Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2006-04-18
2010-06-08
Hoffman, Brandon S (Department: 2436)
Information security
Monitoring or scanning of software or data including attack...
C713S166000
Reexamination Certificate
active
07735136
ABSTRACT:
Protected software, such as an application and/or DLL, is monitored by protective software to guard against attacks, while distinguishing spurious, benign events from attacks. In a 1-touch approach, the protected software is monitored in a testing environment to detect spurious, benign events caused by, e.g., incompatibility or interoperability problems. The spurious events can be remediated in different ways, such as by applying a relaxed security policy. In a production mode, or 0-touch mode, when the protected software is subject to attacks, the corresponding remediation can be applied when the spurious events are again detected. Security events which occur in production mode can also be treated as benign when they occur within a specified time window. The applications and/or DLLs can further be classified according to whether they are known to have bad properties, known to be well-behaved, or unknown. Appropriate treatment is provided based on the classification.
REFERENCES:
patent: 5193180 (1993-03-01), Hastings
patent: 5974549 (1999-10-01), Golan
patent: 6185669 (2001-02-01), Hsu
patent: 6189141 (2001-02-01), Benitez
patent: 6199202 (2001-03-01), Coutant
patent: 6205545 (2001-03-01), Shah
patent: 6219832 (2001-04-01), Buzbee
patent: 6223339 (2001-04-01), Shah
patent: 6237065 (2001-05-01), Banerjia et al.
patent: 6243668 (2001-06-01), Le
patent: 6247172 (2001-06-01), Dunn
patent: 6255744 (2001-07-01), Shih
patent: 6275981 (2001-08-01), Buzbee
patent: 6279081 (2001-08-01), Spencer
patent: 6295644 (2001-09-01), Hsu
patent: 6301699 (2001-10-01), Hollander et al.
patent: 6314560 (2001-11-01), Dunn
patent: 6317870 (2001-11-01), Mattson, Jr.
patent: 6327704 (2001-12-01), Mattson, Jr.
patent: 6351844 (2002-02-01), Bala
patent: 6374331 (2002-04-01), Janakiraman
patent: 6377287 (2002-04-01), Hao
patent: 6378029 (2002-04-01), Venkitakrishnan
patent: 6412071 (2002-06-01), Hollander et al.
patent: 6418530 (2002-07-01), Hsu
patent: 6430675 (2002-08-01), Hsu
patent: 6430741 (2002-08-01), Mattson, Jr.
patent: 6453411 (2002-09-01), Hsu
patent: 6470492 (2002-10-01), Bala et al.
patent: 6792546 (2004-09-01), Shanklin
patent: 6895460 (2005-05-01), Desoli
patent: 6907519 (2005-06-01), Desoli
patent: 6915513 (2005-07-01), Duesterwald
patent: 6920550 (2005-07-01), Desoli
patent: 6928536 (2005-08-01), Duesterwald
patent: 6976073 (2005-12-01), Desoli
patent: 6993754 (2006-01-01), Freudenberger
patent: 7032114 (2006-04-01), Moran
patent: 7043756 (2006-05-01), Tsafnat
patent: 2002/0184618 (2002-12-01), Bala
patent: 2003/0033593 (2003-02-01), Duesterwald
patent: 2003/0101292 (2003-05-01), Fisher
patent: 2003/0101381 (2003-05-01), Mateev
patent: 2003/0101439 (2003-05-01), Desoli
patent: 2003/0110478 (2003-06-01), Duesterwald
patent: 2003/0182653 (2003-09-01), Desoli
patent: 2003/0192035 (2003-10-01), Duesterwald
patent: 2004/0025165 (2004-02-01), Desoli
patent: 2004/0133777 (2004-07-01), Kiriansky et al.
patent: 2004/0255163 (2004-12-01), Swimmer
patent: 2005/0010804 (2005-01-01), Bruening
patent: 2006/0075496 (2006-04-01), Carpenter
patent: 2006/0098585 (2006-05-01), Singh
Baratloo, et al., “Transparent Run-Time Defense Against Stack Smashing Attacks,” Proceedings of the USENIX Annual Technical Conference, Jun. 2000.
Bruening, et al., “Design and Implementation of a Dymanic Optimization Framework for Windows,” 4th Workshop on Feedback-Directed and Dymamic Optimization, Austin, Texas, Dec. 1, 2001.
Cowan, et al., “StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks,” In Proc. 7th USENIX Security Symposium, pp. 63-78, San Antonio. Texas, Jan. 1998.
Erlingsson, et al., “SASI Enforcement of Security Policies: A Retrospective”, Proc. of the New Security Paradigms Workshop, Ontario, Canada, Sep. 22-24, 1999.
Frantzen, et al., “StackGhost: Hardware Facilitated Stack Protection,” In Proc. 10th USENIX Security Symposium, Washington, DC, Aug. 2001.
Ko, et al., “Detecting and Countering System Intrusions Using Software Wrappers,” In Proc. 9th USENIX Security Symposium, Denver, Colorado, Aug. 2000.
Schneider, “Enforceable Security Policies,” ACM Transactions on Information and System Security, vol. 3, No. 1, pp. 30-50, Feb. 2000.
Scott, et al., “Strata: A Software Dynamic Translation Infrastructure,” Workshop on Binary Translation Infrastructure, Sep. 8, 2001.
Wagner, et al., “Intrusion Detection via Static Analysis,” In IEEE Symposium on Security and Privacy, 2001.
Cowan, et al., “FormatGuard: AutomaticProtection From printf Format String Vulnerabilities,” In Proc. 10th USENIX Security Symposium. 9 pages, Washington, D.C., Aug. 2001.
Bala, et al., “Dynamo: A Transparent Dynamic Optimization System,” Proc. of the ACM SIGPLAN Conf., PLDI, Jun. 2000.
Chen, et al., “Mojo: A Dynamic Optimization System,” In 3rd ACM Workshop on Feedback-Directed and Dynamic Optimization, Dec. 2000.
Cmelik, et al., “Shade: A Fast Instruction-Set Simulator for Execution Profiling,” SIGMETRICS, 1994.
Hastings, et al., “Purify: Fast Detection of Memory Leaks and Access Errors,” Proceedings of the Winter USENIX Conference, pp. 125-136, Jan. 1992.
Hollingsworth, et al., “Dynamic Program Instrumentation for Scalable Performance Tools,” Scalable High Performance Computing Confernce, Knoxville, May 1994.
Larus, et al, “Rewriting Executable Files to Measure Program Behavior,” Software Practice and Experience, vol. 24(2), pp. 197-218, Mar. 25, 1992.
Ung, et al, “Machine-Adaptable Dynamic Binary Translation,” Proc. of the ACM SIGPLAN Workshop on Dynamic and Adaptive Compilation and Optimization, Jan. 2000.
Das, “Unification-based Pointer Analysis with Directional Assignments,” In Proc ACM SIGPLAN Conf on Programming Language Design and Implementation, Vancouver, BC, Canada, Jun. 2000.
Kiriansky, et al., “Secure Execution Via Program Shepherding,” Laboratory for Computer Science, Massachusetts Institute of Technology, Cambridge, MA, 2002.
Schultz, et al., “Data Mining Methods for Detection of new Malicious Executables,” In Proc. of the 2001 IEEE Symposium on Security and Privacy, 12 pages, 2001.
Amarasinghe Saman P.
Brink James
Bruening Derek
Chandramohan Bharath
Garnett Tim
Hoffman Brandon S
VMware, Inc.
LandOfFree
0-touch and 1-touch techniques for improving the... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with 0-touch and 1-touch techniques for improving the..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and 0-touch and 1-touch techniques for improving the... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4203418