专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07945958B2 Constraint injection system for immunizing software programs against vulnerabilities and attacks 有权
标题翻译：限制注射系统，用于免疫软件程序，防范漏洞和攻击
公开(公告)号：US07945958B2
公开(公告)日：2011-05-17
申请号：US11422547
申请日：2006-06-06
申请人： Saman P. Amarasinghe , Bharath Chandramohan , Charles Renert , Derek L. Bruening , Vladimir L. Kiriansky , Tim Garnett , Sandy Wilbourn , Warren Wu
发明人： Saman P. Amarasinghe , Bharath Chandramohan , Charles Renert , Derek L. Bruening , Vladimir L. Kiriansky , Tim Garnett , Sandy Wilbourn , Warren Wu
IPC分类号： G06F11/00
CPC分类号： G06F21/53 , G06F21/54 , G06F21/577
摘要： A constraint is inserted into a program to address a vulnerability of the program to attacks. The constraint includes a segment of code that determines when the program has been asked to execute a “corner case” which does not occur in normal operations. The constraint code can access a library of detector and remediator functions to detect various attacks and remediate against them. Optionally, the detector can be employed without the remediator for analysis. The context of the program can be saved and restored if necessary to continue operating after remediation is performed. The constraints can include descriptors, along with machine instructions or byte code, which indicate how the constraints are to be used.
摘要翻译：一个约束被插入到一个程序中，以解决该程序对攻击的脆弱性。约束包括一段代码，用于确定程序何时被要求执行在正常操作中不会发生的“角落”。约束代码可以访问检测器和修复器功能库，以检测各种攻击并对其进行补救。任选地，可以使用检测器而不用补救剂进行分析。如果需要，可以保存和恢复程序的上下文，以便在执行修复后继续运行。约束可以包括描述符，以及机器指令或字节代码，其指示如何使用约束。

2. 发明授权

US07886148B2 Secure execution of a computer program 有权
标题翻译：安全执行计算机程序
公开(公告)号：US07886148B2
公开(公告)日：2011-02-08
申请号：US12563871
申请日：2009-09-21
申请人： Vladimir L. Kiriansky , Derek L. Bruening , Saman P. Amarasinghe
发明人： Vladimir L. Kiriansky , Derek L. Bruening , Saman P. Amarasinghe
IPC分类号： G06F21/00
CPC分类号： G06F21/53 , G06F21/554
摘要： Hijacking of an application is prevented by securing execution of a computer program on a computing system. Prior to execution of the computer program, the computer program is analyzed to identify permitted targets of all indirect transfers. An application-specific policy based on the permitted targets is created. When the program is executed on the computing system, the application-specific policy is enforced such that the program is prohibited from executing indirect transfer instructions that do not target one of the permitted targets.
摘要翻译：通过确保计算机系统上的计算机程序的执行来防止应用程序的劫持。在执行计算机程序之前，分析计算机程序以识别所有间接传送的允许目标。创建基于允许目标的特定于应用程序的策略。当在计算系统上执行程序时，执行特定于应用程序的策略，使得程序被禁止执行不针对允许的目标之一的间接传送指令。

3. 发明申请

US20100011209A1 SECURE EXECUTION OF A COMPUTER PROGRAM 有权
标题翻译：计算机程序的安全执行
公开(公告)号：US20100011209A1
公开(公告)日：2010-01-14
申请号：US12563871
申请日：2009-09-21
申请人： Vladimir L. Kiriansky , Derek L. Bruening , Saman P. Amarasinghe
发明人： Vladimir L. Kiriansky , Derek L. Bruening , Saman P. Amarasinghe
IPC分类号： G06F21/00
CPC分类号： G06F21/53 , G06F21/554
摘要： Hijacking of an application is prevented by securing execution of a computer program on a computing system. Prior to execution of the computer program, the computer program is analyzed to identify permitted targets of all indirect transfers. An application-specific policy based on the permitted targets is created. When the program is executed on the computing system, the application-specific policy is enforced such that the program is prohibited from executing indirect transfer instructions that do not target one of the permitted targets.
摘要翻译：通过确保计算机系统上的计算机程序的执行来防止应用程序的劫持。在执行计算机程序之前，分析计算机程序以识别所有间接传送的允许目标。创建基于允许目标的特定于应用程序的策略。当在计算系统上执行程序时，执行特定于应用程序的策略，使得程序被禁止执行不针对允许的目标之一的间接传送指令。

4. 发明授权

US07594111B2 Secure execution of a computer program 有权
标题翻译：安全执行计算机程序
公开(公告)号：US07594111B2
公开(公告)日：2009-09-22
申请号：US10740063
申请日：2003-12-18
申请人： Vladimir L. Kiriansky , Derek L. Bruening , Saman P. Amarasinghe
发明人： Vladimir L. Kiriansky , Derek L. Bruening , Saman P. Amarasinghe
IPC分类号： G06F21/00
CPC分类号： G06F21/53 , G06F21/554
摘要： Hijacking of an application is prevented by monitoring control flow transfers during program execution in order to enforce a security policy. At least three basic techniques are used. The first technique, Restricted Code Origins (RCO), can restrict execution privileges on the basis of the origins of instruction executed. This distinction can ensure that malicious code masquerading as data is never executed, thwarting a large class of security attacks. The second technique, Restricted Control Transfers (RCT), can restrict control transfers based on instruction type, source, and target. The third technique, Un-Circumventable Sandboxing (UCS), guarantees that sandboxing checks around any program operation will never be bypassed.
摘要翻译：通过在程序执行期间监视控制流传输来防止应用程序的劫持，以执行安全策略。至少使用三种基本技术。第一种技术限制代码起源（RCO）可以根据执行指令的起源限制执行权限。这种区别可以确保恶意代码伪装成数据永远不会执行，从而阻止了一大堆安全攻击。第二种技术，限制控制传输（RCT）可以根据指令类型，源和目标来限制控制传输。第三种技术，Un-Circumventable Sandboxing（UCS），保证围绕任何程序操作的沙盒检查永远不会被忽略。

5. 发明授权

US07603704B2 Secure execution of a computer program using a code cache 有权
标题翻译：使用代码缓存来安全地执行计算机程序
公开(公告)号：US07603704B2
公开(公告)日：2009-10-13
申请号：US10739499
申请日：2003-12-18
申请人： Derek L. Bruening , Vladimir L. Kiriansky , Saman P. Amarasinghe
发明人： Derek L. Bruening , Vladimir L. Kiriansky , Saman P. Amarasinghe
IPC分类号： G06F11/00
CPC分类号： G06F21/566 , G06F21/52 , G06F21/54
摘要： Hijacking of an application is prevented by monitoring control flow transfers during program execution in order to enforce a security policy. At least three basic techniques are used. The first technique, Restricted Code Origins (RCO), can restrict execution privileges on the basis of the origins of instruction executed. This distinction can ensure that malicious code masquerading as data is never executed, thwarting a large class of security attacks. The second technique, Restricted Control Transfers (RCT), can restrict control transfers based on instruction type, source, and target. The third technique, Un-Circumventable Sandboxing (UCS), guarantees that sandboxing checks around any program operation will never be bypassed.
摘要翻译：通过在程序执行期间监视控制流传输来防止应用程序的劫持，以执行安全策略。至少使用三种基本技术。第一种技术限制代码起源（RCO）可以根据执行指令的起源限制执行权限。这种区别可以确保恶意代码伪装成数据永远不会执行，从而阻止了一大堆安全攻击。第二种技术，限制控制传输（RCT）可以根据指令类型，源和目标来限制控制传输。第三种技术，Un-Circumventable Sandboxing（UCS），保证围绕任何程序操作的沙盒检查永远不会被忽略。

6. 发明授权

US08402224B2 Thread-shared software code caches 有权
标题翻译：线程共享软件代码缓存
公开(公告)号：US08402224B2
公开(公告)日：2013-03-19
申请号：US11533712
申请日：2006-09-20
申请人： Derek L. Bruening , Vladimir L. Kiriansky , Tim Garnett , Sanjeev Banerji
发明人： Derek L. Bruening , Vladimir L. Kiriansky , Tim Garnett , Sanjeev Banerji
IPC分类号： G06F12/00
CPC分类号： G06F12/0842 , G06F9/3851 , G06F9/526 , G06F12/12
摘要： A runtime system using thread-shared code caches is provided which avoids brute-force all-thread-suspension and monolithic global locks. In one embodiment, medium-grained runtime system synchronization reduces lock contention. The system includes trace building that combines efficient private construction with shared results, in-cache lock-free lookup table access in the presence of entry invalidations, and a delayed deletion algorithm based on timestamps and reference counts. These enable reductions in memory usage and performance overhead.
摘要翻译：提供了使用线程共享代码高速缓存的运行时系统，避免了强力的全线程挂起和单片全局锁。在一个实施例中，中粒度运行时系统同步减少锁争用。该系统包括跟踪构建，其结合了高效的私有构造与共享结果，存在入口无效时的缓存无锁定查找表访问以及基于时间戳和引用计数的延迟删除算法。这些可以减少内存使用和性能开销。

7. 发明授权

US09665498B2 Memory management using transparent page transformation 有权
公开(公告)号：US09665498B2
公开(公告)日：2017-05-30
申请号：US12182989
申请日：2008-07-30
申请人： Vladimir L. Kiriansky
发明人： Vladimir L. Kiriansky
IPC分类号： G06F12/10 , G06F17/30
CPC分类号： G06F12/10 , G06F2212/401
摘要： Memory space is managed to release storage area occupied by pages similar to stored reference pages. The memory is examined to find two similar pages, and a transformation is obtained. The transformation enables reconstructing one page from the other. The transformation is then stored and one of the pages is discarded to release its memory space. When the discarded page is needed, the remaining page is fetched, and the transformation is applied to the page to regenerate the discarded page.

8. 发明授权

US08321850B2 Sharing and persisting code caches 有权
标题翻译：共享和持久的代码缓存
公开(公告)号：US08321850B2
公开(公告)日：2012-11-27
申请号：US12135020
申请日：2008-06-06
申请人： Derek Bruening , Vladimir L. Kiriansky
发明人： Derek Bruening , Vladimir L. Kiriansky
IPC分类号： G06F9/45
CPC分类号： G06F8/41 , G06F12/0862 , G06F12/1491
摘要： Computer code from an application program comprising a plurality of modules that each comprise a separately loadable file is code cached in a shared and persistent caching system. A shared code caching engine receives native code comprising at least a portion of a single module of the application program, and stores runtime data corresponding to the native code in a cache data file in the non-volatile memory. The engine then converts cache data file into a code cache file and enables the code cache file to be pre-loaded as a runtime code cache. These steps are repeated to store a plurality of separate code cache files at different locations in non-volatile memory.
摘要翻译：来自包括多个模块的应用程序的计算机代码，每个模块各自包括可单独加载的文件，其代码被缓存在共享和持久缓存系统中。共享代码高速缓存引擎接收包括应用程序的单个模块的至少一部分的本地代码，并将对应于本地代码的运行时间数据存储在非易失性存储器中的高速缓存数据文件中。然后，引擎将高速缓存数据文件转换为代码高速缓存文件，并使代码缓存文件作为运行时代码高速缓存预加载。重复这些步骤以将多个单独的代码高速缓存文件存储在非易失性存储器中的不同位置。

9. 发明申请

US20090307430A1 SHARING AND PERSISTING CODE CACHES 有权
标题翻译：共享代码缓存
公开(公告)号：US20090307430A1
公开(公告)日：2009-12-10
申请号：US12135020
申请日：2008-06-06
申请人： Derek BRUENING , Vladimir L. Kiriansky
发明人： Derek BRUENING , Vladimir L. Kiriansky
IPC分类号： G06F12/00
CPC分类号： G06F8/41 , G06F12/0862 , G06F12/1491
摘要： Computer code from an application program comprising a plurality of modules that each comprise a separately loadable file is code cached in a shared and persistent caching system. A shared code caching engine receives native code comprising at least a portion of a single module of the application program, and stores runtime data corresponding to the native code in a cache data file in the non-volatile memory. The engine then converts cache data file into a code cache file and enables the code cache file to be pre-loaded as a runtime code cache. These steps are repeated to store a plurality of separate code cache files at different locations in non-volatile memory.
摘要翻译：来自包括多个模块的应用程序的计算机代码，每个模块各自包括可单独加载的文件，其代码被缓存在共享和持久缓存系统中。共享代码高速缓存引擎接收包括应用程序的单个模块的至少一部分的本地代码，并将对应于本地代码的运行时间数据存储在非易失性存储器中的高速缓存数据文件中。然后，引擎将高速缓存数据文件转换为代码高速缓存文件，并使代码缓存文件作为运行时代码高速缓存预加载。重复这些步骤以将多个单独的代码高速缓存文件存储在非易失性存储器中的不同位置。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式