Constraint injection system for immunizing software programs...

Information security – Monitoring or scanning of software or data including attack... – Vulnerability assessment

Reexamination Certificate

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C726S022000

Reexamination Certificate

active

07945958

ABSTRACT:
A constraint is inserted into a program to address a vulnerability of the program to attacks. The constraint includes a segment of code that determines when the program has been asked to execute a “corner case” which does not occur in normal operations. The constraint code can access a library of detector and remediator functions to detect various attacks and remediate against them. Optionally, the detector can be employed without the remediator for analysis. The context of the program can be saved and restored if necessary to continue operating after remediation is performed. The constraints can include descriptors, along with machine instructions or byte code, which indicate how the constraints are to be used.

REFERENCES:
patent: 5193180 (1993-03-01), Hastings
patent: 5974549 (1999-10-01), Golan
patent: 6185669 (2001-02-01), Hsu
patent: 6189141 (2001-02-01), Benitez
patent: 6199202 (2001-03-01), Coutant
patent: 6205545 (2001-03-01), Shah
patent: 6219832 (2001-04-01), Buzbee
patent: 6223339 (2001-04-01), Shah
patent: 6237065 (2001-05-01), Banjeria
patent: 6243668 (2001-06-01), Le
patent: 6247172 (2001-06-01), Dunn
patent: 6255744 (2001-07-01), Shih
patent: 6275981 (2001-08-01), Buzbee
patent: 6279081 (2001-08-01), Spencer
patent: 6295644 (2001-09-01), Hsu
patent: 6298445 (2001-10-01), Shostack
patent: 6301699 (2001-10-01), Hollander
patent: 6314560 (2001-11-01), Dunn
patent: 6317870 (2001-11-01), Mattson, Jr.
patent: 6327704 (2001-12-01), Mattson, Jr.
patent: 6351844 (2002-02-01), Bala
patent: 6374331 (2002-04-01), Janakiraman
patent: 6377287 (2002-04-01), Hao
patent: 6378029 (2002-04-01), Venkitakrishnan
patent: 6412071 (2002-06-01), Hollander
patent: 6418530 (2002-07-01), Hsu
patent: 6430675 (2002-08-01), Hsu
patent: 6430741 (2002-08-01), Mattson, Jr.
patent: 6453411 (2002-09-01), Hsu
patent: 6470492 (2002-10-01), Bala
patent: 6792546 (2004-09-01), Shanklin
patent: 6895460 (2005-05-01), Desoli
patent: 6907519 (2005-06-01), Desoli
patent: 6915513 (2005-07-01), Deustewald
patent: 6920550 (2005-07-01), Desoli
patent: 6928536 (2005-08-01), Deusterwald
patent: 6976073 (2005-12-01), Desoli
patent: 6993754 (2006-01-01), Freudenberger
patent: 7032114 (2006-04-01), Moran
patent: 7043756 (2006-05-01), Tsafnat
patent: 7051340 (2006-05-01), Fisher
patent: 7409713 (2008-08-01), Witmann
patent: 7500226 (2009-03-01), Tillmann et al.
patent: 7685640 (2010-03-01), Azadet et al.
patent: 2002/0152455 (2002-10-01), Hundt et al.
patent: 2002/0184618 (2002-12-01), Bala
patent: 2002/0199172 (2002-12-01), Bunnell
patent: 2003/0033593 (2003-02-01), Beusterwald
patent: 2003/0065929 (2003-04-01), Milliken
patent: 2003/0101381 (2003-05-01), Mateev et al.
patent: 2003/0101439 (2003-05-01), Desoli
patent: 2003/0110478 (2003-06-01), Deusterwald
patent: 2003/0182653 (2003-09-01), Desoli
patent: 2003/0188174 (2003-10-01), Zisowski
patent: 2003/0192035 (2003-10-01), Deusterwald
patent: 2004/0015712 (2004-01-01), Szor
patent: 2004/0025165 (2004-02-01), Desoli
patent: 2004/0034794 (2004-02-01), Mayer
patent: 2004/0064722 (2004-04-01), Neelay et al.
patent: 2004/0133777 (2004-07-01), Kiriansky et al.
patent: 2004/0255163 (2004-12-01), Swimmer
patent: 2005/0005152 (2005-01-01), Singh
patent: 2005/0010804 (2005-01-01), Bruening
patent: 2005/0108562 (2005-05-01), Khazan et al.
patent: 2006/0021029 (2006-01-01), Brickell et al.
patent: 2006/0075496 (2006-04-01), Carpenter
patent: 2006/0098585 (2006-05-01), Singh
patent: 1475909 (2004-02-01), None
Baratloo, et al., “Transparent Run-Time Defense Against Stack Smashing Attacks,” Proceedings of the USENIX Annual Technical Conference, Jun. 2000.
Bruening, et al., “Design and Implementation of a Dymanic Optimization Framework for Windows,” 4th Workshop on Feedback-Directed and Dymamic Optimization, Austin, Texas, Dec. 1, 2001.
Cowan, et al., “StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks,” In Proc. 7th USENIX Security Symposium, pp. 63-78, San Antonio, Texas, Jan. 1998.
Erlingsson, et al., “SASI Enforcement of Security Policies: A Retrospective”, Proc. of the New Security Paradigms Workshop, Ontario, Canada, Sep. 22-24, 1999.
Frantzen, et al., “StackGhost: Hardware Facilitated Stack Protection,” In Proc. 10th USENIX Security Symposium, Washington, DC, Aug. 2001.
Ko, et al., “Detecting and Countering System Intrusions Using Software Wrappers,” In Proc. 9th USENIX Security Symposium, Denver, Colorado, Aug. 2000.
Schneider, “Enforceable Security Policies,” ACM Transactions on Information and System Security, vol. 3, No. 1, pp. 30-50, Feb. 2000.
Scott, et al., “Strata: A Software Dynamic Translation Infrastructure,” Workshop on Binary Translation Infrastructure, Sep. 8, 2001.
Wagner, et al., “Intrusion Detection via Static Analysis,” In IEEE Symposium on Security and Privacy, 2001.
Cowan, et al., “FormatGuard: AutomaticProtection From printf Format String Vulnerabilities,” In Proc. 10th USENIX Security Symposium, 9 pages, Washington, D.C., Aug. 2001.
Bala, et al., “Dynamo: A Transparent Dynamic Optimization System,” Proc. of the ACM SIGPLAN Conf., PLDI, Jun. 2000.
Chen, et al., “Mojo: A Dynamic Optimization System,” In 3rd ACM Workshop on Feedback-Directed and Dynamic Optimization, Dec. 2000.
Cmelik, et al., “Shade: A Fast Instruction-Set Simulator for Execution Profiling,” SIGMETRICS, 1994.
Hastings, et al., “Purify: Fast Detection of Memory Leaks and Access Errors,” Proceedings of the Winter USENIX Conference, pp. 125-136, Jan. 1992.
Hollingsworth, et al., “Dynamic Program Instrumentation for Scalable Performance Tools,” Scalable High Performance Computing Confernce, Knoxville, May 1994.
Larus, et al., “Rewriting Executable Files to Measure Program Behavior,” Software Practice and Experience, vol. 24 (2), pp. 197-218, Mar. 25, 1992.
Ung, et al., “Machine-Adaptable Dynamic Binary Translation,” Proc. of the ACM SIGPLAN Workshop on Dynamic and Adaptive Compilation and Optimization, Jan. 2000.
Das, “Unification-based Pointer Analysis with Directional Assignments,” In Proc ACM SIGPLAN Conf on Programming Language Design and Implementation, Vancouver, BC, Canada, Jun. 2000.
Schultz, et al., “Data Mining Methods for Detection of new Malicious Executables,” In Proc. of the 2001 IEEE Symposium on Security and Privacy, 12 pages, 2001.
PCT Search Report for PCT/US06/21981, dated Feb. 1, 2007.
Chinese Office Action for Patent Application 200680029009.9, dated Jun. 21, 2010.

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Constraint injection system for immunizing software programs... does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Constraint injection system for immunizing software programs..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Constraint injection system for immunizing software programs... will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-2706283

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.