CN1950775B - 用于程序执行期间的入侵检测的方法,设备和计算机*** - Google Patents
用于程序执行期间的入侵检测的方法,设备和计算机*** Download PDFInfo
- Publication number
- CN1950775B CN1950775B CN200580013800.6A CN200580013800A CN1950775B CN 1950775 B CN1950775 B CN 1950775B CN 200580013800 A CN200580013800 A CN 200580013800A CN 1950775 B CN1950775 B CN 1950775B
- Authority
- CN
- China
- Prior art keywords
- instruction
- computer program
- execution
- treating apparatus
- instructions
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000001514 detection method Methods 0.000 title claims description 12
- 238000004590 computer program Methods 0.000 claims abstract description 61
- 238000000034 method Methods 0.000 claims abstract description 51
- 230000008859 change Effects 0.000 claims description 45
- 230000009545 invasion Effects 0.000 claims description 22
- 238000012360 testing method Methods 0.000 claims description 14
- 238000011084 recovery Methods 0.000 claims description 9
- 230000009466 transformation Effects 0.000 claims description 8
- 230000006870 function Effects 0.000 claims description 6
- 230000004044 response Effects 0.000 claims description 6
- 239000012141 concentrate Substances 0.000 claims description 2
- 230000005055 memory storage Effects 0.000 claims 1
- 238000012545 processing Methods 0.000 abstract description 36
- 230000004075 alteration Effects 0.000 abstract 2
- 238000006243 chemical reaction Methods 0.000 description 20
- 230000008569 process Effects 0.000 description 7
- 230000000875 corresponding effect Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000014759 maintenance of location Effects 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000006378 damage Effects 0.000 description 2
- 230000002950 deficient Effects 0.000 description 2
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/30145—Instruction analysis, e.g. decoding, instruction word fields
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/3017—Runtime instruction translation, e.g. macros
- G06F9/30178—Runtime instruction translation, e.g. macros of compressed or encrypted instructions
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
- Debugging And Monitoring (AREA)
- Saccharide Compounds (AREA)
- Air Bags (AREA)
Abstract
Description
Claims (20)
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US56647304P | 2004-04-29 | 2004-04-29 | |
US60/566,473 | 2004-04-29 | ||
PCT/IB2005/051416 WO2005106619A1 (en) | 2004-04-29 | 2005-04-29 | Intrusion detection during program execution in a computer |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1950775A CN1950775A (zh) | 2007-04-18 |
CN1950775B true CN1950775B (zh) | 2011-03-16 |
Family
ID=34966194
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200580013800.6A Expired - Fee Related CN1950775B (zh) | 2004-04-29 | 2005-04-29 | 用于程序执行期间的入侵检测的方法,设备和计算机*** |
Country Status (7)
Country | Link |
---|---|
US (1) | US20070245419A1 (zh) |
EP (1) | EP1745340B1 (zh) |
JP (1) | JP2007535067A (zh) |
CN (1) | CN1950775B (zh) |
AT (1) | ATE505766T1 (zh) |
DE (1) | DE602005027454D1 (zh) |
WO (1) | WO2005106619A1 (zh) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1995682A1 (fr) | 2007-05-21 | 2008-11-26 | Stmicroelectronics Sa | Personnalisation d'un microprocesseur et procédé de protection de données |
CN100504905C (zh) * | 2007-11-16 | 2009-06-24 | 中国科学院软件研究所 | 数据库恶意事务处理方法及其*** |
US9135442B1 (en) * | 2008-05-30 | 2015-09-15 | Symantec Corporation | Methods and systems for detecting obfuscated executables |
US20120159193A1 (en) * | 2010-12-18 | 2012-06-21 | Microsoft Corporation | Security through opcode randomization |
WO2016015049A2 (en) * | 2014-07-25 | 2016-01-28 | Trenchware, Inc. | Detection and remediation of malware within firmware of devices |
US11093603B2 (en) * | 2015-08-26 | 2021-08-17 | Robotic Research, Llc | System and method for protecting software from buffer overruns |
US10185550B2 (en) | 2016-09-28 | 2019-01-22 | Mcafee, Inc. | Device-driven auto-recovery using multiple recovery sources |
US11296935B2 (en) | 2016-12-30 | 2022-04-05 | Intel Corporation | Service provision to IoT devices |
JP7495371B2 (ja) | 2021-03-29 | 2024-06-04 | 株式会社日立製作所 | 制御装置、不正命令検知方法及びプログラム |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5528508A (en) * | 1993-02-19 | 1996-06-18 | International Business Machines Corporation | System and method for verifying a hierarchical circuit design |
US6006328A (en) * | 1995-07-14 | 1999-12-21 | Christopher N. Drake | Computer software authentication, protection, and security system |
US6446221B1 (en) * | 1999-05-19 | 2002-09-03 | Arm Limited | Debug mechanism for data processing systems |
US7117532B1 (en) * | 1999-07-14 | 2006-10-03 | Symantec Corporation | System and method for generating fictitious content for a computer |
US7430670B1 (en) * | 1999-07-29 | 2008-09-30 | Intertrust Technologies Corp. | Software self-defense systems and methods |
US6826697B1 (en) * | 1999-08-30 | 2004-11-30 | Symantec Corporation | System and method for detecting buffer overflow attacks |
US7296274B2 (en) * | 1999-11-15 | 2007-11-13 | Sandia National Laboratories | Method and apparatus providing deception and/or altered execution of logic in an information system |
US7270193B2 (en) * | 2000-02-14 | 2007-09-18 | Kabushiki Kaisha Toshiba | Method and system for distributing programs using tamper resistant processor |
US6986046B1 (en) * | 2000-05-12 | 2006-01-10 | Groove Networks, Incorporated | Method and apparatus for managing secure collaborative transactions |
US20020138748A1 (en) * | 2001-03-21 | 2002-09-26 | Hung Andy C. | Code checksums for relocatable code |
US7487330B2 (en) * | 2001-05-02 | 2009-02-03 | International Business Machines Corporations | Method and apparatus for transferring control in a computer system with dynamic compilation capability |
US7392541B2 (en) * | 2001-05-17 | 2008-06-24 | Vir2Us, Inc. | Computer system architecture and method providing operating-system independent virus-, hacker-, and cyber-terror-immune processing environments |
GB2396930B (en) * | 2002-11-18 | 2005-09-07 | Advanced Risc Mach Ltd | Apparatus and method for managing access to a memory |
US7565551B2 (en) * | 2003-02-19 | 2009-07-21 | Microsoft Corporation | Enhancing software integrity through installation and verification |
US7555777B2 (en) * | 2004-01-13 | 2009-06-30 | International Business Machines Corporation | Preventing attacks in a data processing system |
-
2005
- 2005-04-29 WO PCT/IB2005/051416 patent/WO2005106619A1/en not_active Application Discontinuation
- 2005-04-29 CN CN200580013800.6A patent/CN1950775B/zh not_active Expired - Fee Related
- 2005-04-29 AT AT05733789T patent/ATE505766T1/de not_active IP Right Cessation
- 2005-04-29 US US11/578,882 patent/US20070245419A1/en not_active Abandoned
- 2005-04-29 JP JP2007510227A patent/JP2007535067A/ja not_active Withdrawn
- 2005-04-29 EP EP05733789A patent/EP1745340B1/en not_active Not-in-force
- 2005-04-29 DE DE602005027454T patent/DE602005027454D1/de active Active
Also Published As
Publication number | Publication date |
---|---|
DE602005027454D1 (de) | 2011-05-26 |
JP2007535067A (ja) | 2007-11-29 |
CN1950775A (zh) | 2007-04-18 |
US20070245419A1 (en) | 2007-10-18 |
WO2005106619A1 (en) | 2005-11-10 |
ATE505766T1 (de) | 2011-04-15 |
EP1745340A1 (en) | 2007-01-24 |
EP1745340B1 (en) | 2011-04-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN1950775B (zh) | 用于程序执行期间的入侵检测的方法,设备和计算机*** | |
CN100423013C (zh) | 加载可信操作***的方法和装置 | |
CN102592082B (zh) | 通过操作码随机化的安全 | |
CN109508536B (zh) | 一种篡改程序流攻击的检测方法和装置 | |
US6260138B1 (en) | Method and apparatus for branch instruction processing in a processor | |
TW201941049A (zh) | 用於轉換詮釋資料處理的指令的系統和方法 | |
CN109643346B (zh) | 控制流完整性 | |
TW201732576A (zh) | 用於控制有界指標的使用的設備及方法 | |
TWI733717B (zh) | 從亂序處理器中的不良儲存-至-負載轉發復原的方法與設備 | |
US10223117B2 (en) | Execution flow protection in microcontrollers | |
DE112017005005T5 (de) | Systeme, vorrichtungen, und verfahren zur plattformsicherheit | |
TW201935305A (zh) | 用於後快取互鎖之系統和方法 | |
CN112328306B (zh) | 一种分支预测器的隔离方法、预测方法及分支预测器 | |
CN103870240A (zh) | 用于超前运行操作的指令分类 | |
CN1758215A (zh) | 更新指令错误状态暂存器 | |
CN101027646A (zh) | 用于处理计算机***上的计算机程序的方法 | |
CN114675889A (zh) | 用于对函数调用的基于硬件的记忆化的装置和方法 | |
CN102591761B (zh) | 用于安全相关的应用中的sw的编码执行的增强型可缩放cpu | |
CN103140847B (zh) | 调节原子存储器操作以防止拒绝服务的攻击 | |
US8271831B2 (en) | Tolerating soft errors by selective duplication | |
US6725362B2 (en) | Method for encoding an instruction set with a load with conditional fault instruction | |
US6816962B2 (en) | Re-encoding illegal OP codes into a single illegal OP code to accommodate the extra bits associated with pre-decoded instructions | |
US7039907B2 (en) | Method of protecting entry addresses | |
KR920003182B1 (ko) | 마이크로프로세서 | |
CN110008726B (zh) | 一种运行时访问控制装置和方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C41 | Transfer of patent application or patent right or utility model | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20090206 Address after: Holland Ian Deho Finn Applicant after: Koninkl Philips Electronics NV Address before: Holland Ian Deho Finn Applicant before: Koninklijke Philips Electronics N.V. |
|
ASS | Succession or assignment of patent right |
Owner name: NXP CO., LTD. Free format text: FORMER OWNER: KONINKLIJKE PHILIPS ELECTRONICS N.V. Effective date: 20090206 |
|
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C17 | Cessation of patent right | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110316 Termination date: 20130429 |