专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明授权

US08613096B2 Automatic data patch generation for unknown vulnerabilities 有权
标题翻译：针对未知漏洞生成自动数据补丁
公开(公告)号：US08613096B2
公开(公告)日：2013-12-17
申请号：US11948681
申请日：2007-11-30
申请人： Marcus Peinado , Weidong Cui , Jiahe Helen Wang , Michael E. Locasto
发明人： Marcus Peinado , Weidong Cui , Jiahe Helen Wang , Michael E. Locasto
IPC分类号： H04L29/06
CPC分类号： H04L63/1433 , G06F21/577
摘要： The claimed subject matter provides a system and/or method that generates data patches for vulnerabilities. The system can include devices and components that examine exploits received or obtained from data streams, constructs probes and determines whether the probes take advantage of vulnerabilities. Based at least in part on such determinations data patches are dynamically generated to remedy the hitherto vulnerabilities.
摘要翻译：所要求保护的主题提供了生成用于漏洞的数据补丁的系统和/或方法。该系统可以包括检查从数据流接收或获取的漏洞的设备和组件，构建探测并确定探针是否利用漏洞。至少部分地基于这样的确定，动态地产生数据补丁以补救迄今为止的漏洞。

12. 发明授权

US08584254B2 Data access reporting platform for secure active monitoring 有权
标题翻译：数据访问报告平台，用于安全主动监控
公开(公告)号：US08584254B2
公开(公告)日：2013-11-12
申请号：US13314209
申请日：2011-12-08
申请人： Weidong Cui , Marcus Peinado , Martim Carbone
发明人： Weidong Cui , Marcus Peinado , Martim Carbone
IPC分类号： G06F15/16 , H04L29/06 , H04L9/32 , G06F21/00 , G06F7/04
CPC分类号： G06F21/53 , G06F12/1441 , G06F21/566
摘要： Technologies pertaining to detecting accesses to monitored regions of memory and transmitting data to a protection system responsive to the detecting are described herein. A region of memory that includes objects in an object graph utilized by an operating system to determine which processes to execute and an order to execute such processes is monitored. If a process executing on a processor attempts to write to an object in the object graph, a field that is being written to is identified, and a determination is made regarding whether the field includes a pointer. Based upon whether the field includes a pointer, a type of write desirably undertaken by the object is ascertained, and an object event is transmitted to the protection system that informs the protection system of the type of write.
摘要翻译：本文描述了关于检测对监视的存储器区域的访问以及响应于检测将数据发送到保护系统的技术。包括由操作系统使用的对象图中的对象来确定执行哪些进程和执行这些处理的命令的内存区域。如果在处理器上执行的进程尝试写入对象图中的对象，则识别正被写入的字段，并且确定该字段是否包括指针。基于该字段是否包括指针，确定由对象期望地执行的写入类型，并且将对象事件发送到向保护系统通知写入类型的保护系统。

13. 发明授权

US07933946B2 Detecting data propagation in a distributed system 有权
标题翻译：检测分布式系统中的数据传播
公开(公告)号：US07933946B2
公开(公告)日：2011-04-26
申请号：US11767312
申请日：2007-06-22
申请人： Benjamin Livshits , Weidong Cui
发明人： Benjamin Livshits , Weidong Cui
IPC分类号： G06F15/16
CPC分类号： H04L63/145 , H04L63/166
摘要： Embodiments gather historical information about data propagation by monitoring requests to and replies from a server. When a request is received from a client system to upload code onto a web site, a user identity associated with the client system is determined and a tag that uniquely identifies the uploaded data is created and mapped with the user identity into a propagation graph. The propagation graph includes nodes and edges associated with a number of client systems that made similar requests such that each node of the propagation graph corresponds to both a tag and user identity of a client system and edges within the propagation graph represent causality links between the nodes. The propagation graph can then be used for finding long propagation chains, which can be useful for detecting worm-like propagation activity.
摘要翻译：实施例通过监视对服务器的请求和从服务器的回复来收集关于数据传播的历史信息。当从客户端系统接收到将代码上传到网站上的请求时，确定与客户端系统相关联的用户身份，并且创建唯一地标识上传的数据的标签并将其与用户身份映射到传播图中。传播图包括与产生类似请求的多个客户端系统相关联的节点和边缘，使得传播图的每个节点对应于客户端系统的标签和用户标识，传播图中的边缘表示节点之间的因果关系。然后，传播图可以用于寻找长的传播链，这可以用于检测蠕虫状传播活动。

14. 发明授权

US08589888B2 Demand-driven analysis of pointers for software program analysis and debugging 有权
标题翻译：软件程序分析和调试指针的需求驱动分析
公开(公告)号：US08589888B2
公开(公告)日：2013-11-19
申请号：US13220651
申请日：2011-08-29
申请人： Weidong Cui , Marcus Peinado , Zhilei Xu
发明人： Weidong Cui , Marcus Peinado , Zhilei Xu
IPC分类号： G06F9/44 , G06F9/45
CPC分类号： G06F8/434 , G06F11/3608
摘要： A “Demand-Driven Pointer Analyzer” (DDPA) provides a “demand-driven” field-sensitive pointer analysis process. This process rapidly and accurately identifies alias sets for selected pointers in software modules or programs of any size, including large-scale C/C++ programs such as a complete operating system (OS). The DDPA formulates the pointer analysis task as a Context-Free Language (CFL) reachability problem that operates using a Program Expression Graph (PEG) automatically constructed from the program code. The PEG provides a node and edge-based graph representation of all expressions and assignments in the program and allows the DDPA to rapidly identify aliases for pointers in the program by traversing the graph as a CFL reachability problem to determine pointer alias sets. In various embodiments, the DDPA is also context-sensitive.
摘要翻译： “需求驱动的指针分析器”（DDPA）提供了一个“需求驱动的”现场敏感指针分析过程。此过程可快速准确地识别软件模块或任何大小的程序（包括大型C / C ++程序，如完整的操作系统（OS））中的所选指针的别名集。 DDPA使用由程序代码自动构建的程序表达式图（PEG）来运行，使指针分析任务形成为无上下文语言（CFL）可达性问题。 PEG提供程序中所有表达式和赋值的节点和边缘图表示，并允许DDPA通过遍历图形来快速识别程序中的指针的别名，作为CFL可达性问题，以确定指针别名集。在各种实施例中，DDPA也是上下文相关的。

15. 发明申请

US20130160128A1 APPLICATION MONITORING THROUGH COLLECTIVE RECORD AND REPLAY 有权
公开(公告)号：US20130160128A1
公开(公告)日：2013-06-20
申请号：US13325062
申请日：2011-12-14
申请人： Brendan Dolan-Gavitt , David Alexander Molnar , Weidong Cui
发明人： Brendan Dolan-Gavitt , David Alexander Molnar , Weidong Cui
IPC分类号： G06F11/00
CPC分类号： G06F21/577 , G06F11/3414 , G06F11/3466 , G06F11/3476 , G06F21/52 , G06F21/552 , G06F21/566 , G06F21/6281 , G06F2201/865 , G06F2221/033
摘要： Methods and systems for application monitoring through collective record and replay are disclosed herein. The method includes recording a number of execution traces for an application from a number of user devices at a runtime library, wherein the number of execution traces relates to non-deterministic data. The method also includes replaying the number of execution traces to determine whether a behavior of the application creates a security risk.

16. 发明申请

US20100313190A1 DETERMINING TARGET TYPES FOR GENERIC POINTERS IN SOURCE CODE 有权
标题翻译：确定源代码中通用点的目标类型
公开(公告)号：US20100313190A1
公开(公告)日：2010-12-09
申请号：US12477954
申请日：2009-06-04
申请人： Weidong Cui , Marcus Peinado
发明人： Weidong Cui , Marcus Peinado
IPC分类号： G06F9/45
CPC分类号： G06F8/434
摘要： A system described herein includes a receiver component that receives source code from a computer-readable medium of a computing device and a static analysis component that executes a points-to analysis algorithm over the source code to cause generation of a points-to graph, wherein the points-to graph is a directed graph that comprises a plurality of nodes and a plurality of edges, wherein nodes of the points-to graph represent pointers in the source code and edges represent inclusion relationships in the source code. The system also includes an inference component that infers target types for generic pointers in the source code based at least in part upon known type definitions and global variables in the source code.
摘要翻译：本文描述的系统包括从计算设备的计算机可读介质接收源代码的接收器组件和在源代码上执行点到分析算法以产生点对图的静态分析组件，其中点对图是包括多个节点和多个边缘的有向图，其中点对图的节点表示源代码中的指针，边缘表示源代码中的包含关系。该系统还包括至少部分地基于源代码中的已知类型定义和全局变量来推断源代码中的通用指针的目标类型的推理组件。

17. 发明申请

US20090006645A1 Automatic Reverse Engineering of Message Formats From Network Traces 失效
标题翻译：网络跟踪消息格式的自动逆向工程
公开(公告)号：US20090006645A1
公开(公告)日：2009-01-01
申请号：US11768780
申请日：2007-06-26
申请人： Weidong Cui , Jayanthkumar Kannan , Jiahe Helen Wang
发明人： Weidong Cui , Jayanthkumar Kannan , Jiahe Helen Wang
IPC分类号： G06F15/16
CPC分类号： H04L43/50
摘要： A system for automatic inference of message formats from network packets is described. Each network message from a set of network messages is split into one or more tokens based on the types of bytes in the network messages. The set of network messages can then be classified into clusters based on token patterns. The network messages in each cluster can then be further sub-clustered recursively based on the message formats. Further, the messages with a similar message format across the sub-clusters can be merged into a cluster. The set of formatted clusters thus obtained correspond to a set of message formats that can be used further for protocol reverse engineering.
摘要翻译：描述了一种用于从网络分组自动推断消息格式的系统。基于网络消息中的字节类型，来自一组网络消息的每个网络消息被分成一个或多个令牌。然后可以基于令牌模式将该组网络消息分类成群集。然后可以基于消息格式递归地进一步对每个集群中的网络消息进行子集群化。此外，跨子群集具有类似消息格式的消息可以合并到一个集群中。这样获得的格式化集合对应于可以进一步用于协议逆向工程的一组消息格式。

18. 发明授权

US08935677B2 Automatic reverse engineering of input formats 有权
标题翻译：自动逆向工程的输入格式
公开(公告)号：US08935677B2
公开(公告)日：2015-01-13
申请号：US12098496
申请日：2008-04-07
申请人： Weidong Cui , Marcus Peinado , Karl Chen , Jiahe Helen Wang , Luis Irun-Briz
发明人： Weidong Cui , Marcus Peinado , Karl Chen , Jiahe Helen Wang , Luis Irun-Briz
IPC分类号： G06F9/44 , G06F9/45
CPC分类号： G06F8/53
摘要： Systems and methods for automatically reverse engineering an input data format using dynamic data flow analysis. Combining input data with a simulated execution of the binary program using the input data and analyzing the use of the data by the program to generate a BNL-like grammar representing the input data format. The input data can be application level protocols, network protocols or formatted files.
摘要翻译：使用动态数据流分析自动逆向工程输入数据格式的系统和方法。将输入数据与使用输入数据的二进制程序的模拟执行相结合，并通过程序分析数据的使用，以生成表示输入数据格式的类BNL语法。输入数据可以是应用级协议，网络协议或格式化文件。

19. 发明授权

US08566944B2 Malware investigation by analyzing computer memory 有权
标题翻译：恶意软件调查分析计算机内存
公开(公告)号：US08566944B2
公开(公告)日：2013-10-22
申请号：US12767810
申请日：2010-04-27
申请人： Marcus Peinado , Weidong Cui
发明人： Marcus Peinado , Weidong Cui
IPC分类号： G06F12/16
CPC分类号： G06F21/566 , G06F21/554
摘要： Technology is described for malware investigation by analyzing computer memory in a computing device. The method can include performing static analysis on code for a software environment to form an extended type graph. A raw memory snapshot of the computer memory can be obtained at runtime. The raw memory snapshot may include the software environment executing on the computing device. Dynamic data structures can be found in the raw memory snapshot using the extended type graph to form an object graph. An authorized memory area can be defined having executable code, static data structures, and dynamic data structures. Implicit and explicit function pointers can be identified. The function pointers can be checked to validate that the function pointers reference a valid memory location in the authorized memory area and whether the computer memory is uncompromised.
摘要翻译：通过分析计算设备中的计算机内存来描述恶意软件调查技术。该方法可以包括对软件环境的代码执行静态分析以形成扩展类型图。可以在运行时获取计算机内存的原始内存快照。原始内存快照可以包括在计算设备上执行的软件环境。动态数据结构可以使用扩展类型图在原始内存快照中找到，形成对象图。可以定义授权的存储区域，具有可执行代码，静态数据结构和动态数据结构。可以识别隐式和显式函数指针。可以检查函数指针以验证函数指针是否引用了授权内存区域中的有效内存位置以及计算机内存是否不妥协。

20. 发明申请

US20130152207A1 DATA ACCESS REPORTING PLATFORM FOR SECURE ACTIVE MONITORING 有权
标题翻译：数据访问报告平台，用于安全的主动监控
公开(公告)号：US20130152207A1
公开(公告)日：2013-06-13
申请号：US13314209
申请日：2011-12-08
申请人： Weidong Cui , Marcus Peinado , Martim Carbone
发明人： Weidong Cui , Marcus Peinado , Martim Carbone
IPC分类号： G06F12/14 , G06F12/16
CPC分类号： G06F21/53 , G06F12/1441 , G06F21/566
摘要： Technologies pertaining to detecting accesses to monitored regions of memory and transmitting data to a protection system responsive to the detecting are described herein. A region of memory that includes objects in an object graph utilized by an operating system to determine which processes to execute and an order to execute such processes is monitored. If a process executing on a processor attempts to write to an object in the object graph, a field that is being written to is identified, and a determination is made regarding whether the field includes a pointer. Based upon whether the field includes a pointer, a type of write desirably undertaken by the object is ascertained, and an object event is transmitted to the protection system that informs the protection system of the type of write.
摘要翻译：本文描述了关于检测对监视的存储器区域的访问以及响应于检测将数据发送到保护系统的技术。包括由操作系统使用的对象图中的对象来确定执行哪些进程和执行这些处理的命令的内存区域。如果在处理器上执行的进程尝试写入对象图中的对象，则识别正被写入的字段，并且确定该字段是否包括指针。基于该字段是否包括指针，确定由对象期望地执行的写入类型，并且将对象事件发送到向保护系统通知写入类型的保护系统。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式