会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 3. 发明授权
    • Detecting memory errors using write integrity testing
    • 使用写入完整性测试检测内存错误
    • US08434064B2
    • 2013-04-30
    • US12058513
    • 2008-03-28
    • Periklis AkritidisManuel CostaMiguel Castro
    • Periklis AkritidisManuel CostaMiguel Castro
    • G06F9/44G06F9/45
    • G06F11/3612G06F21/52G06F21/54
    • Methods of detecting memory errors using write integrity testing are described. In an embodiment, additional analysis is performed when a program is compiled. This analysis identifies a set of objects which can be written by each instruction in the program. Additional code is then inserted into the program so that, at runtime, the program checks before performing a write instruction that the particular object being written is one of the set of objects that it is allowed to write. The inserted code causes an exception to be raised if this check fails and allows the write to proceed if the check is successful. In a further embodiment, code may also be inserted to perform checks before indirect control-flow transfer instructions, to ensure that those instructions cannot transfer control to locations different from those intended.
    • 描述使用写入完整性测试来检测存储器错误的方法。 在一个实施例中,当编译程序时执行附加分析。 此分析标识可由程序中的每条指令写入的一组对象。 然后将附加代码插入到程序中,使得在运行时,程序在执行写入指令之前检查所写入的特定对象是被允许写入的一组对象之一。 如果此检查失败,则插入的代码会引发异常,如果检查成功,则允许写入继续。 在另一实施例中,还可以插入代码以在间接控制流传输指令之前执行检查,以确保那些指令不能将控制转移到与预期不同的位置。
    • 4. 发明申请
    • DETECTING MEMORY ERRORS USING WRITE INTEGRITY TESTING
    • 使用写入完整性测试检测内存错误
    • US20090249289A1
    • 2009-10-01
    • US12058513
    • 2008-03-28
    • Periklis AkritidisManuel CostaMiguel Castro
    • Periklis AkritidisManuel CostaMiguel Castro
    • G06F9/44
    • G06F11/3612G06F21/52G06F21/54
    • Methods of detecting memory errors using write integrity testing are described. In an embodiment, additional analysis is performed when a program is compiled. This analysis identifies a set of objects which can be written by each instruction in the program. Additional code is then inserted into the program so that, at runtime, the program checks before performing a write instruction that the particular object being written is one of the set of objects that it is allowed to write. The inserted code causes an exception to be raised if this check fails and allows the write to proceed if the check is successful. In a further embodiment, code may also be inserted to perform checks before indirect control-flow transfer instructions, to ensure that those instructions cannot transfer control to locations different from those intended.
    • 描述使用写入完整性测试来检测存储器错误的方法。 在一个实施例中,当编译程序时执行附加分析。 此分析标识可由程序中的每条指令写入的一组对象。 然后将附加代码插入到程序中,使得在运行时,程序在执行写入指令之前检查所写入的特定对象是被允许写入的一组对象之一。 如果此检查失败,则插入的代码会引发异常,如果检查成功,则允许写入继续。 在另一实施例中,还可以插入代码以在间接控制流传输指令之前执行检查,以确保那些指令不能将控制转移到与预期不同的位置。
    • 9. 发明申请
    • Securing Software By Enforcing Data Flow Integrity
    • 通过执行数据流完整性来保护软件
    • US20090282393A1
    • 2009-11-12
    • US12306188
    • 2007-05-04
    • Manuel CostaMiguel CastroTim Harris
    • Manuel CostaMiguel CastroTim Harris
    • G06F9/06
    • G06F21/54G06F21/52
    • The majority of such software attacks exploit software vulnerabilities or flaws to write data to unintended locations. For example, control-data attacks exploit buffer overflows or other vulnerabilities to overwrite a return address in the stack, a function pointer, or some other piece of control data. Non-control-data attacks exploit similar vulnerabilities to overwrite security critical data without subverting the intended control flow in the program. We describe a method for securing software against both control-data and non-control-data attacks. A static analysis is carried out to determine data flow information for a software program. Data-flow tracking instructions are formed in order to track data flow during execution or emulation of that software. Also, checking instructions are formed to check the tracked data flow against the static analysis results and thereby identify potential attacks or errors. Optional optimisations are described to reduce the resulting additional overheads.
    • 大多数此类软件攻击利用软件漏洞或漏洞将数据写入非预期位置。 例如,控制数据攻击利用缓冲区溢出或其他漏洞来覆盖堆栈中的返回地址,函数指针或其他一些控制数据。 非控制数据攻击利用类似的漏洞来覆盖安全关键数据,而不会破坏程序中的预期控制流程。 我们描述一种保护软件免受控制数据和非控制数据攻击的方法。 进行静态分析以确定软件程序的数据流信息。 形成数据流跟踪指令,以便在执行或仿真该软件期间跟踪数据流。 此外,形成检查指令以根据静态分析结果检查跟踪的数据流,从而识别潜在的攻击或错误。 描述可选优化,以减少所产生的额外开销。
    • 10. 发明授权
    • Securing software by enforcing data flow integrity
    • 通过执行数据流完整性来保护软件
    • US09390261B2
    • 2016-07-12
    • US12306188
    • 2007-05-04
    • Manuel CostaMiguel CastroTim Harris
    • Manuel CostaMiguel CastroTim Harris
    • G06F9/44G06F21/54G06F21/52
    • G06F21/54G06F21/52
    • The majority of such software attacks exploit software vulnerabilities or flaws to write data to unintended locations. For example, control-data attacks exploit buffer overflows or other vulnerabilities to overwrite a return address in the stack, a function pointer, or some other piece of control data. Non-control-data attacks exploit similar vulnerabilities to overwrite security critical data without subverting the intended control flow in the program. We describe a method for securing software against both control-data and non-control-data attacks. A static analysis is carried out to determine data flow information for a software program. Data-flow tracking instructions are formed in order to track data flow during execution or emulation of that software. Also, checking instructions are formed to check the tracked data flow against the static analysis results and thereby identify potential attacks or errors. Optional optimisations are described to reduce the resulting additional overheads.
    • 大多数此类软件攻击利用软件漏洞或漏洞将数据写入非预期位置。 例如,控制数据攻击利用缓冲区溢出或其他漏洞来覆盖堆栈中的返回地址,函数指针或其他一些控制数据。 非控制数据攻击利用类似的漏洞来覆盖安全关键数据,而不会破坏程序中的预期控制流程。 我们描述一种用于保护软件免受控制数据和非控制数据攻击的方法。 进行静态分析以确定软件程序的数据流信息。 形成数据流跟踪指令,以便在执行或仿真该软件期间跟踪数据流。 此外,形成检查指令以根据静态分析结果检查跟踪的数据流,从而识别潜在的攻击或错误。 描述可选优化,以减少所产生的额外开销。