-
21.发明申请SELECTING APPLICATION WRAPPER LOGIC COMPONENTS FOR WRAPPING A MOBILE APPLICATION BASED ON WRAPPER PERFORMANCE FEEDBACK FROM USER ELECTRONIC DEVICES 审中-公开基于用户电子设备的封装性能反馈选择应用封装逻辑组件来封装移动应用公开(公告)号:US20170010952A1
公开(公告)日:2017-01-12
申请号:US14796707
申请日:2015-07-10
Applicant: CA, INC.
Inventor: VIKRANT NANDAKUMAR , NAVEEN HARRY MICHAEL , HEMANTH KUMAR PINNINTI
CPC classification number: G06F11/3612 , G06F8/30 , G06F8/53 , G06F9/45504
Abstract: For each of a plurality of wrapper logic components, a metric is determined from content of reports received from user electronic devices that characterizes performance of the wrapper logic component when executed by the user electronic devices to monitor a feature of an application during execution of the application by the user electronic devices. A set of the wrapper logic components is selected that excludes from the set any of the wrapper logic components having performance characterized by the metrics that does not satisfy a first defined rule. The set of wrapper logic components and the application are combined to form a modified application with the wrapper logic components of the set configured to monitor features of the modified application when executed by user electronic devices.
Abstract translation: 对于多个包装器逻辑组件中的每一个,从用户电子设备接收到的报告的内容确定度量,所述报告表征当用户电子设备在执行应用期间监视应用的特征时由包装器逻辑组件执行的性能 由用户电子设备。 选择一组封装逻辑组件,其从集合中排除任何具有由不满足第一定义规则的度量表征的性能的包装器逻辑组件。 组合的包装逻辑组件和应用程序被组合以形成修改的应用程序,其中该组件的包装器逻辑组件被配置为当由用户电子设备执行时监视修改的应用的特征。
-
22.发明申请ASYNCHRONOUS TRANSLATION OF COMPUTER PROGRAM RESOURCES IN GRAPHICS PROCESSING UNIT EMULATION 有权计算机程序资源在图形处理单元仿真中的异步翻译
公开(公告)号:US20160364830A1
公开(公告)日:2016-12-15
申请号:US14739988
申请日:2015-06-15
Applicant: Microsoft Technology Licensing, LLC
Inventor: Ke Deng , Eric Heutchy
CPC classification number: G06T1/20 , G06F8/41 , G06F8/53 , G06F9/44 , G06F9/45504 , G06F9/4552 , G06T15/005
Abstract: Resource processing during run time can be performed asynchronously from emulation of an application by a central processing unit. For example, an emulator can include a main processing thread that performs emulation processes. In response to encountering a shader, or other resource, to be processed, the emulator can invoke a separate asynchronous thread to perform such processing. Processed resources, such as translated shaders and generated textures, can be stored in a cache. In response to a command that uses a resource, such as a draw command that invokes a shader or other resource, the emulator can use the processed resource in the cache. If the processed resource is not in the cache, the emulator can skip processing the command that uses the resource. If processed resources can be obtained from other sources and loaded in the cache, processing of resources by the emulator can be eliminated.
Abstract translation: 运行时间内的资源处理可以由中央处理单元仿真应用程序异步地执行。 例如,仿真器可以包括执行仿真处理的主处理线程。 为了响应要处理的着色器或其他资源,仿真器可以调用单独的异步线程来执行此类处理。 处理的资源,如翻译的着色器和生成的纹理,可以存储在缓存中。 响应于使用资源(例如调用着色器或其他资源的绘图命令)的命令,仿真器可以使用高速缓存中处理的资源。 如果处理后的资源不在缓存中,则仿真器可以跳过处理使用该资源的命令。 如果处理后的资源可以从其他源获取并加载到缓存中,则可以消除仿真器对资源的处理。
-
23.发明授权Automatic parsing of binary-based application protocols using network traffic 有权使用网络流量自动解析基于二进制的应用程序协议
公开(公告)号:US09473380B1
公开(公告)日:2016-10-18
申请号:US13917535
申请日:2013-06-13
Applicant: Narus, Inc.
Inventor: Ignacio Bermudez , Marios Iliofotou , Marco Mellia , Ram Keralapura , Maurizio Matteo Munafo
CPC classification number: H04L43/18 , G06F8/53 , G06F17/30861 , G06F17/30867 , G06F17/30908 , G06K9/6256 , G06N99/005 , H04L41/142 , H04L51/34 , H04L69/00
Abstract: A method for analyzing a binary-based application protocol of a network. The method includes obtaining conversations from the network, extracting content of a candidate field from a message in each conversation, calculating a randomness measure of the content to represent a level of randomness of the content across all conversation, calculating a correlation measure of the content to represent a level of correlation, across all of conversations, between the content and an attribute of a corresponding conversation where the message containing the candidate field is located, and selecting, based on the randomness measure and the correlation measure, and using a pre-determined field selection criterion, the candidate offset from a set of candidate offsets as the offset defined by the protocol.
Abstract translation: 一种用于分析网络的基于二进制的应用协议的方法。 该方法包括从网络获取对话,从每个对话中的消息中提取候选字段的内容,计算内容的随机性度量,以表示所有对话内容的随机性水平,计算内容的相关性度量 表示在包含候选字段的消息所在的对应对话的内容和属性之间的所有会话中的相关级别,并且基于随机性度量和相关性度量来选择并使用预定的 场选择标准,作为由协议定义的偏移的候选偏移集合的候选偏移量。
-
公开(公告)号:US20160283207A1
公开(公告)日:2016-09-29
申请号:US14670604
申请日:2015-03-27
Applicant: CA, INC.
Inventor: VIKRANT NANDAKUMAR
IPC: G06F9/45
Abstract: A computer program product according to some embodiments causes a processor to perform operations including disassembling executable code of an application program to provide disassembled code, identifying first wrapping code in the disassembled code, receiving second wrapping code, generating a consolidated application wrapper that manages operation of both the first wrapping code and the second wrapping code, inserting the second wrapping code and the consolidated application wrapper into the disassembled code to form modified disassembled code, and assembling the modified disassembled code to form modified executable code.
Abstract translation: 根据一些实施例的计算机程序产品使处理器执行包括拆卸应用程序的可执行代码以提供反汇编代码的操作,识别拆卸代码中的第一包装代码,接收第二包装代码,生成管理操作的合并应用程序包装器 第一包装代码和第二包装代码,将第二包装代码和整合的应用包装器插入到拆卸的代码中以形成修改的反汇编代码,以及组装经修改的反汇编代码以形成修改的可执行代码。
-
公开(公告)号:US09436452B2
公开(公告)日:2016-09-06
申请号:US13674859
申请日:2012-11-12
Applicant: Keysight Technologies, Inc.
Inventor: Kevin Mitchell
IPC: G06F9/45
CPC classification number: G06F8/53
Abstract: A method of operating a data processing system to examine a compiled program for violations of a set of rules that do not constitute violations detected by the compiler that generated the program. The method includes obtaining a restricted rule set defined in terms of rules in a decompiled representation of the program. The method also includes decompiling the compiled program to the decompiled representation of the compiled program in which the restricted rule set is defined, examining the decompiled representation of the compiled program for a violation of the restricted rule set to determine if any of the rules are violated, and providing an output indicating that one of the rules was violated.
Abstract translation: 一种操作数据处理系统的方法,用于检查编译程序是否违反一组规则,这些规则不构成生成该程序的编译器检测到的违规。 该方法包括获得在程序的反编译表示中根据规则定义的限制规则集。 该方法还包括将已编译的程序反编译为编译程序的反编译程序,其中定义了限制规则集,检查编译程序的反编译表示是否违反限制规则集,以确定是否违反规则 ,并提供一个指示违反其中一条规则的输出。
-
26.发明申请INTELLIGENT DETECTION OF INCONSISTENT ADVANCED CONFIGURATION AND POWER INTERFACE (ACPI) TABLE INSTANCES IN VIRTUALIZED SYSTEMS 有权智能检测虚拟化系统中的高级配置和功率接口(ACPI)表现象
公开(公告)号:US20150347171A1
公开(公告)日:2015-12-03
申请号:US14288673
申请日:2014-05-28
Applicant: RED HAT ISRAEL, LTD.
Inventor: Michael Tsirkin
CPC classification number: G06F9/45558 , G06F8/53 , G06F9/4411 , G06F9/45533
Abstract: A system and methods are disclosed for detecting inconsistent instances of a system table in a virtualized computer system. In accordance with one embodiment, a processing device decompiles a first binary representing a first instance of a system table, to obtain a first string of symbols. The processing device also decompiles a second binary representing a second instance of the system table that is associated with guest firmware of a first virtual machine, to obtain a second string of symbols. When there is a difference between the first string of symbols and the second string of symbols and the difference is unrelated to a compiler version and a temporary variable name, a signal indicating an inconsistency between the first instance and the second instance is generated.
Abstract translation: 公开了一种用于检测虚拟化计算机系统中系统表的不一致实例的系统和方法。 根据一个实施例,处理设备反编译表示系统表的第一实例的第一二进制,以获得第一符号串。 处理装置还对表示与第一虚拟机的访客固件相关联的系统表的第二实例的第二二进制进行反编译以获得第二符号串。 当第一个符号串和第二个符号串之间存在差异,并且该差异与编译器版本和临时变量名称无关时,产生指示第一个实例和第二个实例之间不一致的信号。
-
27.发明授权Modifying pre-existing mobile applications to implement enterprise security policies 有权修改现有的移动应用程序来实施企业安全策略
公开(公告)号:US09143529B2
公开(公告)日:2015-09-22
申请号:US13649022
申请日:2012-10-10
Applicant: Citrix Systems, Inc.
Inventor: Waheed Qureshi , Thomas H. DeBenning , Olivier Andre , Shafaq Abdullah
IPC: G06F9/44 , H04L29/06 , G06F21/10 , G06F9/45 , G06F21/14 , H04W4/02 , H04W12/06 , H04W12/08 , G06F21/62
CPC classification number: H04L63/20 , G06F8/53 , G06F21/10 , G06F21/14 , G06F21/53 , G06F21/62 , G06F21/6209 , G06F21/6218 , G06F2221/2113 , H04L9/0822 , H04L9/0825 , H04L9/0891 , H04L63/0428 , H04L63/0471 , H04L63/08 , H04L63/10 , H04L63/105 , H04L67/10 , H04L2209/80 , H04W4/02 , H04W12/06 , H04W12/08
Abstract: A system is disclosed that includes components and features for enabling enterprise users to securely access enterprise resources (documents, data, application servers, etc.) using their mobile devices. An enterprise can use some or all components of the system to, for example, securely but flexibly implement a BYOD (bring your own device) policy in which users can run both personal applications and secure enterprise applications on their mobile devices. The system may, for example, implement policies for controlling mobile device accesses to enterprise resources based on device attributes (e.g., what mobile applications are installed), user attributes (e.g., the user's position or department), behavioral attributes, and other criteria. Client-side code installed on the mobile devices may further enhance security by, for example, creating a secure container for locally storing enterprise data, creating a secure execution environment for running enterprise applications, and/or creating secure application tunnels for communicating with the enterprise system.
Abstract translation: 公开了一种系统,其包括使企业用户能够使用其移动设备安全地访问企业资源(文档,数据,应用服务器等)的组件和特征。 企业可以使用系统的部分或全部组件,例如,安全而且灵活地实施BYOD(带有您自己的设备)策略,用户可以在其中运行个人应用程序,并在其移动设备上运行安全的企业应用程序。 例如,系统可以基于设备属性(例如,安装了什么移动应用),用户属性(例如,用户的位置或部门),行为属性和其他标准来实施用于控制对企业资源的移动设备访问的策略。 安装在移动设备上的客户端代码可以通过例如创建用于本地存储企业数据的安全容器,创建用于运行企业应用的安全执行环境和/或创建用于与企业通信的安全应用隧道来进一步增强安全性 系统。
-
公开(公告)号:US20150135313A1
公开(公告)日:2015-05-14
申请号:US14538643
申请日:2014-11-11
Applicant: Kaprica Security, Inc.
Inventor: Andrew Michael WESIE , Brian Sejoon PAK
IPC: G06F21/51
CPC classification number: G06F21/51 , G06F8/53 , G06F9/445 , G06F9/44521 , G06F9/44568 , G06F21/54 , G06F2221/033
Abstract: An improved CFI system and method is described that provides security from attacks to hijack computer software. The improved CFI system and method inserts two tags to execute label identification. The first tag is positioned before any instruction that would result in an indirect control flow transfer and requires the program to execute a check. The second tag is located before the first line of any legitimate transfer destination and when discovered by the tag check allows a program to carry out the indirect transfer. This tag orientation does not prevent transfers to targets other than the origin instruction's specific intended destination but limits transfers to destinations that begin with the proper label dedication. Although, an incorrect address may be called, that will be within the software program's assortment of legitimate indirect transfer targets. Attempts to exploit or reroute indirect transfers outside of the established control flow are eliminated.
Abstract translation: 描述了改进的CFI系统和方法,其提供了从攻击到劫持计算机软件的安全性。 改进的CFI系统和方法插入两个标签来执行标签识别。 第一个标签位于导致间接控制流传输的任何指令之前,并要求程序执行检查。 第二个标签位于任何合法传输目的地的第一行之前,当标签检查发现时,程序可以执行间接传输。 此标签方向不会阻止转移到原始指令的特定目的地以外的目标,而是将转移限制在以适当的标签奉献开始的目的地。 虽然可能会调用一个不正确的地址,但这些地址可能属于软件程序中的合法间接转移目标。 消除了在既定控制流之外利用或重新路由间接转移的尝试。
-
公开(公告)号:US20150106795A1
公开(公告)日:2015-04-16
申请号:US14295691
申请日:2014-06-04
Applicant: Veracode, Inc.
Inventor: Christien Rioux
IPC: G06F9/45
Abstract: Presently described is a decompilation method of operation and system for parsing executable code, identifying and recursively modeling data flows, identifying and recursively modeling control flow, and iteratively refining these models to provide a complete model at the nanocode level. The nanocode decompiler may be used to determine if flaws, security vulnerabilities, or general quality issues exist in the code. The nanocode decompiler outputs in a standardized, human-readable intermediate representation (IR) designed for automated or scripted analysis and reporting. Reports may take the form of a computer annotated and/or partially human annotated nanocode listing in the above-described IR. Annotations may include plain English statements regarding flaws and pointers to badly constructed data structures, unchecked buffers, malicious embedded code or “trap doors,” and the like. Annotations may be generated through a scripted analysis process or by means of an expert-enhanced, quasi-autonomous system.
Abstract translation: 目前描述的是用于解析可执行代码的操作和系统的反编译方法,识别和递归建模数据流,识别和递归地建模控制流,并迭代地改进这些模型以在纳代码级提供完整的模型。 纳代码反编译器可用于确定代码中是否存在缺陷,安全漏洞或一般质量问题。 纳代码反编译器以专门用于自动化或脚本化分析和报告的标准化,可读的中间表示(IR)输出。 报告可以采用上述IR中的计算机注释和/或部分人体注释的纳代码列表的形式。 注释可能包括关于缺陷的简明英语声明和指向构造不良的数据结构,未经检查的缓冲区,恶意嵌入代码或“陷阱门”等的指针。 注释可以通过脚本分析过程或通过专家增强的准自主系统来生成。
-
公开(公告)号:US08930916B1
公开(公告)日:2015-01-06
申请号:US14169841
申请日:2014-01-31
Applicant: Cylance Inc.
Inventor: Derek A. Soeder , Matt Wolff
CPC classification number: G06F8/75 , G06F8/53 , G06F11/34 , G06F11/3414 , G06F11/36 , G06F2201/865
Abstract: Data is received that includes at least a portion of a program. Thereafter, entry point locations and execution-relevant metadata of the program are identified and retrieved. Regions of code within the program are then identified using static disassembly and based on the identified entry point locations and metadata. In addition, entry points are determined for each of a plurality of functions. Thereafter, a set of possible call sequences are generated for each function based on the identified regions of code and the determined entry points for each of the plurality of functions. Related apparatus, systems, techniques and articles are also described.
Abstract translation: 收到包含程序的至少一部分的数据。 此后,识别并检索程序的入口点位置和执行相关元数据。 然后使用静态反汇编和基于识别的入口点位置和元数据来识别程序内的代码区域。 此外,为多个功能中的每一个确定入口点。 此后,基于识别的代码区域和针对多个功能中的每一个的确定的入口点,为每个功能生成一组可能的呼叫序列。 还描述了相关设备,系统,技术和物品。
