知搜-全球专利检索

  1. 登录
  2. 注册

搜索结果

59 条记录 (耗时 0.041 秒)

    System, apparatus and method for automatically verifying exploits within suspect objects and highlighting the display information associated with the verified exploits
    1.
    发明授权
    System, apparatus and method for automatically verifying exploits within suspect objects and highlighting the display information associated with the verified exploits 有权

    公开(公告)号:US11089057B1

    公开(公告)日:2021-08-10

    申请号:US16679030

    申请日:2019-11-08

    申请人: FireEye, Inc.

    发明人: Ashar Aziz Muhammad Amin Osman Abdoul Ismael Zheng Bu

    IPC分类号: H04L29/06 G06F21/56 G06F9/455 G06F21/53

    摘要: According to one embodiment, a threat detection system comprising an intrusion protection system (IPS) logic, a virtual execution logic and a reporting logic is shown. The IPS logic is configured to receive a first plurality of objects and analyze the first plurality of objects to identify a second plurality of objects as potential exploits, the second plurality of objects being a subset of the first plurality of objects and being lesser or equal in number to the first plurality of objects. The virtual execution logic including at least one virtual machine configured to process content within each of the second plurality of objects and monitor for anomalous behaviors during the processing that are indicative of exploits to classify that a first subset of the second plurality of objects includes one or more verified exploits. The reporting logic configured to provide a display of exploit information associated with the one or more verified exploits.

    Microvisor-based malware detection appliance architecture
    2.
    发明授权
    Microvisor-based malware detection appliance architecture 有权

    公开(公告)号:US10528726B1

    公开(公告)日:2020-01-07

    申请号:US15943357

    申请日:2018-04-02

    申请人: FireEye, Inc.

    发明人: Osman Abdoul Ismael

    IPC分类号: G06F21/00 G06F21/55 G06F9/455

    摘要: A threat-aware microvisor may be deployed in a malware detection appliance architecture and execute on a malware detection system (MDS) appliance to provide exploit and malware detection within a network environment. The microvisor may underlie an operating system kernel of the MDS appliance and execute in kernel space of the architecture to control access to kernel resources of the appliance for any operating system process. A type 0 virtual machine monitor may be disposed over the microvisor and execute in user space of the architecture as a pass-through module configured to expose the kernel resources of the appliance to the operating system kernel. One or more hypervisors, e.g., type 1 VMM, may be further disposed over the microvisor and execute in user space of the architecture under control of the microvisor to support execution of one or more guest operating systems inside one or more full virtual machines.

    Verification of complex software code using a modularized architecture
    3.
    发明授权
    Verification of complex software code using a modularized architecture 有权

    公开(公告)号:US10025691B1

    公开(公告)日:2018-07-17

    申请号:US15261327

    申请日:2016-09-09

    申请人: FireEye, Inc.

    发明人: Osman Abdoul Ismael Hendrik Tews Ashar Aziz

    IPC分类号: G06F11/36 G06F9/455 G06F21/57 G06F21/56 G06F21/62

    摘要: A technique verifies a compound software code using a modularized architecture. The compound software code may be divided into smaller components or modules that provide various functions (e.g., services) of the code. A set of properties may be defined for the modules, such that the verification technique may be used to verify that the modules manifest those properties, wherein at least one property may be security related and the remaining properties may be related to the services of the modules. The compound software code is divided into smaller modules to facilitate verification of the properties related to the services provided by the modules. Properties of the modules may be verified in accordance with an enhanced verification procedure to demonstrate that the modules manifest those properties and transform those modules into verified code bases (VCBs). The services of the VCBs may then be combined to provide functionality of the compound software code using well-defined interfaces, such as application programming interfaces (APIs).

    Exploit detection system with threat-aware microvisor
    7.
    发明授权
    Exploit detection system with threat-aware microvisor 有权
    具有威胁感知的微管理器的漏洞检测系统

    公开(公告)号:US09507935B2

    公开(公告)日:2016-11-29

    申请号:US14229580

    申请日:2014-03-28

    申请人: FireEye, Inc.

    发明人: Osman Abdoul Ismael Ashar Aziz

    IPC分类号: G06F21/55 G06F9/455 G06F21/62 G06F21/53

    CPC分类号: G06F21/552 G06F9/45533 G06F9/45558 G06F9/5027 G06F21/53 G06F21/629 G06F2009/45587

    摘要: An exploit detection system deploys a threat-aware microvisor to facilitate real-time security analysis, including exploit detection and threat intelligence, of an operating system process executing on a node of a network environment. The microvisor may be organized as a main protection domain representative of the operating system process. In response to the process attempting to access a kernel resource for which it does not have permission, a capability violation may be generated at the main protection domain of the microvisor and a micro-virtual machine (VM) may be spawned as a container configured to encapsulate the process. The main protection domain may then be cloned to create a cloned protection domain that is representative of the process and that is bound to the spawned micro-VM. Capabilities of the cloned protection domain may be configured to be more restricted than the capabilities of the main protection domain with respect to access to the kernel resource. The restricted capabilities may be configured to generate more capability violations than those generated by the capabilities of the main protection domain and, in turn, enable further monitoring of the process as it attempts to access the kernel resource.

    摘要翻译: 利用检测系统部署威胁感知的微型管理器,以便于在网络环境的节点上执行的操作系统进程的实时安全性分析(包括漏洞检测和威胁智能)。 微管理器可以被组织为代表操作系统进程的主要保护域。 响应于尝试访问其没有权限的内核资源的过程,可以在微管理器的主保护域处生成能力冲突,并且可以将微虚拟机(VM)产生为被配置为 封装过程。 然后可以克隆主要保护域,以创建代表该过程并且绑定到产生的微型VM的克隆保护域。 克隆的保护域的能力可以被配置为比主保护域在访问内核资源方面的能力更受限制。 受限的功能可以被配置为产生比由主保护域的能力产生的更多的能力违规,并且进而在进程尝试访问内核资源时进一步监视进程。

    Micro-virtualization architecture for threat-aware microvisor deployment in a node of a network environment
    8.
    发明授权
    Micro-virtualization architecture for threat-aware microvisor deployment in a node of a network environment 有权
    微型虚拟化架构,用于在网络环境的节点中部署威胁感知的微型管理员

    公开(公告)号:US09292686B2

    公开(公告)日:2016-03-22

    申请号:US14229626

    申请日:2014-03-28

    申请人: FireEye, Inc.

    发明人: Osman Abdoul Ismael Ashar Aziz

    IPC分类号: G06F9/455 G06F21/55 G06F21/62

    CPC分类号: G06F21/552 G06F9/45533 G06F9/45558 G06F9/5027 G06F21/53 G06F21/629 G06F2009/45587

    摘要: A micro-virtualization architecture deploys a threat-aware microvisor as a module of a virtualization system configured to facilitate real-time security analysis, including exploit detection and threat intelligence, of operating system processes executing in a memory of a node in a network environment. The micro-virtualization architecture organizes the memory as a user space and kernel space, wherein the microvisor executes in the kernel space of the architecture, while the operating system processes, an operating system kernel, a virtual machine monitor (VMM) and its spawned virtual machines (VMs) execute in the user space. Notably, the microvisor executes at the highest privilege level of a central processing unit of the node to virtualize access to kernel resources. The operating system kernel executes under control of the microvisor at a privilege level lower than a highest privilege level of the microvisor. The VMM and its spawned VMs execute at the highest privilege level of the microvisor.

    摘要翻译: 微型虚拟化架构将威胁感知微管理器部署为虚拟化系统的模块,虚拟化系统的模块被配置为促进在网络环境中的节点的存储器中执行的操作系统进程的实时安全性分析(包括漏洞检测和威胁智能)。 微型虚拟化架构将内存组织为用户空间和内核空间,其中微型管理程序在架构的内核空间中执行,而操作系统处理操作系统内核,虚拟机监视器(VMM)及其产生的虚拟 机器(VM)在用户空间中执行。 值得注意的是,微型管理程序在节点的中央处理单元的最高权限级别上执行以虚拟化对内核资源的访问。 操作系统内核在微管理器的控制下执行的权限级别低于微监控器的最高权限级别。 VMM及其产生的VM在微管理器的最高权限级别执行。

    Framework for efficient security coverage of mobile software applications
    10.
    发明授权
    Framework for efficient security coverage of mobile software applications 有权
    移动软件应用程序高效安全覆盖框架

    公开(公告)号:US09176843B1

    公开(公告)日:2015-11-03

    申请号:US13775168

    申请日:2013-02-23

    申请人: FireEye, Inc.

    发明人: Osman Abdoul Ismael Dawn Song Ashar Aziz Noah Johnson Prashanth Mohan Hui Xue

    IPC分类号: G06F21/00 G06F11/36 G06F21/50 G06F21/53 G06F21/56 H04L29/06

    CPC分类号: G06F11/3604 G06F11/28 G06F11/36 G06F11/3612 G06F11/362 G06F11/3664 G06F21/50 G06F21/53 G06F21/54 G06F21/56 G06F21/563 G06F21/566 G06F21/577 G06F2221/033 G06N5/04 G06N99/005 H04L63/12 H04L63/1433

    摘要: A method is described that includes receiving an application and generating a representation of the application that describes specific states of the application and specific state transitions of the application. The method further includes identifying a region of interest of the application based on rules and observations of the application's execution. The method further includes determining specific stimuli that will cause one or more state transitions within the application to reach the region of interest. The method further includes enabling one or more monitors within the application's run time environment and applying the stimuli. The method further includes generating monitoring information from the one or more monitors. The method further includes applying rules to the monitoring information to determine a next set of stimuli to be applied to the application in pursuit of determining whether the region of interest corresponds to improperly behaving code.

    摘要翻译: 描述了一种方法,其包括接收应用并生成描述应用的特定状态和应用的特定状态转换的应用的表示。 该方法还包括基于应用程序执行的规则和观察来识别应用程序的感兴趣区域。 该方法还包括确定将导致应用程序内的一个或多个状态转换到达感兴趣区域的特定刺激。 该方法还包括启用应用程序运行时环境中的一个或多个监视器并应用刺激。 该方法还包括从一个或多个监视器生成监视信息。 该方法还包括将规则应用于监视信息以确定要应用于应用程序的下一组刺激,以便确定感兴趣的区域是否对应于不正常行为的代码。