Patent application number | Description | Published |
20080244751 | Binding A Digital License To A Portable Device Or The Like In A Digital Rights Management (DRM) System And Checking Out/Checking In The Digital License To/From The Portable Device Or The Like - To render digital content encrypted according to a content key (KD) on a first device having a public key (PU | 10-02-2008 |
20090113550 | Automatic Filter Generation and Generalization - Methods and architectures for automatic filter generation are described. In an embodiment, these filters are generated in order to block inputs which would otherwise disrupt the normal functioning of a program. An initial set of filter conditions is generated by analyzing the path of a program from a point at which a bad input is received to the point at which the malfunctioning of the program is detected and creating conditions on an input which ensure that this path is followed. Having generated the initial set of filter conditions, the set is made less specific by determining which instructions do not influence whether the point of detection of the attack is reached and removing the filter conditions which correspond to these instructions. | 04-30-2009 |
20090144827 | AUTOMATIC DATA PATCH GENERATION FOR UNKNOWN VULNERABILITIES - The claimed subject matter provides a system and/or method that generates data patches for vulnerabilities. The system can include devices and components that examine exploits received or obtained from data streams, constructs probes and determines whether the probes take advantage of vulnerabilities. Based at least in part on such determinations data patches are dynamically generated to remedy the hitherto vulnerabilities. | 06-04-2009 |
20090254891 | AUTOMATIC REVERSE ENGINEERING OF INPUT FORMATS - Systems and methods for automatically reverse engineering an input data format using dynamic data flow analysis. Combining input data with a simulated execution of the binary program using the input data and analyzing the use of the data by the program to generate a BNL-like grammar representing the input data format. The input data can be application level protocols, network protocols or formatted files. | 10-08-2009 |
20090313397 | Methods and Systems for Protecting Data in USB Systems - The various embodiments described below are directed to providing authenticated and confidential messaging from software executing on a host (e.g. a secure software application or security kernel) to and from I/O devices operating on a USB bus. The embodiments can protect against attacks that are levied by software executing on a host computer. In some embodiments, a secure functional component or module is provided and can use encryption techniques to provide protection against observation and manipulation of USB data. In other embodiments, USB data can be protected through techniques that do not utilized (or are not required to utilize) encryption techniques. In accordance with these embodiments, USB devices can be designated as “secure” and, hence, data sent over the USB to and from such designated devices can be provided into protected memory. Memory indirection techniques can be utilized to ensure that data to and from secure devices is protected. | 12-17-2009 |
20100128866 | MODIFICATION OF SYSTEM CALL BEHAVIOR - The behavior of a system call may be modified. A modification component may pre-processes and/or post-process a system call to change the behavior of the system call. Pre-processing may involve modifying arguments to the system call, replacing one system call with another, intercepting the system call, etc. Post-processing may involve modifying results and/or side effects of a system call. The modification component may pre-process and/or post-process the system call without changes to the underlying kernel service routine that is normally invoked in response to the system call. Modifying the system call's behavior may be used to implement quality of service (QoS) constraints, to allow one operating system to emulate another, to provide information about memory layout to an application, or to serve other goals. | 05-27-2010 |
20100192026 | IMPLEMENTATIONS OF PROGRAM RUNTIME CHECKS - Runtime checks on a program may be used to determine whether a pointer points to a legitimate target before the pointer is dereferenced. Legitimate addresses, such as address-taken local variables (ATLVs), global variables, heap locations, functions, etc., are tracked, so that the legitimate targets of pointers are known. The program may be transformed so that, prior to dereferencing a pointer, the pointer is checked to ensure that it points to a legitimate address. If the pointer points to a legitimate address, then the dereferencing may proceed. Otherwise, an error routine may be invoked. One example way to keep track of legitimate addresses is to group address-taken variables together within a specific range or ranges of memory addresses, and to check that a pointer has a value within that range prior to dereferencing the pointer. However, addresses may be tracked in other ways. | 07-29-2010 |
20110119500 | SAVING AND RETRIEVING DATA BASED ON PUBLIC KEY ENCRYPTION - In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows the data to be obtained from the ciphertext only if one or more conditions are satisfied. In accordance with another aspect, a bit string is received from a calling program. Data in the bit string is decrypted using public key decryption and returned to the calling program only if one or more conditions included in the bit string are satisfied. | 05-19-2011 |
20110119501 | SAVING AND RETRIEVING DATA BASED ON PUBLIC KEY ENCRYPTION - In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows the data to be obtained from the ciphertext only if one or more conditions are satisfied. In accordance with another aspect, a bit string is received from a calling program. Data in the bit string is decrypted using public key decryption and returned to the calling program only if one or more conditions included in the bit string are satisfied. | 05-19-2011 |
20110119502 | SAVING AND RETRIEVING DATA BASED ON PUBLIC KEY ENCRYPTION - In accordance with certain aspects, bound key operations on ciphertext and/or data are implemented. A bound key operation can receive both data to be signed and a bound key blob that is bound to one or more processors, recover a private key from the bound key blob, and generate a digital signature over the data using the private key. A bound key operation can alternatively receive both ciphertext and a bound key or bound key structure bound to one or more processors, recover or reconstruct a private key based on the bound key or bound key structure, and use the private key to generate plaintext corresponding to the ciphertext. | 05-19-2011 |
20110119505 | SAVING AND RETRIEVING DATA BASED ON PUBLIC KEY ENCRYPTION - In accordance with certain aspects, data is received and a digital signature is generated and output. The digital signature can be a digital signature of the data and one or more conditions that are to be satisfied in order for the data to be revealed, or a digital signature over data generated using a private key associated with a bound key that is bound to one or more processors. | 05-19-2011 |
20110138476 | Software Fault Isolation Using Byte-Granularity Memory Protection - Software fault isolation methods using byte-granularity memory protection are described. In an embodiment, untrusted drivers or other extensions to a software system are run in a separate domain from the host portion of the software system, but share the same address space as the host portion. Calls between domains are mediated using an interposition library and access control data is maintained for substantially each byte of relevant virtual address space. Instrumentation added to the untrusted extension at compile-time, before load-time, or at runtime and added by the interposition library enforces the isolation between domains, for example by adding access right checks before any writes or indirect calls and by redirecting function calls to call wrappers in the interposition library. The instrumentation also updates the access control data to grant and revoke access rights on a fine granularity according to the semantics of the operation being invoked. | 06-09-2011 |
20110154057 | SAVING AND RETRIEVING DATA BASED ON PUBLIC KEY ENCRYPTION - In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows the data to be obtained from the ciphertext only if one or more conditions are satisfied. In accordance with another aspect, a bit string is received from a calling program. Data in the bit string is decrypted using public key decryption and returned to the calling program only if one or more conditions included in the bit string are satisfied. | 06-23-2011 |
20110265182 | MALWARE INVESTIGATION BY ANALYZING COMPUTER MEMORY - Technology is described for malware investigation by analyzing computer memory in a computing device. The method can include performing static analysis on code for a software environment to form an extended type graph. A raw memory snapshot of the computer memory can be obtained at runtime. The raw memory snapshot may include the software environment executing on the computing device. Dynamic data structures can be found in the raw memory snapshot using the extended type graph to form an object graph. An authorized memory area can be defined having executable code, static data structures, and dynamic data structures. Implicit and explicit function pointers can be identified. The function pointers can be checked to validate that the function pointers reference a valid memory location in the authorized memory area and whether the computer memory is uncompromised. | 10-27-2011 |
20120159103 | SYSTEM AND METHOD FOR PROVIDING STEALTH MEMORY - The described implementations relate to computer memory. One implementation provides a technique that can include providing stealth memory to an application. The stealth memory can have an associated physical address on a memory device. The technique can also include identifying a cache line of a cache that is mapped to the physical address associated with the stealth page, and locking one or more other physical addresses on the memory device that also map to the cache line. | 06-21-2012 |
20130055207 | DEMAND-DRIVEN ANALYSIS OF POINTERS FOR SOFTWARE PROGRAM ANALYSIS AND DEBUGGING - A “Demand-Driven Pointer Analyzer” (DDPA) provides a “demand-driven” field-sensitive pointer analysis process. This process rapidly and accurately identifies alias sets for selected pointers in software modules or programs of any size, including large-scale C/C++ programs such as a complete operating system (OS). The DDPA formulates the pointer analysis task as a Context-Free Language (CFL) reachability problem that operates using a Program Expression Graph (PEG) automatically constructed from the program code. The PEG provides a node and edge-based graph representation of all expressions and assignments in the program and allows the DDPA to rapidly identify aliases for pointers in the program by traversing the graph as a CFL reachability problem to determine pointer alias sets. In various embodiments, the DDPA is also context-sensitive. | 02-28-2013 |
20130151846 | Cryptographic Certification of Secure Hosted Execution Environments - Implementations for providing a secure execution environment with a hosted computer are described. A security-enabled processor establishes a hardware-protected memory area with an activation state that executes only software identified by a client system. The hardware-protected memory area is inaccessible by code that executes outside the hardware-protected memory area. A certification is transmitted to the client system to indicate that the secure execution environment is established, in its activation state, with only the software identified by the request. | 06-13-2013 |
20130151848 | CRYPTOGRAPHIC CERTIFICATION OF SECURE HOSTED EXECUTION ENVIRONMENTS - Implementations for providing a persistent secure execution environment with a hosted computer are described. A host operating system of a computing system provides an encrypted checkpoint to a persistence module that executes in a secure execution environment of a hardware-protected memory area initialized by a security-enabled processor. The encrypted checkpoint is derived at least partly from another secure execution environment that is cryptographically certifiable as including another hardware-protected memory area established in an activation state to refrain from executing software not trusted by the client system. | 06-13-2013 |
20130152207 | DATA ACCESS REPORTING PLATFORM FOR SECURE ACTIVE MONITORING - Technologies pertaining to detecting accesses to monitored regions of memory and transmitting data to a protection system responsive to the detecting are described herein. A region of memory that includes objects in an object graph utilized by an operating system to determine which processes to execute and an order to execute such processes is monitored. If a process executing on a processor attempts to write to an object in the object graph, a field that is being written to is identified, and a determination is made regarding whether the field includes a pointer. Based upon whether the field includes a pointer, a type of write desirably undertaken by the object is ascertained, and an object event is transmitted to the protection system that informs the protection system of the type of write. | 06-13-2013 |
20130152209 | Facilitating System Service Request Interactions for Hardware-Protected Applications - Described herein are implementations for providing a platform adaptation layer that enables applications to execute inside a user-mode hardware-protected isolation container while utilizing host platform resources that reside outside of the isolation container. The platform adaptation layer facilitates a system service request interaction between the application and the host platform. As part of the facilitating, a secure services component of the platform adaptation layer performs a security-relevant action. | 06-13-2013 |
20130160133 | Code Base Partitioning System - The subject disclosure is directed towards partitioning a code base of a program into a trusted portion and an untrusted portion. After identifying sensitive data within the code base using annotation information, one or more program elements that correspond to the sensitive data are automatically transformed into secure program elements that can be retained in the untrusted portion of the code base. Cryptographic techniques are used to minimize a potential size of the trusted portion of the code base. Source files for the trusted portion and the untrusted portion are generated. | 06-20-2013 |
20130254829 | Securing A Computing Environment Against Malicious Entities - The subject disclosure is directed towards securing network data traffic through a trusted partition of the computing environment. A proxy service may communicate transaction data from a client to security-critical code within the trusted partition, which compares the transaction data to a security policy from a commercial electronic entity. If the transaction data includes malicious content, a security component framework of the trusted partition may reject the transaction data and terminate communications with the client. If the transaction data does not include malicious content, the security component framework may communicate a secured version of the transaction data and retrieve response data from the commercial electronic entity, which may be further communicated back to the client. | 09-26-2013 |
20130282934 | Methods and Systems for Protecting Data in USB Systems - The various embodiments described below are directed to providing authenticated and confidential messaging from software executing on a host (e.g. a secure software application or security kernel) to and from I/O devices operating on a USB bus. The embodiments can protect against attacks that are levied by software executing on a host computer. In some embodiments, a secure functional component or module is provided and can use encryption techniques to provide protection against observation and manipulation of USB data. In other embodiments, USB data can be protected through techniques that do not utilized (or are not required to utilize) encryption techniques. In accordance with these embodiments, USB devices can be designated as “secure” and, hence, data sent over the USB to and from such designated devices can be provided into protected memory. Memory indirection techniques can be utilized to ensure that data to and from secure devices is protected. | 10-24-2013 |
20140372717 | Fast and Secure Virtual Machine Memory Checkpointing - Aspects of the subject disclosure are directed towards efficiently and securely capturing virtual machine memory checkpoints via a post-copy scheme that runs outside of the virtual machines. To reduce the volume of data that has to be captured a dictionary of cryptographic hashes of pages captured in previous checkpoints is used, so that pages already in the dictionary may be represented by the hash value in the current checkpoint. Further, unused memory is identified by leveraging virtual machine introspection techniques outside the virtual machine to walk guest process lists and page tables. | 12-18-2014 |
20140373087 | Automatic Code and Data Separation of Web Application - Aspects of the subject disclosure are directed towards detecting instances within a web application where code and data are not separated, e.g., inline code in the application. One or more implementations automatically transform the web application into a transformed version where code and data are clearly separated, e.g., inline code is moved into external files. The transformation protects against a large class of cross-site scripting attacks. | 12-18-2014 |
20150067272 | SYSTEM AND METHOD FOR PROVIDING STEALTH MEMORY - The described implementations relate to computer memory. One implementation provides a technique that can include providing stealth memory to an application. The stealth memory can have an associated physical address on a memory device. The technique can also include identifying a cache line of a cache that is mapped to the physical address associated with the stealth page, and locking one or more other physical addresses on the memory device that also map to the cache line. | 03-05-2015 |