having an unusual shape or size, or may manipulate the data in a non-standard way before storing it on the memory. The read/write devices are trusted components that will only handle the protected content in accordance with rules governing the content. The feature included in the device is preferably a proprietary and/or hardware feature, so that counterfeit devices incorporating the feature cannot be built without overcoming economic and/or legal hurdles. Because of the hurdles to building devices compatible with the specially-configured portable memory, protected content can be transferred to such a memory with reasonable assurance that the content will not be widely copied.
摘要翻译：一种用于将受保护内容安全地记录到便携式存储器并用于从其读取受保护内容的装置。该设备包括一个功能，使其适合于读取或写入与标准读/写设备不兼容的特殊配置的便携式存储器。例如，设备可以被设计为与具有不寻常形状或尺寸的存储器一起工作，或者可以在将其存储在存储器之前以非标准方式操纵数据。读/写设备是只能根据管理内容的规则处理受保护内容的受信任组件。设备中包括的特征优选地是专有和/或硬件特征，使得并入该特征的假冒设备不能克服经济和/或法律障碍。由于构建与特殊配置的便携式存储器兼容的设备的障碍，受保护的内容可以被合理地保证内容不会被广泛地复制到这样的存储器中。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式