专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08434073B1 Systems and methods for preventing exploitation of byte sequences that violate compiler-generated alignment 有权
标题翻译：防止使用违反编译器生成的对齐方式的字节序列的系统和方法
公开(公告)号：US08434073B1
公开(公告)日：2013-04-30
申请号：US12263739
申请日：2008-11-03
申请人： Sourabh Satish , Bruce McCorkendale , William E. Sobel
发明人： Sourabh Satish , Bruce McCorkendale , William E. Sobel
IPC分类号： G06F9/44 , G06F9/45 , G06F9/445 , G06F12/00 , G06F12/14
CPC分类号： G06F21/54
摘要： An exemplary method for preventing exploitation of byte sequences that violate compiler-generated instruction alignment may comprise: 1) identifying instantiation of a process, 2) identifying an address space associated with the process, 3) identifying, within the address space associated with the process, at least one control-transfer instruction, 4) determining that at least one byte preceding the control-transfer instruction is capable of resulting in an out-of-alignment instruction, and then 5) preventing the control-transfer instruction from being executed. In one example, the system may prevent the control-transfer instruction from being executed by inserting a hook in place of the intended instruction that executes the intended instruction and then returns control flow back to the instantiated process. Corresponding systems and computer-readable media are also disclosed.
摘要翻译：用于防止违反编译器生成的指令对准的字节序列的示例性方法可以包括：1）识别过程的实例化，2）识别与该过程相关联的地址空间，3）在与该过程相关联的地址空间内识别，至少一个控制传输指令，4）确定控制传输指令之前的至少一个字节能够导致不对齐指令，然后5）防止执行控制传输指令。在一个示例中，系统可以通过插入钩来代替执行预期指令的预期指令来防止控制传输指令被执行，然后将控制流程返回到实例化的进程。还公开了相应的系统和计算机可读介质。

2. 发明授权

US08171256B1 Systems and methods for preventing subversion of address space layout randomization (ASLR) 有权
标题翻译：防止地址空间布局随机化（ASLR）颠覆的系统和方法
公开(公告)号：US08171256B1
公开(公告)日：2012-05-01
申请号：US12340968
申请日：2008-12-22
申请人： Sourabh Satish , William E. Sobel , Bruce McCorkendale
发明人： Sourabh Satish , William E. Sobel , Bruce McCorkendale
IPC分类号： G06F12/00 , G06F11/00 , G06F12/14 , G06F12/16
CPC分类号： G06F21/52
摘要： A method for preventing subversion of address space layout randomization (ASLR) in a computing device is described. An unverified module attempting to load into an address space of memory of the computing device is intercepted. Attributes associated with the unverified module are analyzed. A determination is made, based on the analyzed attributes, whether a probability exists that the unverified module will be loaded into a number of address spaces that exceeds a threshold. The unverified module is prevented from loading into the address space if the probability exists that the unverified module will be loaded into a number of address spaces that exceeds the threshold.
摘要翻译：描述了一种用于防止计算设备中的地址空间布局随机化（ASLR）的颠覆的方法。试图加载到计算设备的存储器的地址空间中的未验证的模块被截取。分析与未验证模块相关联的属性。基于分析的属性确定是否存在将未验证的模块加载到超过阈值的多个地址空间的概率。如果未验证的模块将被加载到超过阈值的多个地址空间的概率存在，则未经验证的模块被阻止加载到地址空间中。

3. 发明授权

US08745742B1 Methods and systems for processing web content encoded with malicious code 有权
标题翻译：处理使用恶意代码编码的网页内容的方法和系统
公开(公告)号：US08745742B1
公开(公告)日：2014-06-03
申请号：US12264101
申请日：2008-11-03
申请人： Sourabh Satish , William E. Sobel , Bruce McCorkendale
发明人： Sourabh Satish , William E. Sobel , Bruce McCorkendale
IPC分类号： G06F12/14 , G06F7/00 , G06F17/30
CPC分类号： G06F7/00 , G06F17/30 , G06F21/00 , G06F21/568
摘要： A computer-implemented method for processing web content may comprise receiving web content encoded with malicious steganographic code. Before presenting the web content, the method may comprise modifying the web content to create modified content such that information conveyed by the malicious steganographic code is at least partially corrupted in the modified content. Additionally, a functionality of the modified content may be at least substantially similar to a functionality of the web content following modification of the web content to create the modified content. Various other methods, computer-readable media, and systems are also disclosed.
摘要翻译：用于处理网页内容的计算机实现的方法可以包括接收用恶意隐写代码编码的网络内容。在呈现网络内容之前，该方法可以包括修改网络内容以创建修改的内容，使得恶意隐身代码传达的信息在修改的内容中至少部分地被破坏。此外，修改的内容的功能可以至少基本上类似于web内容的修改之后的web内容的功能，以创建修改的内容。还公开了各种其它方法，计算机可读介质和系统。

4. 发明授权

US08353058B1 Methods and systems for detecting rootkits 有权
标题翻译：用于检测rootkit的方法和系统
公开(公告)号：US08353058B1
公开(公告)日：2013-01-08
申请号：US12410166
申请日：2009-03-24
申请人： Bruce McCorkendale , Sourabh Satish , William E. Sobel
发明人： Bruce McCorkendale , Sourabh Satish , William E. Sobel
IPC分类号： G08B29/00 , G08B23/00 , G06F12/14 , G06F15/173 , H04L9/00
CPC分类号： G06F21/55 , G06F21/56 , H04L63/1416
摘要： A computer-implemented method for detecting rootkits is disclosed. The computer-implemented method may include sending periodic security communications from a privileged-processor-mode region of a computing device. The computer-implemented method may also include identifying at least one of the periodic security communications. The computer-implemented method may further include determining, based on the periodic security communications, whether the privileged-processor-mode region of the computing device has been compromised. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：公开了一种用于检测rootkit的计算机实现方法。计算机实现的方法可以包括从计算设备的特权处理器模式区域发送周期性安全通信。计算机实现的方法还可以包括识别周期性安全通信中的至少一个。计算机实现的方法还可以包括基于周期性安全通信来确定计算设备的特权处理器模式区域是否已被破坏。还公开了各种其它方法，系统和计算机可读介质。

5. 发明授权

US08645923B1 Enforcing expected control flow in program execution 有权
标题翻译：在程序执行中执行预期的控制流程
公开(公告)号：US08645923B1
公开(公告)日：2014-02-04
申请号：US12263362
申请日：2008-10-31
申请人： Sourabh Satish , Bruce McCorkendale , William E. Sobel
发明人： Sourabh Satish , Bruce McCorkendale , William E. Sobel
IPC分类号： G06F9/45
CPC分类号： G06F9/44589 , G06F21/52
摘要： When a program is loaded for execution, all code pages of the program except the one containing the entry point are set to be non-executable. When the executing program attempts to jump between code pages, an exception is thrown. Responsive to such an exception, a control flow graph of the program is examined, to determine if the attempted jump between code pages is expected. If the attempted jump is not expected, it is determined that the program is attempting a malicious activity. If the attempted jump is expected, the code page to which the program is attempting to jump is set to be executable, and control is returned to the program such that the jump executes.
摘要翻译：当程序加载执行时，除了包含入口点的程序之外，程序的所有代码页都被设置为不可执行。当执行程序尝试在代码页之间跳转时，抛出异常。响应于这种异常，检查程序的控制流程图，以确定是否期望在代码页之间尝试跳转。如果不希望尝试跳转，则确定程序正在尝试恶意活动。如果尝试跳转，程序尝试跳转的代码页被设置为可执行，并且控制返回到程序，使得跳转执行。

6. 发明授权

US08112806B1 Detecting network interface card level malware 有权
标题翻译：检测网络接口卡级恶意软件
公开(公告)号：US08112806B1
公开(公告)日：2012-02-07
申请号：US12259212
申请日：2008-10-27
申请人： William E. Sobel , Sourabh Satish , Bruce McCorkendale
发明人： William E. Sobel , Sourabh Satish , Bruce McCorkendale
IPC分类号： G06F11/00
CPC分类号： G06F21/85 , G06F21/55 , H04L63/1425
摘要： Computers are monitored for malware communicating directly with the NIC. The infection of computers with NIC level malware is detected. Operating system level network packet transmission statistics are monitored, as are transmission counters maintained by the NIC. The operating system level transmission statistics are compared to the NIC level transmission counters for a given period of time. If the NIC counters indicate the occurrence of a greater number of transmissions than as is indicated by the operating system level statistics, it is concluded that the computer is infected with NIC level malware.
摘要翻译：监视计算机，以直接与NIC通信的恶意软件。检测到具有NIC级恶意软件的计算机感染。监视操作系统级网络数据包传输统计信息，以及由NIC维护的传输计数器。将操作系统级传输统计信息与NIC级传输计数器进行比较，给定的时间段。如果NIC计数器指示比操作系统级别统计信息显示更多的传输次数，则可以断定计算机感染了NIC级恶意软件。

7. 发明授权

US08600995B1 User role determination based on content and application classification 有权
标题翻译：基于内容和应用程序分类的用户角色确定
公开(公告)号：US08600995B1
公开(公告)日：2013-12-03
申请号：US13358396
申请日：2012-01-25
申请人： Sourabh Satish , Bruce McCorkendale
发明人： Sourabh Satish , Bruce McCorkendale
IPC分类号： G06F17/30
CPC分类号： G06F17/30017 , G06Q10/00 , G06Q10/06
摘要： The role of a user within an organization is automatically determined based on the classification of applications and content on the user's computer. Applications and files installed on a user's computer are identified. Identified applications and files that are not indicative of the role of the user within the organization are filtered out. The non-filtered out applications are functionally classified according to associated roles within the organization, based on predetermined functional classification information. The non-filtered out files are also functionally classified, based on predetermined functional classification information concerning types of files associated with specific organizational roles. The content of files that are of types not indicative of the user's organizational role can be analyzed, and these files can be functionally classified based on their content. The functional classifications are used in determining the role of the user.
摘要翻译：用户在组织内的角色将根据用户计算机上的应用程序和内容的分类自动确定。识别安装在用户计算机上的应用程序和文件。识别出的不是用户在组织内的角色的应用程序和文件被过滤掉。基于预定的功能分类信息，未过滤的应用程序根据组织内的相关角色进行功能分类。基于关于与特定组织角色相关联的文件类型的预定功能分类信息，未过滤掉的文件也被功能分类。可以分析不指示用户组织角色的类型的文件的内容，并且可以基于其内容对这些文件进行功能分类。功能分类用于确定用户的角色。

8. 发明授权

US08214900B1 Method and apparatus for monitoring a computer to detect operating system process manipulation 有权
标题翻译：用于监测计算机以检测操作系统过程操纵的方法和装置
公开(公告)号：US08214900B1
公开(公告)日：2012-07-03
申请号：US12338587
申请日：2008-12-18
申请人： Sourabh Satish , William Sobel , Bruce McCorkendale
发明人： Sourabh Satish , William Sobel , Bruce McCorkendale
IPC分类号： G06F12/14
CPC分类号： G06F21/554 , G06F21/566
摘要： A method and apparatus for monitoring a computer to detect operating system process manipulation by malicious software programs is disclosed. In one embodiment, a method for detecting operating system process manipulation through unexpected process behavior includes accessing process behavior indicia regarding memory addresses used by at least one user mode process to request computer resources and comparing the process behavior indicia with a user mode request to identify operating system process manipulation.
摘要翻译：公开了一种用于监控计算机以检测恶意软件程序的操作系统处理操纵的方法和装置。在一个实施例中，一种用于通过意外的处理行为来检测操作系统处理操作的方法包括访问关于由至少一个用户模式进程使用的存储器地址的请求计算机资源的过程行为标记，并且将过程行为标记与用户模式请求进行比较以识别操作系统过程操纵。

9. 发明授权

US09621585B1 Applying functional classification to tune security policies and posture according to role and likely activity 有权
公开(公告)号：US09621585B1
公开(公告)日：2017-04-11
申请号：US13190186
申请日：2011-07-25
申请人： Sourabh Satish , Bruce McCorkendale
发明人： Sourabh Satish , Bruce McCorkendale
IPC分类号： G06F17/00 , H04L29/06 , H04L12/24
CPC分类号： H04L63/20 , H04L29/06986 , H04L41/0893 , H04L63/0263 , H04L63/1408
摘要： Computer security threats are increasing in customization and complexity of attacks, expanding the burden on security companies in addressing the wide-array of threats. Functional classification is used here to determine the likely role a client and its user play to personalize computer security according to client/user role. A security module analyzes the client to identify data or applications present on the client or activities performed using the client. Based on this analysis, the security module predicts the role of the client or a user of the client. The module further dynamically generates a security policy that is personalized to and optimized for the client or the user based on the role predicted and on computer security threats expected to affect the client or user based on the role. The module then applies the security policy generated to provide personalized security.

10. 发明授权

US09450960B1 Virtual machine file system restriction system and method 有权
标题翻译：虚拟机文件系统限制系统及方法
公开(公告)号：US09450960B1
公开(公告)日：2016-09-20
申请号：US12265157
申请日：2008-11-05
申请人： Bruce McCorkendale , William E. Sobel
发明人： Bruce McCorkendale , William E. Sobel
IPC分类号： H04L29/06
CPC分类号： H04L63/10 , G06F21/53 , G06F21/568 , G06F21/6218 , H04L63/102 , H04L63/1416
摘要： A method includes creating a virtual machine including a remote file system, a file system service, and a security application. Access to the remote file system is restricted with the security application upon an unknown malicious code outbreak. The more that is known about the threat, the more precise are the restrictions placed upon the file system thus reducing the impact on users of the file system to an absolute minimum.
摘要翻译：一种方法包括创建包括远程文件系统，文件系统服务和安全应用程序的虚拟机。在未知的恶意代码爆发时，访问远程文件系统受到安全应用程序的限制。对威胁的了解越多，对文件系统的限制越准确，从而将对文件系统的用户的影响降到绝对最小。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式