Abstract: A system, method and media are shown for emulating potentially malicious code involving emulating a first ring of an operating system, emulating a second ring of the operating system, where the second ring has greater access to system resources than the first ring and where the first and second rings are separately emulated, executing a code payload in the emulated first ring, checking the behavior of the executing code payload for suspect behavior, and identifying the code payload as malicious code if suspect behavior is detected. Some examples emulate the second ring by operating system or microarchitecture functionality such that the second ring emulation returns results to the executing code payload, but does not actually perform the functionality in a host platform. Some examples execute the code payload in the emulated first shell at one or more offsets.

Abstract: Examples of systems, methods and media are shown for iteratively emulating potentially malicious code involving, for each offset of a microarchitecture for the code, emulating a first ring of an operating system, executing a segment of code in the emulated first ring, checking the behavior of the executing code for suspect behavior, and identifying the executing code as malicious code if suspect behavior is detected. Some examples include emulating a second ring of the operating system having a higher level of privilege than the first ring, such that the second ring emulation returns results to the executing code segment, but does not actually perform the functionality in a host platform.

Abstract: Examples of systems, methods and media are shown for iteratively emulating potentially malicious code involving, for each offset of a microarchitecture for the code, emulating a first ring of an operating system, executing a segment of code in the emulated first ring, checking the behavior of the executing code for suspect behavior, and identifying the executing code as malicious code if suspect behavior is detected. Some examples include emulating a second ring of the operating system having a higher level of privilege than the first ring, such that the second ring emulation returns results to the executing code segment, but does not actually perform the functionality in a host platform.

Abstract: A system, method and media are shown for emulating potentially malicious code involving emulating a first ring of an operating system, emulating a second ring of the operating system, where the second ring has greater access to system resources than the first ring and where the first and second rings are separately emulated, executing a code payload in the emulated first ring, checking the behavior of the executing code payload for suspect behavior, and identifying the code payload as malicious code if suspect behavior is detected. Some examples emulate the second ring by operating system or microarchitecture functionality such that the second ring emulation returns results to the executing code payload, but does not actually perform the functionality in a host platform. Some examples execute the code payload in the emulated first shell at one or more offsets.

Abstract: The invention is directed to a system for use with a first device in communication with a second device. The system includes a storage medium that is connectable with the first device, a hardened, stand alone, web browser stored on the storage medium, and client authentication data. The web browser uses the client authentication data to facilitate secure communication between the first device and the second device, and the first device communicates with a third device that provides configuration data that includes one or more approved addresses.

Abstract: The invention is directed to a system for use with a first device in communication with a second device. The system includes a storage medium that is connectable with the first device, a hardened, stand alone, web browser stored on the storage medium, and client authentication data. The web browser uses the client authentication data to facilitate secure communication between the first device and the second device, and the first device communicates with a third device that provides configuration data that includes one or more approved addresses.

Abstract: The invention is directed to a secure data communication system and method for use in connection with a potentially untrusted host computer. The system includes a storage medium that is connectable with the potentially untrusted host computer. The system also includes a hardened, stand alone, browser stored on the storage medium. The system can also include client authentication data and/or add-on program data. The browser can use the client authentication data to facilitate secure communications. The system can include has a loader that performs an integrity check of the browser and/or data files and launches the browser only if the browser and associated data files pass the integrity check. The client authentication data can be stored on the storage medium. The storage medium can be read-only, read-write or a combination thereof.

Abstract: The invention is directed to a secure data communication system and method for use in connection with a potentially untrusted host computer. The system includes a storage medium that is connectable with the potentially untrusted host computer. The system also includes a hardened, stand alone, browser stored on the storage medium. The system can also include client authentication data and/or add-on program data. The browser can use the client authentication data to facilitate secure communications. The system can include has a loader that performs an integrity check of the browser and/or data files and launches the browser only if the browser and associated data files pass the integrity check. The client authentication data can be stored on the storage medium. The storage medium can be read-only, read-write or a combination thereof.