Abstract: Instruction set architecture (ISA) extension support is described for control-flow integrity (CFI) and for XFI memory protection. ISA replaces CFI guard code with single instructions. ISA support is provided for XFI in the form of bounds-check instructions. Compared to software guards, hardware support for CFI and XFI increases the efficiency and simplicity of enforcement. In addition, the semantics for CFI instructions allows more precise static control-flow graph encodings than were possible with a prior software CFI implementation.

Abstract: Methods and systems are disclosed for providing secure transmissions across a network comprising a transmitting device and a receiving device. At the transmitting device, a stream of watermark bits is generated. Next, a plurality of watermarks is generated, each of the plurality of watermarks comprising an index number and a portion of the stream of watermark bits. The watermarks are inserted into each header of a plurality of outgoing packets. At the receiving device, the plurality of outgoing packets are received and it is determined if a received packet is valid based on the watermark in the header of the received packet. The stream of watermark bits may be generated using a stream cipher such as RC4, a block cipher such as 3DES in CBC mode, or other equivalent pseudo-random stream generating techniques.

Abstract: A verifier performs static checks of machine code to ensure that the code will execute safely. After verification is performed, the code is executed. The code modules generated by the rewriter and verified by the verifier prevent runtime code modifications so that properties established by the verifier cannot be invalidated during execution. Guards ensure that control flows only as expected. Stack data that must be shared within a code module, and which may therefore be corrupted during execution, is placed on a separate data stack. Other stack data remains on the regular execution stack, called the control stack. Multiple memory accesses can be checked by a single memory-range guard, optimized for fast access to the most-frequently used memory.

Abstract: Methods and systems are disclosed for providing secure transmissions across a network comprising a transmitting device and a receiving device. At the transmitting device, a stream of watermark bits is generated. Next, a plurality of watermarks is generated, each of the plurality of watermarks comprising an index number and a portion of the stream of watermark bits. The watermarks are inserted into each header of a plurality of outgoing packets. At the receiving device, the plurality of outgoing packets are received and it is determined if a received packet is valid based on the watermark in the header of the received packet. The stream of watermark bits may be generated using a stream cipher such as RC4, a block cipher such as 3DES in CBC mode, or other equivalent pseudo-random stream generating techniques.

Abstract: Unobservable memory regions, referred to as stealth memory regions, are allocated or otherwise provided to store data whose secrecy is to be protected. The stealth memory is prevented from exposing information about its usage pattern to an attacker or adversary. In particular, the usage patterns may not be deduced via the side-channels.

Abstract: Described herein are one or more implementations that facilitate message-passing over a communication conduit between software processes in a computing environment. More particularly, the implementations described restrict access of one process to another via messages passed over a particular conduit connecting the processes and the access-control restrictions are defined by a contract associated with that particular conduit.

Abstract: General-purpose distributed data-parallel computing using high-level computing languages is described. Data parallel portions of a sequential program that is written by a developer in a high-level language are automatically translated into a distributed execution plan. A set of extensions to a sequential high-level computing language are provided to support distributed parallel computations and to facilitate generation and optimization of distributed execution plans. The extensions are fully integrated with the programming language, thereby enabling developers to write sequential language programs using known constructs while providing the ability to invoke the extensions to enable better generation and optimization of the execution plan for a distributed computing environment.

Abstract: General-purpose distributed data-parallel computing using a high-level language is disclosed. Data parallel portions of a sequential program that is written by a developer in a high-level language are automatically translated into a distributed execution plan. The distributed execution plan is then executed on large compute clusters. Thus, the developer is allowed to write the program using familiar programming constructs in the high level language. Moreover, developers without experience with distributed compute systems are able to take advantage of such systems.

Abstract: Runtime checks on a program may be used to determine whether a pointer points to a legitimate target before the pointer is dereferenced. Legitimate addresses, such as address-taken local variables (ATLVs), global variables, heap locations, functions, etc., are tracked, so that the legitimate targets of pointers are known. The program may be transformed so that, prior to dereferencing a pointer, the pointer is checked to ensure that it points to a legitimate address. If the pointer points to a legitimate address, then the dereferencing may proceed. Otherwise, an error routine may be invoked. One example way to keep track of legitimate addresses is to group address-taken variables together within a specific range or ranges of memory addresses, and to check that a pointer has a value within that range prior to dereferencing the pointer. However, addresses may be tracked in other ways.

Abstract: An improved entity naming scheme employs the use of two sets of names: local names and global names. The local and global naming scheme may be applied to entities that are assigned to a number of different global compartments. Local entities are entities that are assigned to the same compartment, while non-local entities are entities that are assigned to different compartments. Each entity is assigned a local name that is unique among all local entities. Additionally, a number of global entities are identified. Global entities are entities that are referenced by one or more non-local entities. Each global entity is assigned a global name that is unique among all global entities.

Abstract: An altered states engine executes in computer memory, controlling the execution of at least one software component based upon condition dependent rules. Responses to requests for system resources are modified, and code is executed such that the software components execute desired functionality, as specified by the rules.

Abstract: Hash tables comprising load factors of up to and above 97% are disclosed. The hash tables may be associated with three or more hash functions, each hash function being applied to a key to identify a location in a hash table. The load factor of a hash table may be increased, obviating any need to increase the size of the hash table to accommodate more insertions. Such increase in load factor may be accomplished by a combination of increasing the number of cells per bucket in a hash table and increasing the number of hash functions associated with the hash table.

Abstract: Extensions to operating systems or software applications can be hosted in virtual environments to fault isolate the extension. A generic proxy extension invoked by a host process can coordinate the invocation of an appropriate extension in a virtual process that can provide the same support APIs as the host process. Furthermore, a user mode context can be provided to the extension in the virtual process through memory copying or page table modifications. In addition, the virtual process, especially a virtual operating system process running on a virtual machine, can be efficiently started by cloning a coherent state. A coherent state can be created when a virtual machine starts up, or when the computing device starts up and the appropriate parameters are observed and saved. Alternatively, the operating system can create a coherent state by believing there is an additional CPU during the boot process.

Abstract: A device driver includes a hypervisor stub and a virtual machine driver module. The device driver may access device registers while operating within a virtual machine to promote system stability while providing a low-latency software response from the system upon interrupts. Upon receipt of an interrupt, the hypervisor stub may run an interrupt service routine and write information to shared memory. Control is passed to the virtual machine driver module by a reflector. The virtual machine driver module may then read the information from the shared memory to continue servicing the interrupt.

Abstract: Software control flow integrity is provided by embedding identifying bit patterns at computed control flow instruction sources and destinations. The sources and destinations of computed control flow instructions are determined with reference to a control flow graph. The identifying bit patterns are compared during software execution, and a match between a source and a respective destination ensures control flow consistent with the control flow graph. Security measures are implemented when the comparison results in a mismatch, indicating that control flow has deviated from the anticipated course.

Abstract: A device driver includes a kernel mode and a user-mode module. The device driver may access device registers while operating in user-mode to promote system stability while providing a low-latency software response from the system upon interrupts. The device driver may include kernel stubs that are loaded into the operating system, and may be device specific code written. The stubs may be called by a reflector to handle exceptions caught by the stubs. A reset stub may be invoked by the reflector when the user-mode module or host terminates abruptly or detects an interrupt storm. The reset stub may also be invoked if errant DMA operations are being performed by a hardware device. The reset stub may ensure that hardware immediately stops unfinished DMA from further transfer, and may be called by the user-mode driver module.

Abstract: Extensions to operating systems or software applications can be hosted in virtual environments to fault isolate the extension. The virtual environment in which extensions designed to control hardware devices can safely execute can be efficiently created during an initial startup sequence of a host environment by indicating to the host environment that a second processing unit is present in the computing system allowing the host environment to create a coherent state. A virtual process, especially a virtual operating system process running on a virtual machine, can be efficiently started by the created coherent state. A coherent state can be created when an operating system starts up and the appropriate parameters are observed and saved. Alternatively, an operating system of the host environment can create the coherent state by receiving indication of the second processing unit during the boot process.

Abstract: A client-side enforcement mechanism may allow application security policies to be specified at a server in a programmatic manner. Servers may specify security policies as JavaScript functions included in a page returned by the server and run before other scripts. At runtime, and during initial loading, the functions are invoked by the client on each page modification to ensure the page conforms to the security policy. As such, before a mutation takes effect, the policy may transform that mutation and the code and data of the page. Replicated code execution may take place at both the client and the server where the server runs its own shadow copy of a client-side application in a trusted execution environment so that the server may check that the method calls coming from the client correspond to a correct execution of the client-side application The redundant execution at the client can be untrusted, but serves to improve the responsiveness and performance of the Web application.

Abstract: A device driver includes a kernel stub and a user-mode module. The device driver may access device registers while operating in user-mode to promote system stability while providing a low-latency software response from the system upon interrupts. Upon receipt of an interrupt, the kernel stub may run an interrupt service routine and write information to shared memory. Control is passed to the user-mode module by a reflector. The user-mode module may then read the information from the shared memory to continue servicing the interrupt.

Abstract: A machine code computer program may comprise machine code directed to a main task and may contain no operations (NOPs). Some or all of the NOPs may be replaced with auxiliary code. Alternatively, the machine code computer program may be generated with auxiliary code where the NOPs would otherwise be. In some implementations, additional auxiliary code may also be provided in the machine code computer program. The auxiliary code and additional auxiliary code may comprise instructions that provide additional information about the machine code computer program in which they reside and its execution, but otherwise may act as NOPs with regard to the functionality of the machine code computer program.