CN106462429A - 出于安全的原因对各种软件模块的多个功能等效的变型的动态修补 - Google Patents

出于安全的原因对各种软件模块的多个功能等效的变型的动态修补 Download PDF

Info

Publication number
CN106462429A
CN106462429A CN201580033978.0A CN201580033978A CN106462429A CN 106462429 A CN106462429 A CN 106462429A CN 201580033978 A CN201580033978 A CN 201580033978A CN 106462429 A CN106462429 A CN 106462429A
Authority
CN
China
Prior art keywords
module
software
modification
processor
identifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201580033978.0A
Other languages
English (en)
Chinese (zh)
Inventor
N·伊斯兰
R·古普塔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qualcomm Inc
Original Assignee
Qualcomm Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qualcomm Inc filed Critical Qualcomm Inc
Publication of CN106462429A publication Critical patent/CN106462429A/zh
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • G06F8/656Updates while running
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44536Selecting among different versions
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Stored Programmes (AREA)
CN201580033978.0A 2014-06-27 2015-06-16 出于安全的原因对各种软件模块的多个功能等效的变型的动态修补 Pending CN106462429A (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US14/316,961 US10019569B2 (en) 2014-06-27 2014-06-27 Dynamic patching for diversity-based software security
US14/316,961 2014-06-27
PCT/US2015/036014 WO2015200046A1 (en) 2014-06-27 2015-06-16 Dynamic patching of multiple, functionally equivalent variations of various software modules for security reasons

Publications (1)

Publication Number Publication Date
CN106462429A true CN106462429A (zh) 2017-02-22

Family

ID=53496961

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201580033978.0A Pending CN106462429A (zh) 2014-06-27 2015-06-16 出于安全的原因对各种软件模块的多个功能等效的变型的动态修补

Country Status (5)

Country Link
US (1) US10019569B2 (enExample)
EP (1) EP3161624A1 (enExample)
JP (1) JP6513716B2 (enExample)
CN (1) CN106462429A (enExample)
WO (1) WO2015200046A1 (enExample)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113253948A (zh) * 2020-02-12 2021-08-13 富士胶片商业创新有限公司 信息处理装置、信息处理系统、记录介质及信息处理方法

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8510596B1 (en) 2006-02-09 2013-08-13 Virsec Systems, Inc. System and methods for run time detection and correction of memory corruption
KR102368170B1 (ko) 2013-09-12 2022-02-25 버섹 시스템즈, 인코포레이션 멀웨어의 자동화된 런타임 검출
WO2015200511A1 (en) 2014-06-24 2015-12-30 Virsec Systems, Inc. System and methods for automated detection of input and output validation and resource management vulnerability
EP2963891A1 (en) * 2014-07-04 2016-01-06 Doro AB Improved remote assistance for a mobile communications terminal
US9772837B2 (en) * 2015-06-29 2017-09-26 Verizon Patent And Licensing Inc. Dynamic delivery of code and fixes
CA3027728A1 (en) * 2016-06-16 2017-12-21 Virsec Systems, Inc. Systems and methods for remediating memory corruption in a computer application
EP3437011B1 (en) * 2016-07-28 2020-12-16 Hewlett-Packard Development Company, L.P. Code package variants
GB2563618B (en) * 2017-06-20 2020-09-16 Arm Ip Ltd Electronic system vulnerability assessment
JP6759169B2 (ja) * 2017-09-11 2020-09-23 株式会社東芝 情報処理装置、情報処理方法、および情報処理プログラム
US10671513B2 (en) * 2018-06-11 2020-06-02 Walgreen Co. System and method of capturing system configuration data to resolve an application malfunction
US12170684B2 (en) 2018-07-25 2024-12-17 Arizona Board Of Regents On Behalf Of Arizona State University Systems and methods for predicting the likelihood of cyber-threats leveraging intelligence associated with hacker communities
US11520900B2 (en) 2018-08-22 2022-12-06 Arizona Board Of Regents On Behalf Of Arizona State University Systems and methods for a text mining approach for predicting exploitation of vulnerabilities
EP3722981B1 (en) 2019-04-12 2025-01-01 Nxp B.V. System and method for applying patches to executable codes
WO2020236960A1 (en) 2019-05-20 2020-11-26 Cyber Reconnaissance, Inc. Systems and methods for calculating aggregation risk and systemic risk across a population of organizations
CN111338942B (zh) * 2020-02-21 2022-09-09 郑州昂视信息科技有限公司 一种软件多样性的评估方法及系统
US12197586B2 (en) 2022-05-16 2025-01-14 Microsoft Technology Licensing, Llc Systems and processes for facilitating edits to software bill of materials
US12333020B2 (en) 2022-05-16 2025-06-17 Microsoft Technology Licensing, Llc Systems and processes for creating software bill of materials for large distributed builds
US20230367883A1 (en) * 2022-05-16 2023-11-16 Microsoft Technology Licensing, Llc Systems and processes for tailoring risk mitigation of threat events associated with software bill of materials

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130014275A1 (en) * 2010-03-31 2013-01-10 Irdeto Canada Corporation Method For Linking and Loading to Protect Applications
US20130219498A1 (en) * 2012-02-16 2013-08-22 Electronics And Telecommunications Research Institute Mobile terminal having security diagnosis functionality and method of making diagnosis on security of mobile terminal
CN103809996A (zh) * 2012-11-08 2014-05-21 辉达公司 对移动计算设备传播经更新驱动程序的方法和其传播系统

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060185018A1 (en) * 2005-02-17 2006-08-17 Microsoft Corporation Systems and methods for shielding an identified vulnerability
US20080016314A1 (en) 2006-07-12 2008-01-17 Lixin Li Diversity-based security system and method
US9128741B2 (en) * 2007-10-05 2015-09-08 Mcafee, Inc. System, method, and computer program product for conditionally preventing use of hardware virtualization
US9058483B2 (en) * 2008-05-08 2015-06-16 Google Inc. Method for validating an untrusted native code module
US8706745B1 (en) * 2008-05-30 2014-04-22 Symantec Corporation Systems and methods for determining a file set
US8321949B1 (en) * 2008-08-29 2012-11-27 Adobe Systems Incorporated Managing software run in a computing system
WO2013138895A1 (en) * 2012-03-22 2013-09-26 Irdeto Canada Corporation Updating software components
US9210044B2 (en) 2012-07-27 2015-12-08 Dell Products L.P. Automated remediation with an appliance
JP6013613B2 (ja) * 2012-10-19 2016-10-25 マカフィー, インコーポレイテッド モバイル・アプリケーション管理
US9189619B2 (en) * 2012-11-13 2015-11-17 International Business Machines Corporation Runtime based application security and regulatory compliance in cloud environment
US20140259168A1 (en) * 2013-03-11 2014-09-11 Alcatel-Lucent Usa Inc. Malware identification using a hybrid host and network based approach

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130014275A1 (en) * 2010-03-31 2013-01-10 Irdeto Canada Corporation Method For Linking and Loading to Protect Applications
US20130219498A1 (en) * 2012-02-16 2013-08-22 Electronics And Telecommunications Research Institute Mobile terminal having security diagnosis functionality and method of making diagnosis on security of mobile terminal
CN103809996A (zh) * 2012-11-08 2014-05-21 辉达公司 对移动计算设备传播经更新驱动程序的方法和其传播系统

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113253948A (zh) * 2020-02-12 2021-08-13 富士胶片商业创新有限公司 信息处理装置、信息处理系统、记录介质及信息处理方法

Also Published As

Publication number Publication date
US10019569B2 (en) 2018-07-10
WO2015200046A1 (en) 2015-12-30
JP6513716B2 (ja) 2019-05-15
US20150379262A1 (en) 2015-12-31
EP3161624A1 (en) 2017-05-03
JP2017523511A (ja) 2017-08-17

Similar Documents

Publication Publication Date Title
CN106462429A (zh) 出于安全的原因对各种软件模块的多个功能等效的变型的动态修补
US12198147B2 (en) Systems and methods for an IoT device registry that provides for dynamic trust ratings of registered devices
US12118284B2 (en) Verifying integrity of controller software updates
US12155657B2 (en) Systems and methods for an internet of things device registry display
US12206550B2 (en) Systems and methods of remotely updating a multitude of IP connected devices
CN103368904B (zh) 移动终端、可疑行为检测及判定系统和方法
KR101143999B1 (ko) Api 기반 어플리케이션 분석 장치 및 방법
CN109918285B (zh) 一种开源软件的安全识别方法及装置
CN103890770A (zh) 在移动网络环境中将应用列入白列表的系统和方法
JP2015092374A5 (enExample)
CN110995825B (zh) 一种智能合约的发布方法、智能节点设备及存储介质
CN104809397A (zh) 一种基于动态监控的Android恶意软件的检测方法及系统
CN104036194B (zh) 一种应用程序中泄露隐私数据的漏洞检测方法及装置
CN105389263A (zh) 应用软件权限监控方法、系统及设备
US20240419811A1 (en) System and method for governance and management of enterprise software
KR102694536B1 (ko) 공급망 보안 관리 서비스 제공 시스템
CN114117414A (zh) 移动应用的安全防护系统、方法、设备及存储介质
CN103885798A (zh) 一种数据处理方法及电子设备
Newman et al. Making the internet of things sustainable: an evidence based practical approach in finding solutions for yet to be discussed challenges in the internet of things
CN111831296A (zh) 应用程序更新方法、终端设备和计算机可读存储介质
US20250209155A1 (en) Security reserve modes for certified systems
CN120386712A (zh) 程序验证方法、装置、产品、设备和介质
Woody Engineered to Be Secure
CN121193633A (zh) 流量回放测试方法、装置、电子设备、计算机可读存储介质及计算机程序产品
CN119249431A (zh) 软件供应链的安全检测方法、装置、存储介质及电子设备

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20170222