Simulated computer system for monitoring of software performance
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-011/00
출원번호
US-0255566
(2002-09-25)
등록번호
US-7356736
(2008-04-08)
발명자
/ 주소
Natvig,Kurt
출원인 / 주소
Norman Asa
대리인 / 주소
Townsend and Townsend and Crew LLP
인용정보
피인용 횟수 :
186인용 특허 :
10
초록▼
A system S is defined which is capable of simulating a computer (virtual computer, VC) for the purpose of software performance monitoring. The system is implemented as a set of software modules (SM) that can be exchanged to change the behavior of the VC. The VC is driven by a CPU emulator, and can r
A system S is defined which is capable of simulating a computer (virtual computer, VC) for the purpose of software performance monitoring. The system is implemented as a set of software modules (SM) that can be exchanged to change the behavior of the VC. The VC is driven by a CPU emulator, and can run any operating system (virtual operating system, VOS) that is supported by the available SM's. The system is designed to log accesses to system resources and the nature of these accesses. The system is particularly useful for determining whether an executable or file contains an unknown virus, with a very low risk of false positives. Detected viruses include encrypted, polymorphic, metamorphic and other virus types.
대표청구항▼
What is claimed is: 1. A computer-implemented method of testing a program in a virtual environment to determine whether the program includes damaging software or a virus, the method comprising: providing a simulated computer system in a real computer system, the simulated computer system including
What is claimed is: 1. A computer-implemented method of testing a program in a virtual environment to determine whether the program includes damaging software or a virus, the method comprising: providing a simulated computer system in a real computer system, the simulated computer system including software modules for simulating resources including hardware devices and software; executing a program under test, Ptest, in the simulated computer system until a stop condition occurs; and determining whether a simulated resource has been written to or accessed, and if so, reassigning Ptest to be at least a portion of a simulated resource that was written to or accessed, and thereafter re-executing Ptest in the simulated computer system until a stop condition occurs; and determining whether re-execution of Ptest causes a similar action or whether the simulated computer is unbootable, wherein if both steps of determining show the same or a similar result, the program under test is identified as including a virus, wherein if the simulated computer is unbootable upon re-execution, the program under test is identified as including damaging software, and wherein otherwise the program under test is identified as not containing damaging software or a virus. 2. The method of claim 1, wherein a stop condition includes one of a natural program termination, and one or more exceptions triggered by the emulated program. 3. The method of claim 1, wherein the simulated resources include a simulated storage device. 4. The method of claim 3, wherein the step of determining includes determining whether the simulated storage device has been written to, and if so setting Ptest to be the portion of the simulated storage device that was written to. 5. The method of claim 3, wherein the step of determining includes determining whether one of a simulated file (SF), a simulated master boot sector (SMBS) and a simulated system boot sector (SSBS) has been written to, and if so setting Ptest to be at least a portion of the SF, SMBS or-SSBS that was written to. 6. The method of claim 1, the simulated resources include a virtual network device, and wherein the step of determining includes determining whether an attempt has been made to transfer a file using the virtual network device, and if so setting Ptest to be at least a portion of the file.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (10)
Chen Chia-Hwang ; Luo Chih-Ken, Anti-virus agent for use with databases and mail servers.
Fischer, Peter; Feldkamp, Andrew; Rodriguez, Nelson; Edwards, Joshua, Bi-directional data security for supervisor control and data acquisition networks.
Fischer, Peter; Feldkamp, Andrew; Rodriguez, Nelson; Edwards, Joshua, Bi-directional data security for supervisor control and data acquisition networks.
Fischer, Peter; Feldkamp, Andrew; Rodriguez, Nelson; Edwards, Joshua, Bi-directional data security for supervisor control and data acquisition networks.
Kamalahasan, Mahalingam; Padmore, Christopher, Computer system and computer-implemented method for load testing a service-oriented architecture service.
Polychronakis, Michalis; Keromytis, Angelos, Detecting return-oriented programming payloads by evaluating data for a gadget address space address and determining whether operations associated with instructions beginning at the address indicate a return-oriented programming payload.
Polychronakis, Michalis; Keromytis, Angelos D., Detecting return-oriented programming payloads by evaluating data for a gadget address space address and determining whether operations associated with instructions beginning at the address indicate a return-oriented programming payload.
Singh, Abhishek; Mesdaq, Ali; Das, Anirban; Jain, Varun, Framework for classifying an object as malicious with machine learning for deploying updated predictive models.
Ismael, Osman Abdoul; Song, Dawn; Ha, Phung-Te; Gilbert, Peter J.; Xue, Hui, Framework for computer application analysis of sensitive information tracking.
Ismael, Osman Abdoul; Song, Dawn; Aziz, Ashar; Johnson, Noah; Mettler, Adrian Matthew, Framework for efficient security coverage of mobile software applications that is usable to harden in the field code.
Ismael, Osman Abdoul; Song, Dawn; Ha, Phung-Te; Gilbert, Peter J.; Xue, Hui, Framework for efficient security coverage of mobile software applications using machine learning.
Ismael, Osman Abdoul; Song, Dawn; Xue, Hui, Framework for efficient security coverage of mobile software applications using symbolic execution to reach regions of interest within an application.
Thioux, Emmanuel; Amin, Muhammad; Kindlund, Darien; Pilipenko, Alex; Vincent, Michael, Malicious content analysis using simulated user interaction without user involvement.
Thioux, Emmanuel; Amin, Muhammad; Kindlund, Darien; Pilipenko, Alex; Vincent, Michael, Malicious content analysis using simulated user interaction without user involvement.
Khalid, Yasir; Amin, Muhammad; Jing, Emily; Rizwan, Muhammad, Malicious content analysis with multi-version application support within single operating environment.
Khalid, Yasir; Amin, Muhammad; Jing, Emily; Rizwan, Muhammad, Malicious content analysis with multi-version application support within single operating environment.
Ismael, Osman Abdoul; Song, Dawn; Aziz, Ashar; Johnson, Noah; Mettler, Adrian Matthew, Security cloud service framework for hardening in the field code of mobile software applications.
Thioux, Emmanuel; Amin, Muhammad; Ismael, Osman Abdoul, System and method for analysis of a memory dump associated with a potentially malicious content suspect.
Paithane, Sushant; Vashist, Sai; Yang, Raymond; Khalid, Yasir, System and method for detecting file altering behaviors pertaining to a malicious attack.
Rivlin, Alexandr; Mehra, Divyesh; Uyeno, Henry; Pidathala, Vinay, System and method for determining a threat based on correlation of indicators of compromise from other sources.
Sallam, Ahmed Said, System and method for securing an input/output path of an application against malware with a below-operating system security agent.
Kumar, Vineet; Otvagin, Alexander; Borodulin, Nikita, System and method for triggering analysis of an object for malware in response to modification of that object.
Rivlin, Alexandr; Mehra, Divyesh; Uyeno, Henry; Pidathala, Vinay, System and method of detecting delivery of malware based on indicators of compromise from different sources.
Aziz, Ashar; Amin, Muhammad; Ismael, Osman Abdoul; Bu, Zheng, System, apparatus and method for automatically verifying exploits within suspect objects and highlighting the display information associated with the verified exploits.
Singh, Abhishek; Lin, Yichong; Mukherjee, Angshuman; Bu, Zheng, System, apparatus and method for classifying a file as malicious using static scanning.
Khalid, Yasir; Deshpande, Shivani; Amin, Muhammad, System, apparatus and method for detecting a malicious attack based on static analysis of a multi-flow object.
Ismael, Osman Abdoul, System, apparatus and method for using malware analysis results to drive adaptive instrumentation of virtual machines to improve exploit detection.
Ismael, Osman Abdoul, System, apparatus and method for using malware analysis results to drive adaptive instrumentation of virtual machines to improve exploit detection.
Karandikar, Shrikrishna; Amin, Muhammad; Deshpande, Shivani; Khalid, Yasir, System, device and method for detecting a malicious attack based on communcations between remotely hosted virtual machines and malicious web servers.
Karandikar, Shrikrishna; Amin, Muhammad; Deshpande, Shivani; Khalid, Yasir, System, device and method for detecting a malicious attack based on direct communications between remotely hosted virtual machines and malicious web servers.
Sidiroglou, Stylianos; Keromytis, Angelos D.; Stolfo, Salvatore J., Systems, methods, and media protecting a digital data processing device from attack.
Sidiroglou, Stylianos; Keromytis, Angelos D.; Stolfo, Salvatore J., Systems, methods, and media protecting a digital data processing device from attack.
Goradia, Harnish; Ismael, Osman Abdoul; Johnson, Noah M.; Mettler, Adrian; Aziz, Ashar, User interface with real-time visual playback along with synchronous textual analysis log display and event/time index for anomalous behavior detection in applications.
Goradia, Harnish; Ismael, Osman Abdoul; Johnson, Noah M.; Mettler, Adrian; Aziz, Ashar, User interface with real-time visual playback along with synchronous textual analysis log display and event/time index for anomalous behavior detection in applications.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.