Abstract: Various technologies related to control flow integrity checking are described herein and can be used to greatly improve software security. During static analysis, a canonical control flow graph can be built. Execution of a program can be interrupted at runtime, and the call stack can be observed to verify control flow integrity of the program using the canonical control flow graph. Attacks using stack tampering can be avoided, regardless of how the stack tampering is achieved. Non-invasive techniques can be used, making the technologies applicable in situations where source code is not available. Real-time operating system protection can be supported.

Abstract: Various technologies related to control flow integrity checking are described herein and can be used to greatly improve software security. During static analysis, a canonical control flow graph can be built. Execution of a program can be interrupted at runtime, and the call stack can be observed to verify control flow integrity of the program using the canonical control flow graph. Attacks using stack tampering can be avoided, regardless of how the stack tampering is achieved. Non-invasive techniques can be used, making the technologies applicable in situations where source code is not available. Real-time operating system protection can be supported.

Abstract: Various technologies related to control flow integrity checking are described herein and can be used to greatly improve software security. During static analysis, a canonical control flow graph can be built. Execution of a program can be interrupted at runtime, and the call stack can be observed to verify control flow integrity of the program using the canonical control flow graph. Attacks using stack tampering can be avoided, regardless of how the stack tampering is achieved. Non-invasive techniques can be used, making the technologies applicable in situations where source code is not available. Real-time operating system protection can be supported.

Abstract: Various technologies related to control flow integrity checking are described herein and can be used to greatly improve software security. During static analysis, a canonical control flow graph can be built. Execution of a program can be interrupted at runtime, and the call stack can be observed to verify control flow integrity of the program using the canonical control flow graph. Attacks using stack tampering can be avoided, regardless of how the stack tampering is achieved. Non-invasive techniques can be used, making the technologies applicable in situations where source code is not available. Real-time operating system protection can be supported.

Abstract: Sets of multiple software programs selected from a set of candidate software programs are evaluated to determine if the applications can collude to violate a security policy and exhibit other undesirable properties. Intra- and inter-application data and control flows can be stored and newly introduced applications assessed based on stored data and control flows. An application provider can certify sets of applications as satisfying a security policy based on consideration of inter-application flows.

Abstract: Network attacks can be evaluated to determine typical responses provided by networks configured to provide services. Typically, service requests directed to a selected address are associated with data or a data streams responsive to requests to selected addresses. These responses are used to define scripts that can be executed by decoy nodes responsive to service requests at the selected addresses. Receipt of a request for services at an unused IP address and port number can trigger playback of the associated script, typically as a data stream mimicking that produced by an operational network.

Abstract: Methods and apparatuses for accessing documents in a multi-security domain environment are described herein. The novel methods may be processor implemented methods and may include saving by a processor from a first to a second security domain a version of a document, wherein the first security is a higher security domain than the second security domain. As part of the saving operation, a determination may be made as to whether the document includes one or more components not to be accessible through the second security domain, and writing the components of the document excluding the one or more components determined not to be accessible through the second security domain into the second security domain. The methods may further include opening the document through the security domain by determining whether a version of the document has been saved to the second security domain, and if so, merging a copy of modifications made to version of the document, if there are any, into the document being open.

Abstract: Methods and apparatuses for accessing documents in a multi-security domain environment are described herein. The novel methods may be processor implemented methods and may include saving by a processor from a first to a second security domain a version of a document, e.g., a wiki webpage with multiple tear portions, wherein the first security is a higher security domain than the second security domain. As part of the saving operation, a determination may be made as to whether the document includes one or more components not to be accessible through the second security domain, and writing the components of the document excluding the one or more components determined not to be accessible through the second security domain into the second security domain.

Abstract: This disclosure relates to pairing of a different cryptographic key with each pointer in a data structure to form a crypto-pointer. The cryptographic key is used to encrypt the contents of all data stored at the physical location on the storage device indicated by the pointer. Preferably the only data accessible in an unencrypted form is contained in cells that are reachable from root-set crypto-pointers. Once the crypto-pointer associated with a particular memory cell is deleted, normally by overwriting or explicitly zeroing the crypto-pointer, the contents of the memory cell become inaccessible because the data stored at that cell is in encrypted form (cipher text) and the crypto-pointer that included the cryptographic key for decrypting the cipher text has been deleted from the system.