Abstract: A semiconductor device (100) includes: a determination unit (110) configured to determine whether an avoidance condition of inspection of control flow integrity is satisfied (e.g., a degree of similarity with a previous input value is in a predetermined range) based on determination auxiliary information, which is at least an input value in a target code block to be executed among a plurality of code blocks in a predetermined program, and an inspection unit (120) configured to avoid inspection of control flow integrity in the target code block when it is determined that the avoidance condition is satisfied.

Abstract: A semiconductor device (100) includes: first storage means (110) storing, in advance, a plurality of pieces of execution order inspection information (111˜11n) used for inspection of an execution order of a plurality of code blocks in a predetermined program, second storage means (120), which is a cache for the first storage means, and prediction means (130) for predicting a storage area of the execution order inspection information based on prediction auxiliary information in a first code block of the plurality of code blocks and a control flow graph of the program, the storage area being a prefetch target to be prefetched from the first storage means to the second storage means.

Abstract: A semiconductor device (100) includes: a determination unit (110) configured to determine whether an avoidance condition of inspection of control flow integrity is satisfied (e.g., a degree of similarity with a previous input value is in a predetermined range) based on determination auxiliary information, which is at least an input value in a target code block to be executed among a plurality of code blocks in a predetermined program, and an inspection unit (120) configured to avoid inspection of control flow integrity in the target code block when it is determined that the avoidance condition is satisfied.

Abstract: A communication apparatus comprises a rollback control unit to create a second process to roll back a currently working first process thereto; a storage to store states shared by the first and the second processes, the second process taking over a state(s) stored in the storage unit; a buffer; and a timing control unit that controls of timing of rollback. The rollback control unit starts event buffering to store in the buffer all of an event(s) received during when the first process is processing and destined to the first process, and upon completion of the processing of the event by the first process, the rollback control unit performs switching of a working process from the first process to the second process, sends the event(s) stored therein from start of the event buffering to the second process and stop event buffering.

Abstract: A semiconductor device (100) includes: first storage means (110) storing, in advance, a plurality of pieces of execution order inspection information (111˜11n) used for inspection of an execution order of a plurality of code blocks in a predetermined program, second storage means (120), which is a cache for the first storage means, and prediction means (130) for predicting a storage area of the execution order inspection information based on prediction auxiliary information in a first code block of the plurality of code blocks and a control flow graph of the program, the storage area being a prefetch target to be prefetched from the first storage means to the second storage means.

Abstract: A communication apparatus comprises a rollback control unit that rolls back a first process to a second process; and a storage unit to store one or more network states shared by the first process and the second process, the second process enabled to take over or more network states from the first process; wherein the rollback control unit includes a network state control unit that controls to provide delayed updating of at least one of the one or more network states taken over by the second process.

Abstract: A monitoring unit verifies authentication information of a packet received and a rule verification unit verifies authentication information of a rule that matches the packet. The monitoring unit generates authentication information for a packet to be forwarded according to the rule having authentication information verified.

Abstract: A communication apparatus comprises a rollback control unit that rolls back a first process to a second process; and a storage unit to store one or more network states shared by the first process and the second process, the second process enabled to take over or more network states from the first process; wherein the rollback control unit includes a network state control unit that controls to provide delayed updating of at least one of the one or more network states taken over by the second process.

Abstract: A monitoring unit verifies authentication information of a packet received and a rule verification unit verifies authentication information of a rule that matches the packet. The monitoring unit generates authentication information for a packet to be forwarded according to the rule having authentication information verified.

Abstract: A communication apparatus comprises a rollback control unit to create a second process to roll back a currently working first process thereto; a storage to store states shared by the first and the second processes, the second process taking over a state(s) stored in the storage unit; a buffer; and a timing control unit that controls of timing of rollback. The rollback control unit starts event buffering to store in the buffer all of an event(s) received during when the first process is processing and destined to the first process, and upon completion of the processing of the event by the first process, the rollback control unit performs switching of a working process from the first process to the second process, sends the event(s) stored therein from start of the event buffering to the second process and stop event buffering.

Abstract: A communication apparatus comprising: a plurality of communication processes, each performing communication process on a flow associated thereto; a plurality of network interfaces, each of the network interfaces adapted to be connected to a network; a dispatcher that receives a packet from the network interface and dispatches the packet to an associated communication process, based on a dispatch rule that defines association of a flow to a communication process to which the flow is dispatched; and a control unit that performs control to roll back each of the communication processes using saved image thereof.

Abstract: A communication apparatus comprising a plurality of communication processes, each of the communication processes configured to be executed in an environment allocated thereto and isolated from each of one or more environments arranged for remaining one or more processes, each of the communication processes performing communication processing on a flow associated thereto, a network interface connected to a network; a dispatcher that dispatches a packet to the communication process based on a dispatch rule that defines association of a flow with a communication process.

Abstract: A communication apparatus comprising: a plurality of communication processes, each performing communication process on a flow associated thereto; a plurality of network interfaces, each of the network interfaces adapted to be connected to a network; a dispatcher that receives a packet from the network interface and dispatches the packet to an associated communication process, based on a dispatch rule that defines association of a flow to a communication process to which the flow is dispatched; and a control unit that performs control to roll back each of the communication processes using saved image thereof.

Abstract: A communication apparatus comprising a plurality of communication processes, each of the communication processes configured to be executed in an environment allocated thereto and isolated from each of one or more environments arranged for remaining one or more processes, each of the communication processes performing communication processing on a flow associated thereto, a network interface connected to a network; a dispatcher that dispatches a packet to the communication process based on a dispatch rule that defines association of a flow with a communication process.

Abstract: A method for operating a computing system with a trusted processor include generating a secret cryptographic key based on a physically unclonable function in at least one hardware component in the trusted processor, generating a first public key and first private key using first secret cryptographic key, and executing instruction code corresponding to a first software program. The method further includes generating output data with the trusted processor during execution of the first software program, generating encrypted data corresponding to the output data using the first public key for at least a portion of the encryption, generating a signature of the encrypted data, and transmitting with an input/output (I/O) interface operatively connected to the trusted processor the encrypted data and the signature for storage in an untrusted memory.

Abstract: A method, system, and apparatus for verifying integrity and execution state of an untrusted computer. In one embodiment, the method includes placing a verification function in memory on the untrusted computer; invoking the verification function from a trusted computer; determining a checksum value over memory containing both the verification function and the execution state of a processor and hardware on the untrusted computer; sending the checksum value to the trusted computer; determining at the trusted computer whether the checksum value is correct; and determining at the trusted computer whether the checksum value is received within an expected time period.

Abstract: A method for operating a computing system with a trusted processor include generating a secret cryptographic key based on a physically unclonable function in at least one hardware component in the trusted processor, generating a first public key and first private key using first secret cryptographic key, and executing instruction code corresponding to a first software program. The method further includes generating output data with the trusted processor during execution of the first software program, generating encrypted data corresponding to the output data using the first public key for at least a portion of the encryption, generating a signature of the encrypted data, and transmitting with an input/output (I/O) interface operatively connected to the trusted processor the encrypted data and the signature for storage in an untrusted memory.

Abstract: A method of serving content to multiple clients via a network is provided. Independent sessions with each of a plurality of clients are maintained, wherein the number of clients in the plurality of clients can vary over time, and wherein the start of each session and the end of each session can be independent of the start and end of other sessions. A stream of packet payloads is received, each packet payload of the stream of packet payloads including data generated from the content, wherein each packet payload in at least a subset of the stream of packet payloads includes a different set of data. Each packet payload in the stream of packet payloads is transmitted to each client of the plurality of clients in corresponding packets, wherein the packet payload transmitted to a client at any particular time is independent of the state of the corresponding session.

Abstract: Systems and methods are provided for preventing unauthorized modification of an operating system. The system includes an operating system comprised of kernel code for controlling access to operation of a processing unit. The system further includes an enforcement agent executing at a higher privilege than the kernel code such that any changes to the kernel code are approved by the enforcement agent prior to execution.

Abstract: A network reputation system and its controlling method are provided. A credential and exchange component permits a user to generate credentials and exchange matching items with those persons having a social relationship with the user. A reputation evaluation component enables other users to make evaluations about an estimatee via the sharing of social network information. A query and response component receives a query from a person having a social relationship with the user for requesting an evaluation about the estimatee, and responds with an associated evaluation result to the person having a social relationship with the user, via the sharing of social network information and the evaluations made by the other users about the estimatee.