JP2009140485A - ソフトウェアコンポーネントをホワイトリストに登録する方法およびシステム - Google Patents
ソフトウェアコンポーネントをホワイトリストに登録する方法およびシステム Download PDFInfo
- Publication number
- JP2009140485A JP2009140485A JP2008287882A JP2008287882A JP2009140485A JP 2009140485 A JP2009140485 A JP 2009140485A JP 2008287882 A JP2008287882 A JP 2008287882A JP 2008287882 A JP2008287882 A JP 2008287882A JP 2009140485 A JP2009140485 A JP 2009140485A
- Authority
- JP
- Japan
- Prior art keywords
- software component
- operating environment
- information
- component
- valid
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2149—Restricted operating environment
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Stored Programmes (AREA)
- Debugging And Monitoring (AREA)
Abstract
【解決手段】第1のオペレーティング環境においては、ロードされ実行される第1のソフトウェアコンポーネントに関するランタイム情報が収集されうる。収集された情報は、第1のオペレーティング環境から隔離された第2のオペレーティング環境の第2のソフトウェアコンポーネントに伝達されうる。収集されたランタイム情報は、第1のソフトウェアコンポーネントに関する有効な情報一式と比較されうる。
【選択図】図4
Description
Claims (15)
- 第1のオペレーティング環境にロードされた第1のソフトウェアコンポーネントを実行することと、
前記第1のソフトウェアコンポーネントに関するランタイム情報を前記第1のオペレーティング環境で収集することと、
前記第1のオペレーティング環境から隔離された第2のオペレーティング環境の第2のソフトウェアコンポーネントに、前記収集されたランタイム情報を伝達することと、
前記収集されたランタイム情報を、前記第1のソフトウェアコンポーネントに関する有効な情報一式と比較することと、
前記収集されたランタイム情報が前記有効な情報一式と整合しない場合、警告を発令することと、を含む方法。 - 前記収集された情報は、コード、データ、外部シンボルテーブル、およびリロケーション情報のうち1以上を含む、請求項1に記載の方法。
- 前記第1のソフトウェアコンポーネントのインポートアドレステーブルおよびエクスポートポインタの状態データ一式を記憶することと、
前記状態データを、前記第1のソフトウェアコンポーネントに関する前記有効な情報一式と比較することと、を含む、請求項2に記載の方法。 - 記憶装置から、有効な割り込みハンドラエントリ一式を読み出すことと、
記録されている割り込みハンドラエントリ一式が、有効なインポートオフセットおよびエクスポートオフセットを示すことを検証することと、を含む、請求項3に記載の方法。 - 前記第1のソフトウェアコンポーネントの1以上の従属ソフトウェアコンポーネントを検証することを含む、請求項1から請求項4の何れかに記載の方法。
- 前記第1のオペレーティング環境は仮想化されており、前記第2のオペレーティング環境は仮想マシンマネージャである、請求項1から請求項5の何れかに記載の方法。
- 前記第1のオペレーティング環境は、仮想化されていないオペレーティングシステムである、請求項1から請求項5の何れかに記載の方法。
- 前記収集されたランタイム情報を伝達することは、前記収集されたランタイム情報を前記第2のオペレーティング環境の共有メモリを介して伝達することを含む、請求項1から請求項7の何れかに記載の方法。
- 第1のオペレーティング環境で実行される第1のソフトウェアコンポーネントと、
前記第1のオペレーティング環境で実行され、前記第1のソフトウェアコンポーネントに関するランタイム情報を収集し、前記収集されたランタイム情報を伝達する第2のソフトウェアコンポーネントと、
第1のオペレーティング環境から隔離された第2のオペレーティング環境で実行され、前記収集されたランタイム情報を受信し、前記収集されたランタイム情報を、前記第1のソフトウェアコンポーネントに関する有効な情報一式と比較する、第3のソフトウェアコンポーネントと、を備えるシステム。 - 前記収集された情報は、コード、データ、外部シンボルテーブル、およびリロケーション情報のうち1以上を含む、請求項9に記載のシステム。
- 前記第2のソフトウェアコンポーネントは、前記第1のソフトウェアコンポーネントのインポートアドレステーブルおよびエクスポートポインタの状態データ一式を記憶し、
前記第3のソフトウェアコンポーネントは、前記状態データを、前記第1のソフトウェアコンポーネントに関する前記有効な情報一式と比較する、請求項10に記載のシステム。 - 前記第3のソフトウェアコンポーネントは、記憶装置から、有効な割り込みハンドラエントリ一式を読み出し、記録されている割り込みハンドラエントリ一式が、有効なインポートオフセットおよびエクスポートオフセットを示すことを検証する、請求項11に記載のシステム。
- 前記第3のソフトウェアコンポーネントは、前記第1のソフトウェアコンポーネントの1以上の従属ソフトウェアコンポーネントを検証する、請求項9から請求項12の何れかに記載のシステム。
- 前記第1のオペレーティング環境は仮想化されている、請求項9から請求項13の何れかに記載のシステム。
- 前記第1のソフトウェアコンポーネントは、前記収集されたランタイム情報を前記第2のオペレーティング環境の共有メモリを介して伝達する、請求項9から請求項14の何れかに記載のシステム。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/984,001 | 2007-11-13 | ||
US11/984,001 US8099718B2 (en) | 2007-11-13 | 2007-11-13 | Method and system for whitelisting software components |
Publications (2)
Publication Number | Publication Date |
---|---|
JP2009140485A true JP2009140485A (ja) | 2009-06-25 |
JP4901842B2 JP4901842B2 (ja) | 2012-03-21 |
Family
ID=40342208
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2008287882A Expired - Fee Related JP4901842B2 (ja) | 2007-11-13 | 2008-11-10 | ソフトウェアコンポーネントをホワイトリストに登録する方法およびシステム |
Country Status (4)
Country | Link |
---|---|
US (2) | US8099718B2 (ja) |
EP (1) | EP2063377B1 (ja) |
JP (1) | JP4901842B2 (ja) |
CN (1) | CN101436237B (ja) |
Families Citing this family (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8763115B2 (en) * | 2007-08-08 | 2014-06-24 | Vmware, Inc. | Impeding progress of malicious guest software |
US8099718B2 (en) * | 2007-11-13 | 2012-01-17 | Intel Corporation | Method and system for whitelisting software components |
US8051432B2 (en) | 2008-11-14 | 2011-11-01 | Novell, Inc. | Techniques for establishing virtual devices |
US8776027B2 (en) * | 2009-03-06 | 2014-07-08 | Microsoft Corporation | Extracting and collecting platform use data |
US8776028B1 (en) | 2009-04-04 | 2014-07-08 | Parallels IP Holdings GmbH | Virtual execution environment for software delivery and feedback |
EP2254070A1 (en) * | 2009-05-18 | 2010-11-24 | Nxp B.V. | Secure execution of native code |
US20120036569A1 (en) * | 2010-04-05 | 2012-02-09 | Andrew Cottrell | Securing portable executable modules |
CN102469450B (zh) * | 2010-11-08 | 2014-06-04 | 中国移动通信集团广东有限公司 | 一种手机病毒特征的识别方法及装置 |
US8656494B2 (en) | 2012-02-28 | 2014-02-18 | Kaspersky Lab, Zao | System and method for optimization of antivirus processing of disk files |
US9817951B2 (en) * | 2012-04-06 | 2017-11-14 | Comcast Cable Communications, Llc | System and method for analyzing a device |
US8793661B1 (en) | 2012-04-27 | 2014-07-29 | Google Inc. | Programmer specified conditions for raising exceptions and handling errors detected within programming code |
CN102841672B (zh) * | 2012-07-10 | 2016-03-16 | 上海果壳电子有限公司 | 一种休眠拦截方法及系统 |
CN103634366A (zh) * | 2012-08-27 | 2014-03-12 | 北京千橡网景科技发展有限公司 | 用于识别网络机器人的方法和设备 |
US8930914B2 (en) * | 2013-02-07 | 2015-01-06 | International Business Machines Corporation | System and method for documenting application executions |
US9043758B2 (en) | 2013-03-15 | 2015-05-26 | International Business Machines Corporation | System for generating readable and meaningful descriptions of stream processing source code |
CN105468976B (zh) * | 2015-12-08 | 2019-11-12 | 北京元心科技有限公司 | 一种基于容器的多系统的入侵监控方法和装置 |
US10592669B2 (en) | 2016-06-23 | 2020-03-17 | Vmware, Inc. | Secure booting of computer system |
US10242196B2 (en) * | 2016-07-29 | 2019-03-26 | Vmware, Inc. | Secure booting of computer system |
US9977725B2 (en) * | 2016-08-26 | 2018-05-22 | Cisco Technology, Inc. | Automatic classification and parallel processing of untested code in a protected runtime environment |
US10956615B2 (en) | 2017-02-17 | 2021-03-23 | Microsoft Technology Licensing, Llc | Securely defining operating system composition without multiple authoring |
US11151273B2 (en) | 2018-10-08 | 2021-10-19 | Microsoft Technology Licensing, Llc | Controlling installation of unauthorized drivers on a computer system |
US11080416B2 (en) | 2018-10-08 | 2021-08-03 | Microsoft Technology Licensing, Llc | Protecting selected disks on a computer system |
JP7380251B2 (ja) | 2020-01-27 | 2023-11-15 | 株式会社Ihi | 仮想マシンにおけるデータ改ざんの監視方法及び装置 |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH06348486A (ja) * | 1991-04-22 | 1994-12-22 | Acer Inc | コンピュータウィルスからコンピュータシステムを保護するための方法及びシステム |
JP2003108253A (ja) * | 2001-09-28 | 2003-04-11 | Hitachi Software Eng Co Ltd | アプリケーションの監視方法およびプログラム |
JP2004013608A (ja) * | 2002-06-07 | 2004-01-15 | Hitachi Ltd | プログラムの実行および転送の制御 |
JP2004013607A (ja) * | 2002-06-07 | 2004-01-15 | Hitachi Ltd | ファイル監視装置 |
JP2004038819A (ja) * | 2002-07-08 | 2004-02-05 | Hitachi Ltd | セキュリティウォールシステムおよびそのプログラム |
JP2006268775A (ja) * | 2005-03-25 | 2006-10-05 | Ntt Docomo Inc | ソフトウェア動作モデル化装置及びソフトウェア動作監視装置 |
JP2007128537A (ja) * | 2006-12-18 | 2007-05-24 | Macrovision Corp | 動的に接続可能な実行イメージの真正性検証システム及び方法 |
JP2007141171A (ja) * | 2005-11-22 | 2007-06-07 | Hitachi Ltd | ファイルサーバ、ファイルサーバのログ管理システム及びファイルサーバのログ管理方法 |
Family Cites Families (95)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5557798A (en) | 1989-07-27 | 1996-09-17 | Tibco, Inc. | Apparatus and method for providing decoupling of data exchange details for providing high performance communication between software processes |
JP3369580B2 (ja) | 1990-03-12 | 2003-01-20 | ヒューレット・パッカード・カンパニー | 直接メモリアクセスを行うためのインターフェース装置及び方法 |
US5483641A (en) | 1991-12-17 | 1996-01-09 | Dell Usa, L.P. | System for scheduling readahead operations if new request is within a proximity of N last read requests wherein N is dependent on independent activities |
US5312673A (en) | 1992-07-28 | 1994-05-17 | Bradford Industries, Inc. | Adhesive system for athletic lettering and the like |
US5379400A (en) | 1992-08-07 | 1995-01-03 | International Business Machines Corp. | Method and system for determining memory refresh rate |
WO1995009397A1 (en) | 1993-09-30 | 1995-04-06 | Apple Computer, Inc. | System for decentralized backing store control of virtual memory in a computer |
US5634043A (en) | 1994-08-25 | 1997-05-27 | Intel Corporation | Microprocessor point-to-point communication |
US5687370A (en) | 1995-01-31 | 1997-11-11 | Next Software, Inc. | Transparent local and distributed memory management system |
US5854916A (en) | 1995-09-28 | 1998-12-29 | Symantec Corporation | State-based cache for antivirus software |
FR2744818B1 (fr) | 1996-02-12 | 1998-03-27 | Bull Sa | Procede de verification de la conservation de l'integrite d'une requete emise sans protection par un client vers un serveur au moyen de l'integrite de la reponse |
US6542919B1 (en) | 1996-03-22 | 2003-04-01 | Koninklijke Philips Electronics N.V. | Operating system for use with protection domains in a single address space |
US5944821A (en) | 1996-07-11 | 1999-08-31 | Compaq Computer Corporation | Secure software registration and integrity assessment in a computer system |
US5991881A (en) | 1996-11-08 | 1999-11-23 | Harris Corporation | Network surveillance system |
JPH10228421A (ja) | 1997-02-14 | 1998-08-25 | Nec Ic Microcomput Syst Ltd | メモリアクセス制御回路 |
US6360244B1 (en) | 1997-04-11 | 2002-03-19 | Fujitsu Limited | System and method for multi-level memory domain protection |
US5987557A (en) | 1997-06-19 | 1999-11-16 | Sun Microsystems, Inc. | Method and apparatus for implementing hardware protection domains in a system with no memory management unit (MMU) |
US6163834A (en) | 1998-01-07 | 2000-12-19 | Tandem Computers Incorporated | Two level address translation and memory registration system and method |
US6496847B1 (en) | 1998-05-15 | 2002-12-17 | Vmware, Inc. | System and method for virtualizing computer systems |
US6105137A (en) | 1998-07-02 | 2000-08-15 | Intel Corporation | Method and apparatus for integrity verification, authentication, and secure linkage of software modules |
US6321276B1 (en) | 1998-08-04 | 2001-11-20 | Microsoft Corporation | Recoverable methods and systems for processing input/output requests including virtual memory addresses |
JP4763866B2 (ja) | 1998-10-15 | 2011-08-31 | インターシア ソフトウェア エルエルシー | 2重再暗号化によりデジタルデータを保護する方法及び装置 |
JP4516693B2 (ja) | 1998-12-07 | 2010-08-04 | アルボス テクノロジーズ リミテッド リミテッド ライアビリティ カンパニー | コンピュータ、アドレス有効性照合プログラムを記録した記録媒体、及びアドレス有効性照合方法 |
US6732220B2 (en) | 1999-02-17 | 2004-05-04 | Elbrus International | Method for emulating hardware features of a foreign architecture in a host operating system environment |
WO2001001262A1 (fr) | 1999-06-24 | 2001-01-04 | Fujitsu Limited | Controleur de peripherique et systeme d'entree/sortie |
US7650504B2 (en) | 1999-07-22 | 2010-01-19 | Macrovision Corporation | System and method of verifying the authenticity of dynamically connectable executable images |
US6751737B1 (en) | 1999-10-07 | 2004-06-15 | Advanced Micro Devices | Multiple protected mode execution environments using multiple register sets and meta-protected instructions |
AU4705001A (en) | 1999-10-25 | 2001-06-18 | Phoenix Technologies Inc. | Secure software smi dispatching using caller address |
US6738882B1 (en) | 1999-11-30 | 2004-05-18 | Hewlett-Packard Development Company, L.P. | Concurrent multi-processor memory testing beyond 32-bit addresses |
US6658515B1 (en) | 2000-01-25 | 2003-12-02 | Dell Usa, L.P. | Background execution of universal serial bus transactions |
US6983374B2 (en) | 2000-02-14 | 2006-01-03 | Kabushiki Kaisha Toshiba | Tamper resistant microprocessor |
US6553438B1 (en) | 2000-04-24 | 2003-04-22 | Intel Corporation | Methods and system for message resource pool with asynchronous and synchronous modes of operation |
US6931540B1 (en) | 2000-05-31 | 2005-08-16 | Networks Associates Technology, Inc. | System, method and computer program product for selecting virus detection actions based on a process by which files are being accessed |
US6751720B2 (en) | 2000-06-10 | 2004-06-15 | Hewlett-Packard Development Company, L.P. | Method and system for detecting and resolving virtual address synonyms in a two-level cache hierarchy |
US6954861B2 (en) | 2000-07-14 | 2005-10-11 | America Online, Inc. | Identifying unauthorized communication systems based on their memory contents |
AU9084201A (en) | 2000-09-14 | 2002-03-26 | Sun Microsystems Inc | Remote incremental program binary compatibility verification using api definitions |
US6487643B1 (en) | 2000-09-29 | 2002-11-26 | Intel Corporation | Method and apparatus for preventing starvation in a multi-node architecture |
US6996551B2 (en) | 2000-12-18 | 2006-02-07 | International Business Machines Corporation | Apparata, articles and methods for discovering partially periodic event patterns |
US6567897B2 (en) | 2001-03-01 | 2003-05-20 | International Business Machines Corporation | Virtualized NVRAM access methods to provide NVRAM CHRP regions for logical partitions through hypervisor system calls |
US20030037237A1 (en) | 2001-04-09 | 2003-02-20 | Jean-Paul Abgrall | Systems and methods for computer device authentication |
US6684305B1 (en) | 2001-04-24 | 2004-01-27 | Advanced Micro Devices, Inc. | Multiprocessor system implementing virtual memory using a shared memory, and a page replacement method for maintaining paged memory coherence |
US7328453B2 (en) | 2001-05-09 | 2008-02-05 | Ecd Systems, Inc. | Systems and methods for the prevention of unauthorized use and manipulation of digital content |
US7478394B1 (en) | 2001-06-04 | 2009-01-13 | Hewlett-Packard Development Company, L.P. | Context-corrupting context switching |
US6671791B1 (en) | 2001-06-15 | 2003-12-30 | Advanced Micro Devices, Inc. | Processor including a translation unit for selectively translating virtual addresses of different sizes using a plurality of paging tables and mapping mechanisms |
US7093118B2 (en) | 2001-06-27 | 2006-08-15 | Intel Corporation | System and method for external bus device support |
US6920534B2 (en) | 2001-06-29 | 2005-07-19 | Intel Corporation | Virtual-port memory and virtual-porting |
US8001594B2 (en) | 2001-07-30 | 2011-08-16 | Ipass, Inc. | Monitoring computer network security enforcement |
US6685567B2 (en) | 2001-08-08 | 2004-02-03 | Igt | Process verification |
US6883116B2 (en) | 2001-09-27 | 2005-04-19 | International Business Machines Corporation | Method and apparatus for verifying hardware implementation of a processor architecture in a logically partitioned data processing system |
US7062650B2 (en) | 2001-09-28 | 2006-06-13 | Intel Corporation | System and method for verifying integrity of system with multiple components |
US6823433B1 (en) | 2001-11-13 | 2004-11-23 | Advanced Micro Devices, Inc. | Memory management system and method for providing physical address based memory access security |
US6850994B2 (en) | 2001-11-16 | 2005-02-01 | Microsoft Corporation | Method for determining status of a computer device and detecting device behavior in response to a status request |
US20030101381A1 (en) | 2001-11-29 | 2003-05-29 | Nikolay Mateev | System and method for virus checking software |
US6804741B2 (en) | 2002-01-16 | 2004-10-12 | Hewlett-Packard Development Company, L.P. | Coherent memory mapping tables for host I/O bridge |
JP2003281071A (ja) | 2002-03-20 | 2003-10-03 | Seiko Epson Corp | データ転送制御装置、電子機器及びデータ転送制御方法 |
US7127548B2 (en) | 2002-04-16 | 2006-10-24 | Intel Corporation | Control register access virtualization performance improvement in the virtual-machine architecture |
JP2003330365A (ja) | 2002-05-09 | 2003-11-19 | Toshiba Corp | コンテンツ配布/受信方法 |
US20030229794A1 (en) | 2002-06-07 | 2003-12-11 | Sutton James A. | System and method for protection against untrusted system management code by redirecting a system management interrupt and creating a virtual machine container |
US6922766B2 (en) | 2002-09-04 | 2005-07-26 | Cray Inc. | Remote translation mechanism for a multi-node system |
US7107497B2 (en) | 2002-09-30 | 2006-09-12 | Sun Microsystems, Inc. | Method and system for event publication and subscription with an event channel from user level and kernel level |
US7028229B2 (en) | 2002-09-30 | 2006-04-11 | Sun Microsystems, Inc. | Kernel event subscription and publication system and method |
FR2849226B1 (fr) | 2002-12-20 | 2005-12-02 | Oberthur Card Syst Sa | Procede et dispositif de securisation de l'execution d'un programme informatique. |
US7111200B2 (en) | 2003-04-17 | 2006-09-19 | International Business Machines Corporation | Apparatus and method for debugging a logical partition |
US20040226009A1 (en) | 2003-05-09 | 2004-11-11 | International Business Machines Corporation | System and method for software application task abstraction |
US6961852B2 (en) | 2003-06-19 | 2005-11-01 | International Business Machines Corporation | System and method for authenticating software using hidden intermediate keys |
US7010630B2 (en) | 2003-06-30 | 2006-03-07 | International Business Machines Corporation | Communicating to system management in a data processing system |
US7103779B2 (en) | 2003-09-18 | 2006-09-05 | Apple Computer, Inc. | Method and apparatus for incremental code signing |
US7542026B2 (en) | 2003-11-03 | 2009-06-02 | International Business Machines Corporation | Apparatus method and system for improved feedback of pointing device event processing |
US20050132122A1 (en) * | 2003-12-16 | 2005-06-16 | Rozas Carlos V. | Method, apparatus and system for monitoring system integrity in a trusted computing environment |
US20050138417A1 (en) | 2003-12-19 | 2005-06-23 | Mcnerney Shaun C. | Trusted network access control system and method |
US7225325B2 (en) | 2003-12-30 | 2007-05-29 | International Business Machines Corporation | Customizing a computer system by using stored configuration parameters in a configuration mechanism |
US7831838B2 (en) | 2004-03-05 | 2010-11-09 | Microsoft Corporation | Portion-level in-memory module authentication |
US20050213768A1 (en) | 2004-03-24 | 2005-09-29 | Durham David M | Shared cryptographic key in networks with an embedded agent |
US7653727B2 (en) | 2004-03-24 | 2010-01-26 | Intel Corporation | Cooperative embedded agents |
US7558966B2 (en) | 2004-06-09 | 2009-07-07 | Intel Corporation | Notifying remote administrator of platform integrity determination |
US7594124B2 (en) | 2004-06-09 | 2009-09-22 | Intel Corporation | Cross validation of data using multiple subsystems |
US7802250B2 (en) | 2004-06-28 | 2010-09-21 | Intel Corporation | Support for transitioning to a virtual machine monitor based upon the privilege level of guest software |
US20050289311A1 (en) | 2004-06-29 | 2005-12-29 | David Durham | System and method for secure inter-platform and intra-platform communications |
US7908653B2 (en) | 2004-06-29 | 2011-03-15 | Intel Corporation | Method of improving computer security through sandboxing |
US7644287B2 (en) | 2004-07-29 | 2010-01-05 | Microsoft Corporation | Portion-level in-memory module authentication |
US7281102B1 (en) | 2004-08-12 | 2007-10-09 | Vmware, Inc. | Restricting memory access to protect data when sharing a common address space |
US20060047955A1 (en) | 2004-08-30 | 2006-03-02 | Axalto Inc. | Application code integrity check during virtual machine runtime |
US7571474B2 (en) | 2004-12-30 | 2009-08-04 | Intel Corporation | System security event notification aggregation and non-repudiation |
US7577848B2 (en) | 2005-01-18 | 2009-08-18 | Microsoft Corporation | Systems and methods for validating executable file integrity using partial image hashes |
US7739517B2 (en) | 2005-03-31 | 2010-06-15 | Intel Corporation | Hardware-based authentication of a software program |
US7603484B2 (en) | 2005-04-21 | 2009-10-13 | Microsoft Corporation | Protocol for communication with a user-mode device driver |
US20060294596A1 (en) | 2005-06-27 | 2006-12-28 | Priya Govindarajan | Methods, systems, and apparatus to detect unauthorized resource accesses |
US7953980B2 (en) | 2005-06-30 | 2011-05-31 | Intel Corporation | Signed manifest for run-time verification of software program identity and integrity |
US20070006175A1 (en) | 2005-06-30 | 2007-01-04 | David Durham | Intra-partitioning of software components within an execution environment |
US20070005935A1 (en) | 2005-06-30 | 2007-01-04 | Khosravi Hormuzd M | Method and apparatus for securing and validating paged memory system |
US20070006307A1 (en) | 2005-06-30 | 2007-01-04 | Hahn Scott D | Systems, apparatuses and methods for a host software presence check from an isolated partition |
US7761674B2 (en) | 2005-12-30 | 2010-07-20 | Intel Corporation | Identifier associated with memory locations for managing memory accesses |
US7669242B2 (en) | 2005-06-30 | 2010-02-23 | Intel Corporation | Agent presence monitor configured to execute in a secure environment |
US20070008175A1 (en) * | 2005-07-06 | 2007-01-11 | Duane Johnson | Siren detection notification alarm |
US8079080B2 (en) * | 2005-10-21 | 2011-12-13 | Mathew R. Syrowik | Method, system and computer program product for detecting security threats in a computer network |
US8099718B2 (en) * | 2007-11-13 | 2012-01-17 | Intel Corporation | Method and system for whitelisting software components |
-
2007
- 2007-11-13 US US11/984,001 patent/US8099718B2/en active Active
-
2008
- 2008-11-10 JP JP2008287882A patent/JP4901842B2/ja not_active Expired - Fee Related
- 2008-11-12 EP EP08253698.8A patent/EP2063377B1/en not_active Not-in-force
- 2008-11-13 CN CN2008101738898A patent/CN101436237B/zh not_active Expired - Fee Related
-
2011
- 2011-11-02 US US13/287,707 patent/US8434067B2/en not_active Expired - Fee Related
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH06348486A (ja) * | 1991-04-22 | 1994-12-22 | Acer Inc | コンピュータウィルスからコンピュータシステムを保護するための方法及びシステム |
JP2003108253A (ja) * | 2001-09-28 | 2003-04-11 | Hitachi Software Eng Co Ltd | アプリケーションの監視方法およびプログラム |
JP2004013608A (ja) * | 2002-06-07 | 2004-01-15 | Hitachi Ltd | プログラムの実行および転送の制御 |
JP2004013607A (ja) * | 2002-06-07 | 2004-01-15 | Hitachi Ltd | ファイル監視装置 |
JP2004038819A (ja) * | 2002-07-08 | 2004-02-05 | Hitachi Ltd | セキュリティウォールシステムおよびそのプログラム |
JP2006268775A (ja) * | 2005-03-25 | 2006-10-05 | Ntt Docomo Inc | ソフトウェア動作モデル化装置及びソフトウェア動作監視装置 |
JP2007141171A (ja) * | 2005-11-22 | 2007-06-07 | Hitachi Ltd | ファイルサーバ、ファイルサーバのログ管理システム及びファイルサーバのログ管理方法 |
JP2007128537A (ja) * | 2006-12-18 | 2007-05-24 | Macrovision Corp | 動的に接続可能な実行イメージの真正性検証システム及び方法 |
Also Published As
Publication number | Publication date |
---|---|
US8434067B2 (en) | 2013-04-30 |
US20090125885A1 (en) | 2009-05-14 |
EP2063377A1 (en) | 2009-05-27 |
EP2063377B1 (en) | 2016-12-21 |
US20120144482A1 (en) | 2012-06-07 |
US8099718B2 (en) | 2012-01-17 |
JP4901842B2 (ja) | 2012-03-21 |
CN101436237B (zh) | 2011-11-30 |
CN101436237A (zh) | 2009-05-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4901842B2 (ja) | ソフトウェアコンポーネントをホワイトリストに登録する方法およびシステム | |
RU2691187C1 (ru) | Система и способы аудита виртуальной машины | |
US8479295B2 (en) | Method and apparatus for transparently instrumenting an application program | |
Dinaburg et al. | Ether: malware analysis via hardware virtualization extensions | |
US8990934B2 (en) | Automated protection against computer exploits | |
CA2856268C (en) | Methods of detection of software exploitation | |
US20170185776A1 (en) | Trusted launch of secure enclaves in virtualized environments | |
Stüttgen et al. | Acquisition and analysis of compromised firmware using memory forensics | |
Guri et al. | JoKER: Trusted detection of kernel rootkits in android devices via JTAG interface | |
JP6370098B2 (ja) | 情報処理装置、情報処理監視方法、プログラム、及び記録媒体 | |
US20140317742A1 (en) | Hypervisor-based buffer overflow detection and prevention | |
US11977631B2 (en) | Hypervisor level signature checks for encrypted trusted execution environments | |
Rutkowska et al. | IsGameOver () anyone | |
Kiperberg et al. | Hypervisor-assisted atomic memory acquisition in modern systems | |
Zhong et al. | A virtualization based monitoring system for mini-intrusive live forensics | |
Wei et al. | Modeling the runtime integrity of cloud servers: a scoped invariant perspective | |
Zhu et al. | Static analysis based invariant detection for commodity operating systems | |
Suzaki et al. | Kernel memory protection by an insertable hypervisor which has VM introspection and stealth breakpoints | |
EP2720170A1 (en) | Automated protection against computer exploits | |
Ahmed et al. | Rule-based integrity checking of interrupt descriptor tables in cloud environments | |
Zaidenberg et al. | Hypervisor memory introspection and hypervisor based malware honeypot | |
Vetter et al. | Uncloaking rootkits on mobile devices with a hypervisor-based detector | |
Wen et al. | Towards thwarting data leakage with memory page access interception | |
Guri et al. | Detecting android kernel rootkits via JTAG memory introspection | |
Abdulmalik et al. | Windows Vista Kernel-Mode: Functions, Security Enhancements and Flaws |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A977 | Report on retrieval |
Free format text: JAPANESE INTERMEDIATE CODE: A971007 Effective date: 20110720 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20110726 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20111021 |
|
TRDD | Decision of grant or rejection written | ||
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20111206 |
|
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20111227 |
|
R150 | Certificate of patent or registration of utility model |
Ref document number: 4901842 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
FPAY | Renewal fee payment (event date is renewal date of database) |
Free format text: PAYMENT UNTIL: 20150113 Year of fee payment: 3 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
LAPS | Cancellation because of no payment of annual fees |