专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US06412071B1 Method for secure function execution by calling address validation 有权
标题翻译：通过调用地址验证来执行安全功能的方法
公开(公告)号：US06412071B1
公开(公告)日：2002-06-25
申请号：US09561011
申请日：2000-04-28
申请人： Yona Hollander , Ophir Rachman , Oded Horovitz
发明人： Yona Hollander , Ophir Rachman , Oded Horovitz
IPC分类号： G06F1130
CPC分类号： G06F21/52 , G06F9/4484 , G06F12/1441 , G06F2209/542
摘要： A method for detecting and preventing unauthorized or illegal attempts to gain enhanced privileges within a computing environment by exploiting the buffer overflow-related weakness of the computer system.
摘要翻译：一种用于通过利用计算机系统的缓冲器溢出相关弱点来检测和防止未经授权或非法尝试在计算环境内获得增强特权的方法。

2. 发明授权

US07213153B2 Application program interface interception system and method 有权
标题翻译：应用程序接口拦截系统和方法
公开(公告)号：US07213153B2
公开(公告)日：2007-05-01
申请号：US10874433
申请日：2004-06-22
申请人： Yona Hollander , Ophir Rachman , Oded Horovitz
发明人： Yona Hollander , Ophir Rachman , Oded Horovitz
IPC分类号： G06F9/44
CPC分类号： G06F21/53 , G06F9/4484 , G06F12/1441 , G06F2209/542
摘要： A method of intercepting application program interface, including dynamic installation of associated software, within the user portion of an operating system. An API interception control server in conjunction with a system call interception module loads into all active process spaces an API interception module. An initializer module within the API interception module hooks and patches all API modules in the active process address space. When called by the application programs, the API routines' flow of execution, by virtue of their patched code, is re-directed into a user-supplied code in a pre-entry routine of the API interception module. The API routine might be completely by-passed or its input parameters might be filtered and changed by the user code. During the operation, the API routine is double-patched by the API interception module to ensure that all simultaneous calls to the API routine will re-direct its flow of control into the API interception module. A user-supplied code in a post-entry module of the API interception module might filter or change the return values of the API.
摘要翻译：在操作系统的用户部分内截取应用程序接口的方法，包括关联软件的动态安装。 API拦截控制服务器与系统调用拦截模块一起加载到所有活动进程空间中的一个API拦截模块。 API拦截模块中的初始化程序模块挂接并修补活动进程地址空间中的所有API模块。当应用程序调用时，API程序的执行流程通过其修补的代码被重定向到API拦截模块的预入口例程中的用户提供的代码。 API例程可能被完全旁路，或者其输入参数可能被用户代码过滤和更改。在操作期间，API例程由API拦截模块进行双重打补丁，以确保所有对API例程的同时调用都将其控制流重新引导到API拦截模块中。 API拦截模块的后进入模块中的用户提供的代码可能会过滤或更改API的返回值。

3. 发明授权

US06823460B1 Method and system for intercepting an application program interface 有权
标题翻译：拦截应用程序接口的方法和系统
公开(公告)号：US06823460B1
公开(公告)日：2004-11-23
申请号：US09561395
申请日：2000-04-28
申请人： Yona Hollander , Ophir Rachman , Oded Horovitz
发明人： Yona Hollander , Ophir Rachman , Oded Horovitz
IPC分类号： G06F1130
CPC分类号： G06F21/53 , G06F9/4484 , G06F12/1441 , G06F2209/542
摘要： A method of intercepting application program interface, including dynamic installation of associated software, within the user portion of an operating system. An API interception control server in conjunction with a system call interception module loads into all active process spaces an API interception module. An initializer module within the API interception module hooks and patches all API modules in the active process address space. When called by the application programs, the API routines' flow of execution, by virtue of their patched code, is re-directed into a user-supplied code in a pre-entry routine of the API interception module. The API routine might be completely by-passed or its input parameters might be filtered and changed by the user code. During the operation, the API routine is double-patched by the API interception module to ensure that all simultaneous calls to the API routine will re-direct its flow of control into the API interception module. A user-supplied code in a post-entry module of the API interception module might filter or change the return values of the API.
摘要翻译：在操作系统的用户部分内截取应用程序接口的方法，包括关联软件的动态安装。 API拦截控制服务器与系统调用拦截模块一起加载到所有活动进程空间中的一个API拦截模块。 API拦截模块中的初始化程序模块挂接并修补活动进程地址空间中的所有API模块。当应用程序调用时，API程序的执行流程通过其修补的代码被重定向到API拦截模块的预入口例程中的用户提供的代码。 API例程可能被完全旁路，或者其输入参数可能被用户代码过滤和更改。在操作期间，API例程由API拦截模块进行双重打补丁，以确保所有对API例程的同时调用都将其控制流重新引导到API拦截模块中。 API拦截模块的后进入模块中的用户提供的代码可能会过滤或更改API的返回值。

4. 发明授权

US08271450B2 Monitoring a data structure in a virtual machine and determining if memory pages containing the data structure are swapped into or out of guest physical memory 有权
标题翻译：监视虚拟机中的数据结构，并确定包含数据结构的内存页是否与客户物理内存进行交换
公开(公告)号：US08271450B2
公开(公告)日：2012-09-18
申请号：US12572158
申请日：2009-10-01
申请人： Oded Horovitz , Ophir Rachman , Wei Xu , Adrian Drzewiecki , Xiaoxin Chen
发明人： Oded Horovitz , Ophir Rachman , Wei Xu , Adrian Drzewiecki , Xiaoxin Chen
IPC分类号： G06F7/00 , G06F17/00
CPC分类号： G06F11/301 , G06F11/3089 , G06F12/10 , G06F21/53 , G06F21/566 , G06F2009/45583 , G06F2009/45587 , G06F2221/2101
摘要： A method for monitoring a data structure maintained by guest software within a virtual machine is disclosed. Changes to the contents of the data structure are determined, such as by placing write traces on the memory pages containing the data structure. Also, the method involves determining when memory pages containing the data structure are swapped into and/or out of guest physical memory by the guest software, such as by placing write traces on the memory pages containing the guest page table and detecting changes to the present bit of page table entries involved in mapping virtual addresses for the data structure. Information about the contents of the data structure is retained while memory pages containing the data structure are swapped out of guest physical memory.
摘要翻译：公开了一种用于监视由虚拟机内的客户软件维护的数据结构的方法。确定对数据结构内容的更改，例如通过在包含数据结构的内存页上放置写入轨迹。此外，该方法包括确定包含数据结构的存储器页面何时由客户软件交换到和/或离开客户机物理存储器，例如通过在包含访客页面表的存储器页面上放置写入跟踪并检测对当前的变化参与映射数据结构的虚拟地址的页表项的位。关于数据结构的内容的信息被保留，而包含数据结构的存储器页面被从客体物理存储器换出。

5. 发明授权

US08132164B1 System, method and computer program product for virtual patching 有权
标题翻译：用于虚拟修补的系统，方法和计算机程序产品
公开(公告)号：US08132164B1
公开(公告)日：2012-03-06
申请号：US11194300
申请日：2005-08-01
申请人： Oded Horovitz , Yona Hollander
发明人： Oded Horovitz , Yona Hollander
IPC分类号： G06F9/44
CPC分类号： G06F21/577
摘要： A system, method, and computer program product are provided for virtual patching. Initially, information associated with at least one vulnerability of a computer application is collected. Further, at least one host interface is identified that is capable of being used to access the vulnerability. In use, data sent to the at least one host interface is analyzed to determine whether the data is unwanted, based on the information.
摘要翻译：提供了虚拟补丁的系统，方法和计算机程序产品。最初，收集与计算机应用程序的至少一个漏洞相关联的信息。此外，识别出能够用于访问该漏洞的至少一个主机接口。在使用中，基于该信息，分析发送到至少一个主机接口的数据以确定数据是不需要的。

6. 发明授权

US07281268B2 System, method and computer program product for detection of unwanted processes 失效
标题翻译：用于检测不需要的过程的系统，方法和计算机程序产品
公开(公告)号：US07281268B2
公开(公告)日：2007-10-09
申请号：US11055197
申请日：2005-02-10
申请人： Yona Hollander , Oded Horovitz
发明人： Yona Hollander , Oded Horovitz
IPC分类号： H04L9/00
CPC分类号： G06F21/53 , G06F9/4484 , G06F12/1441 , G06F2209/542
摘要： A system, method and computer program product are provided which are capable of intercepting a call. Once intercepted, it is determined whether the call is associated with a previous sequence of calls in order to identify a correct sequence of calls associated with the intercepted call. Next, the call is associated with the correct sequence of calls. State information that is associated with the call is then gathered. Further, sequence state information is updated, and it is determined whether a process is unwanted based, at least in part, on such sequence state information. If it is determined that the process is unwanted, a reaction may be made to the unwanted process. If it is not determined that the process is unwanted, a next call may be intercepted, and so on.
摘要翻译：提供能够拦截呼叫的系统，方法和计算机程序产品。一旦截获，确定呼叫是否与先前的呼叫序列相关联，以便识别与被截取的呼叫相关联的正确的呼叫序列。接下来，呼叫与正确的呼叫序列相关联。然后收集与呼叫相关联的状态信息。此外，序列状态信息被更新，并且至少部分地基于这样的序列状态信息确定进程是否是不需要的。如果确定该过程是不需要的，则可能会对不需要的过程进行反应。如果不确定进程是不需要的，则可能会拦截下一个呼叫，依此类推。

7. 发明申请

US20120131678A1 SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR VIRTUAL PATCHING 审中-公开
标题翻译：虚拟贴图的系统，方法和计算机程序产品
公开(公告)号：US20120131678A1
公开(公告)日：2012-05-24
申请号：US13362225
申请日：2012-01-31
申请人： Oded Horovitz , Yona Hollander
发明人： Oded Horovitz , Yona Hollander
IPC分类号： G06F21/00
CPC分类号： G06F21/577
摘要： A system, method, and computer program product are provided for virtual patching. Initially, information associated with at least one vulnerability of a computer application is collected. Further, at least one host interface is identified that is capable of being used to access the vulnerability. In use, data sent to the at least one host interface is analyzed to determine whether the data is unwanted, based on the information.
摘要翻译：提供了虚拟补丁的系统，方法和计算机程序产品。最初，收集与计算机应用程序的至少一个漏洞相关联的信息。此外，识别出能够用于访问该漏洞的至少一个主机接口。在使用中，基于该信息，分析发送到至少一个主机接口的数据以确定数据是不需要的。

8. 发明申请

US20050177752A1 System, method and computer program product for detection of unwanted processes 失效
标题翻译：用于检测不需要的过程的系统，方法和计算机程序产品
公开(公告)号：US20050177752A1
公开(公告)日：2005-08-11
申请号：US11055197
申请日：2005-02-10
申请人： Yona Hollander , Oded Horovitz
发明人： Yona Hollander , Oded Horovitz
IPC分类号： G06F1/00 , G06F9/40 , G06F12/14 , G06F21/00 , H04L9/00
CPC分类号： G06F21/53 , G06F9/4484 , G06F12/1441 , G06F2209/542
摘要： A system, method and computer program product are provided which are capable of intercepting a call. Once intercepted, it is determined whether the call is associated with a previous sequence of calls in order to identify a correct sequence of calls associated with the intercepted call. Next, the call is associated with the correct sequence of calls. State information that is associated with the call is then gathered. Further, sequence state information is updated, and it is determined whether a process is unwanted based, at least in part, on such sequence state information. If it is determined that the process is unwanted, a reaction may be made to the unwanted process. If it is not determined that the process is unwanted, a next call may be intercepted, and so on.
摘要翻译：提供能够拦截呼叫的系统，方法和计算机程序产品。一旦截获，确定呼叫是否与先前的呼叫序列相关联，以便识别与被截取的呼叫相关联的正确的呼叫序列。接下来，呼叫与正确的呼叫序列相关联。然后收集与呼叫相关联的状态信息。此外，序列状态信息被更新，并且至少部分地基于这样的序列状态信息确定进程是否是不需要的。如果确定该过程是不需要的，则可能会对不需要的过程进行反应。如果不确定进程是不需要的，则可能会拦截下一个呼叫，依此类推。

9. 发明授权

US08966623B2 Managing execution of a running-page in a virtual machine 有权
标题翻译：管理虚拟机中正在运行的页面的执行
公开(公告)号：US08966623B2
公开(公告)日：2015-02-24
申请号：US13043264
申请日：2011-03-08
申请人： Oded Horovitz , Samuel Larsen , Gilad Arie Wolff , Marios Leventopoulos , Bharath Chandramohan
发明人： Oded Horovitz , Samuel Larsen , Gilad Arie Wolff , Marios Leventopoulos , Bharath Chandramohan
IPC分类号： G06F9/455
CPC分类号： G06F9/45533
摘要： Computer implemented methods, system and apparatus for managing execution of a running-page in a virtual machine include associating an execution trace code with the running page by a security virtual machine. The execution trace code generates a notification upon initiation of the execution of the running page by the virtual machine. The notification is received by the security virtual machine running independent of the virtual machine executing the running-page. The running page associated with the execution trace code is validated by the security virtual machine as authorized for execution. An exception is generated if the running-page is not authorized for execution. The generated exception is to prevent the execution of the running page in the virtual machine.
摘要翻译：用于管理虚拟机中的运行页面的执行的计算机实现的方法，系统和装置包括通过安全虚拟机将执行跟踪代码与运行页面相关联。执行跟踪代码在虚拟机启动运行的页面时生成通知。安全虚拟机接收的通知是独立于执行运行页面的虚拟机运行的。与执行跟踪代码相关联的运行页面被安全虚拟机验证为授权执行。如果运行页面未被授权执行，则会生成异常。生成的异常是为了防止在虚拟机中执行正在运行的页面。

10. 发明申请

US20090055693A1 Monitoring Execution of Guest Code in a Virtual Machine 有权
标题翻译：监视虚拟机中访客代码的执行
公开(公告)号：US20090055693A1
公开(公告)日：2009-02-26
申请号：US12188929
申请日：2008-08-08
申请人： Dmitriy Budko , Xiaoxin Chen , Oded Horovitz , Pratap Subrahmanyam , Carl Waldspurger
发明人： Dmitriy Budko , Xiaoxin Chen , Oded Horovitz , Pratap Subrahmanyam , Carl Waldspurger
IPC分类号： G06F9/455 , G06F12/08 , G06F11/07
CPC分类号： G06F21/53 , G06F9/45558 , G06F2009/45587 , G06F2009/45591
摘要： One embodiment of the present invention is a method of operating a virtualization system, the method including: (a) instantiating a guest in a virtual machine of the virtualization system; and (b) monitoring execution of code registered for monitored execution in an execution context of the guest, wherein the monitoring is performed by the virtualization system and is hidden from computations of the guest.
摘要翻译：本发明的一个实施例是一种操作虚拟化系统的方法，所述方法包括：（a）在所述虚拟化系统的虚拟机中实例化客户机; 以及（b）监视在访客的执行上下文中注册用于被监视执行的代码的执行，其中所述监视由所述虚拟化系统执行并且隐藏于所述访客的计算中。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式