公开(公告)号：US20110023118A1

公开(公告)日：2011-01-27

申请号：US12506749

申请日：2009-07-21

Applicant: Clifford C. Wright

Inventor： Clifford C. Wright

IPC: G06F11/30 ,  G08B23/00

CPC classification number: H04L63/1416 ,  G06F11/28 ,  G06F21/552 ,  G06F21/554 ,  G06F21/566 ,  H04L63/1441

Abstract: In embodiments of the present invention improved capabilities are described for behavioral-based threat detection. An executing computer process is monitored for an indication of malicious behavior, wherein the indication of the malicious behavior is a result of comparing an operation with a predetermined behavior, referred to as a gene. A plurality of malicious behavior indications observed for the executing process are compared to a predetermined collection of malicious behaviors, referred to as a phenotype, which comprises a grouping of specific genes that are typically present in a type of malicious code. Upon matching the malicious behavior indications with a phenotype, an action may be caused, where the action is based on a prediction that the executing computer process is the type of malicious code as indicated by the phenotype. Related user interfaces, applications, and computer program products are disclosed.

Abstract translation: 在本发明的实施例中，针对基于行为的威胁检测描述了改进的能力。 监视执行的计算机进程的恶意行为的指示，其中恶意行为的指示是将操作与称为基因的预定行为进行比较的结果。 将针对执行过程观察到的多个恶意行为指示与被称为表型的预定的恶意行为集合进行比较，其包括通常以恶意代码类型存在的特定基因的分组。 在将恶意行为指示与表型进行匹配时，可能会导致动作，其中动作基于执行计算机进程是由表型所指示的恶意代码的类型的预测。 公开了相关的用户界面，应用和计算机程序产品。

公开(公告)号：US07814378B2

公开(公告)日：2010-10-12

申请号：US11750671

申请日：2007-05-18

Applicant: Chaiyasit Manovit ,  Sudheendra G. Hangal

Inventor： Chaiyasit Manovit ,  Sudheendra G. Hangal

IPC: G11C29/00 ,  G06F11/00 ,  G06F12/00

CPC classification number: G06F11/3612 ,  G06F11/28

Abstract: A system for efficiently verifying compliance with a memory consistency model includes a test module and an analysis module. The test module may coordinate an execution of a multithreaded test program on a test platform. If the test platform provides an indication of the order in which writes from multiple processing elements are performed at shared memory locations, the analysis module may use a first set of rules to verify that the results of the execution correspond to a valid ordering of events according to a memory consistency model. If the test platform does not provide an indication of write ordering, the analysis module may use a second set of rules to verify compliance with the memory consistency model. Further, a backtracking search may be performed to find a valid ordering if such ordering exists or show that none exists and, hence, confirm whether or not the results comply with the given memory consistency model.

Abstract translation: 用于有效地验证与存储器一致性模型的一致性的系统包括测试模块和分析模块。 测试模块可以在测试平台上协调多线程测试程序的执行。 如果测试平台提供了在共享存储器位置处执行来自多个处理元件的写入的顺序的指示，则分析模块可以使用第一组规则来验证执行结果是否符合事件的有效排序 到内存一致性模型。 如果测试平台不提供写入顺序的指示，则分析模块可以使用第二组规则来验证与存储器一致性模型的一致性。 此外，可以执行回溯搜索以在存在这样的排序的情况下找到有效的排序，或者显示不存在，并且因此确认结果是否符合给定的存储器一致性模型。

公开(公告)号：US07685188B2

公开(公告)日：2010-03-23

申请号：US10763526

申请日：2004-01-23

Applicant: George P. Copeland ,  Luis Felipe Cabrera

Inventor： George P. Copeland ,  Luis Felipe Cabrera

IPC: G06F17/30

CPC classification number: G06F11/28

Abstract: Mechanisms for executing a transaction such that it may be undone after being committed. The mechanism maintains a mapping between each of a number of groups of one or more direct methods with a corresponding group of one or more inversion methods, that, when executed, causes the computing system to at least partially undo the effects of the execution of the corresponding group of direct methods. Upon beginning a transaction, the computing system runs a one or more groups of one or more direct methods that are part of the transaction. The mapping is then used to identify the corresponding group(s) of inversion methods. The identities of each corresponding group of inversion methods are then saved to a compensation record. The transaction is then committed, and the compensation record is saved to a persistent media along with a transaction identifier.

Abstract translation: 执行交易的机制，使其在被提交后可能被撤销。 该机制维持一组或多个直接方法中的每组之间的映射与相应的一组或多种反转方法的映射，即当被执行时，使计算系统至少部分地撤销执行的效果 相应组的直接方法。 在开始事务时，计算系统运行作为事务一部分的一个或多个一个或多个直接方法组。 然后使用映射来识别相应的反演方法组。 然后将每个相应组的反转方法的身份保存到补偿记录。 然后提交事务，并将补偿记录与事务标识符一起保存到持久介质。

公开(公告)号：US20090217094A1

公开(公告)日：2009-08-27

申请号：US11918070

申请日：2006-03-27

Applicant: Michihiro Matsumoto ,  Naohito Yamashita

Inventor： Michihiro Matsumoto ,  Naohito Yamashita

IPC: G06F11/07 ,  G06F11/00

CPC classification number: G06F11/28

Abstract: A verification support device that supports verification of a changed state by using changed state data and relating data. The verification support device includes a state with an abnormal condition generating unit adds the abnormal condition to the changed state thereby generating a changes state with an abnormal condition. The verification device also includes an abnormal condition inspection unit that inspects whether the abnormal data may reach the changed state based on the generated changed state with the abnormal condition and the relating data.

Abstract translation: 验证支持设备，其通过使用改变的状态数据和相关数据来支持对改变的状态的验证。 验证支持装置包括具有异常条件发生单元的状态将异常状态添加到改变状态，从而产生具有异常状态的改变状态。 验证装置还包括异常状态检查单元，其基于产生的具有异常状态的改变状态和相关数据来检查异常数据是否可能达到改变状态。

公开(公告)号：US07562258B2

公开(公告)日：2009-07-14

申请号：US11350282

申请日：2006-02-09

Applicant: Michaell John Williams ,  Edmond John Simon Ashfield ,  John Michael Horley

Inventor： Michaell John Williams ,  Edmond John Simon Ashfield ,  John Michael Horley

IPC: G06F11/00

CPC classification number: G06F11/28

Abstract: A data processing apparatus and method for generating trace elements is provided. The data processing apparatus comprises a device for performing a sequence of operations including memory operations on data values having associated data addresses. For at least some of the memory operations the data address is determined relative to an architectural state value of an item of architectural state of the device. Trace logic is provided for receiving indications of the sequence of operations being performed by the device, and for generating from the indications a stream of trace elements. When for a memory operation the data address is determined to have been determined relative to an architectural state value of the item of the architectural state, the trace logic is operable dependent on that item of architectural state to omit at least one of a data address indication and a data value indication from the stream of trace elements generated in respect of that memory operation. A trace analysing apparatus can then be provided to reconstruct such omitted information based on a tracked architectural state value of the relevant item of architectural state.

Abstract translation: 提供了一种用于产生微量元素的数据处理装置和方法。 数据处理装置包括用于执行包括对具有相关联的数据地址的数据值的存储器操作的操作序列的装置。 对于至少一些存储器操作，数据地址相对于设备的架构状态的项目的架构状态值来确定。 跟踪逻辑被提供用于接收由设备执行的操作序列的指示，并且用于从指示生成微量元素流。 当对于存储器操作，数据地址被确定为相对于体系结构状态的项目的体系结构状态值被确定时，跟踪逻辑可以依赖于该体系结构状态的项来操作以省略数据地址指示 以及从该存储器操作生成的微量元素流的数据值指示。 然后可以提供跟踪分析装置，以便基于架构状态的相关项目的被跟踪的体系结构状态值来重构这些省略的信息。

公开(公告)号：US07451211B2

公开(公告)日：2008-11-11

申请号：US10763364

申请日：2004-01-23

Applicant: Luis Felipe Cabrera ,  George P. Copeland ,  Steven E. Lucco ,  Bradford Lovering

Inventor： Luis Felipe Cabrera ,  George P. Copeland ,  Steven E. Lucco ,  Bradford Lovering

IPC: G06F15/173 ,  G06F15/16

CPC classification number: G06F11/0751 ,  G06F11/28 ,  H04L51/12 ,  H04L51/34

Abstract: Mechanisms for enforcing a message exchange pattern. When two computing systems communicate in order to accomplish a particular task, they engage in a particular message exchange pattern. Given certain progress through the message exchange pattern, the message exchange pattern may restrict which computing system may send what kind of messages. Each computing system tracks progress through the message exchange pattern by, for example, using a state transition tree in which each node represents a state of the message exchange pattern, and in which transmission or receipt of certain messages may cause state transitions. A computing system then only transmits messages if appropriate given the current tracked progress through the message exchange pattern.

Abstract translation: 执行消息交换模式的机制。 当两个计算系统通信以完成特定任务时，它们参与特定的消息交换模式。 通过消息交换模式给定某些进展，消息交换模式可以限制哪个计算系统可以发送什么样的消息。 每个计算系统通过例如使用状态转换树来跟踪通过消息交换模式的进度，其中每个节点表示消息交换模式的状态，并且其中某些消息的发送或接收可以导致状态转换。 然后，计算系统仅在通过消息交换模式给出当前跟踪的进度时适当地传送消息。

公开(公告)号：US20080216053A1

公开(公告)日：2008-09-04

申请号：US12099222

申请日：2008-04-08

Applicant: Harm Sluiman ,  Marcelo Paternostro

Inventor： Harm Sluiman ,  Marcelo Paternostro

IPC: G06F9/44

CPC classification number: G06F11/3688 ,  G06F11/28 ,  H04L63/105

Abstract: Embodiments of the invention include an arbiter facility included in a test script. The arbiter facility includes properties defining a method for evaluating the status of a step or process, a method for evaluating verification point results and the steps to execute during execution of the test script. The arbiter facility operates to control the flow of the processes performed that form the test script. The control of the processes that are performed are based on explicit rules or conditions. The rules implemented by the arbiter facility can result in different processes within the test script being performed based on data processed by the arbiter facility. Moreover, aspects of the invention embodied by the arbiter facility implement rules which explicitly express, within the test case, the value (e.g., weight, importance, etc.) of individual operations. In the exemplary embodiment, the value of one or more individual operations are explicitly expressed by the rules (e.g., computations, calculations, determinations, etc.) that are imposed on the results returned to the arbiter facility by the various verification points within the test script. Accordingly and advantageously, analysis on the value of a verification point may be performed prior to implementing or executing a test script. This analysis may then be reflected in the rule implemented in the arbiter facility.

Abstract translation: 本发明的实施例包括包括在测试脚本中的仲裁器设备。 仲裁设备包括定义用于评估步骤或过程的状态的方法的属性，用于评估验证点结果的方法以及在执行测试脚本期间执行的步骤。 仲裁器工具用于控制构成测试脚本的进程流程。 所执行的进程的控制基于明确的规则或条件。 仲裁设备实施的规则可能会导致基于仲裁设备处理的数据执行测试脚本内的不同进程。 此外，由仲裁器设施体现的本发明的各个方面实现了在测试用例中明确表示各个操作的值（例如，权重，重要性等）的规则。 在示例性实施例中，一个或多个单独操作的值由在测试中的各个验证点返回给仲裁设备的结果施加的规则（例如，计算，计算，确定等）明确表示 脚本。 因此，有利地，可以在实现或执行测试脚本之前执行对验证点的值的分析。 然后可以将此分析反映在仲裁设备中实现的规则中。

公开(公告)号：US20080215920A1

公开(公告)日：2008-09-04

申请号：US11681472

申请日：2007-03-02

Applicant: Albrecht Mayer ,  Harry Siebert

Inventor： Albrecht Mayer ,  Harry Siebert

IPC: G06F11/00

CPC classification number: G06F11/28 ,  G06F11/3648

Abstract: A processor generates a signature value indicating a sequence of executed instructions, and the signature value is compared to signature values calculated for two or more possible sequences of executed instructions to determine which instruction sequence was executed. The signature is generated via a signature generator during program execution, and is provided external to the processor via a signature message.

Abstract translation: 处理器产生指示执行指令序列的签名值，并且将签名值与针对两个或多个可能的执行指令序列计算的签名值进行比较，以确定执行哪个指令序列。 签名在程序执行期间通过签名生成器生成，并且经由签名消息在处理器外部提供。

公开(公告)号：US20080172217A1

公开(公告)日：2008-07-17

申请号：US11986999

申请日：2007-11-28

Applicant: Rafael Kazumiti Morizawa

Inventor： Rafael Kazumiti Morizawa

IPC: G06G7/62

CPC classification number: G06F11/28

Abstract: There are provided a medium storing a model creation program for creating a model for communicating with an object apparatus to be verified, a model creation apparatus and a model creation method. A medium storing a model creation program for causing a computer to create a model for communicating with an object apparatus to be verified so as to be readable to the computer, wherein the program causes the computer to execute an acquisition step that acquires a first finite state machine expressing the interface specification of the object apparatus to be verified as a finite state machine, a first addition step that adds an error state and a state transition to the error state to the first finite state machine to produce a second finite state machine and sets the transition conditions of the second transition machine according to the set error probability and a conversion step that converts the second finite state machine into a model for communicating with the object apparatus to be verified.

Abstract translation: 提供了一种存储用于创建用于与要验证的对象装置进行通信的模型的模型创建程序的介质，模型创建装置和模型创建方法。 一种存储模型创建程序的介质，用于使计算机创建用于与待验证的对象装置进行通信以便对计算机可读的模型，其中所述程序使得所述计算机执行获取步骤，所述获取步骤获取第一有限状态 表示要被验证为有限状态机的对象装置的接口规范的机器，向第一有限状态机添加错误状态和状态转换到错误状态以产生第二有限状态机的第一加法步骤， 根据设定的误差概率的第二过渡机器的转换条件和将第二有限状态机转换为用于与要验证的对象装置进行通信的模型的转换步骤。

公开(公告)号：US20080120517A1

公开(公告)日：2008-05-22

申请号：US11984274

申请日：2007-11-15

Applicant: Christophe Gogniat ,  Michael John Hill

Inventor： Christophe Gogniat ,  Michael John Hill

IPC: G06F11/07

CPC classification number: G06F11/28

Abstract: The aim of the present invention is to propose a method and a device with the aim of avoid the damage that the desynchronisation of the program counter could cause.This aim is achieved by means of a method to control the execution of a program by a microcontroller including at least a program memory and a processing unit, characterised in that it includes the following steps: separation of said program into at least two blocks each containing a plurality of instructions that can be executed by said microcontroller; integration into these blocks of at least one input control area (CTRL-E) containing input conditions, these input conditions including reference addresses corresponding to instructions from where the program is authorised to enter said input control area (CTRL-E); integration into these blocks of at least one output control area (CTRL-S) containing output conditions; at the time of the execution of the instructions of said program memorised in a given block, implementation of verification tests of the adequacy between the effective running of the program and the input and/or of output conditions; and implementation of countermeasures if the verification tests indicate an inadequacy between the effective running of the program and the input and/or output conditions.

Abstract translation: 本发明的目的是提出一种方法和装置，目的是避免程序计数器的不同步导致的损害。 该目的通过一种控制由至少一个程序存储器和一个处理单元的微控制器执行程序来实现的，其特征在于包括以下步骤：将所述程序分成至少两个块，每个块包含 可由所述微控制器执行的多个指令; 包括输入条件的至少一个输入控制区域（CTRL-E）的这些块的集成，这些输入条件包括对应于程序被授权进入所述输入控制区域（CTRL-E）的指令的参考地址。 集成到包含输出条件的至少一个输出控制区域（CTRL-S）的这些块中; 在执行在给定块中存储的所述程序的指令时，执行对程序的有效运行与输入和/或输出条件之间的充分性的验证测试; 如果验证测试表明程序的有效运行与输入和/或输出条件之间的不足，则执行对策。