Abstract: Disclosed are devices, systems, apparatus, methods, products, and other implementations, including a method that includes receiving a block of information from non-processor memory at an interface between the non-processor memory and processor memory comprising two or more processor memory levels, determining whether the block of information received from the non-processor memory at the interface corresponds to encrypted instruction code, and decrypting the block of information at the interface between the non-processor memory and the processor memory for storage in one of the two or more levels of the processor memory in response to a determination that the received block of information corresponds to the encrypted instruction code. The block of information is stored at the one of the two or more levels of the processor memory without being decrypted when the received block of information is determined to correspond to data.

Abstract: Systems, methods, and media for detecting the presence of return-oriented programming (ROP) payloads are provided, comprising; identifying a potential gadget address space; determining if a piece of the data corresponds to an address of the potential gadget address space; and in response to determining that the piece of the data corresponds to an address of the potential gadget address space: determining whether a plurality of operations, each associated one of a plurality instructions beginning at the address, indicates that an ROP payload is present in the data, and indicating that an ROP payload is present in the data in response to making a determination that a plurality of operations indicates that an ROP payload is present in the data a given number of times.

Abstract: Disclosed are devices, systems, apparatus, methods, products, and other implementations, including a method that includes receiving a block of information from non-processor memory at an interface between the non-processor memory and processor memory comprising two or more processor memory levels, determining whether the block of information received from the non-processor memory at the interface corresponds to encrypted instruction code, and decrypting the block of information at the interface between the non-processor memory and the processor memory for storage in one of the two or more levels of the processor memory in response to a determination that the received block of information corresponds to the encrypted instruction code. The block of information is stored at the one of the two or more levels of the processor memory without being decrypted when the received block of information is determined to correspond to data.

Abstract: Systems, methods, and media for detecting the presence of return-oriented programming (ROP) payloads are provided, comprising; identifying a potential gadget address space; determining if a piece of the data corresponds to an address of the potential gadget address space; and in response to determining that the piece of the data corresponds to an address of the potential gadget address space: determining whether a plurality of operations, each associated one of a plurality instructions beginning at the address, indicates that an ROP payload is present in the data, and indicating that an ROP payload is present in the data in response to making a determination that a plurality of operations indicates that an ROP payload is present in the data a given number of times.

Abstract: The present invention provides a microbilling system that integrates with existing billing systems and existing devices. In a preferred embodiment of the invention, the devices store digital certificates with short-lived expiration dates and specifying transaction limits, preferably using a trust management system. A provisioning agent periodically (e.g., once a day) issues the certificates over a secure channel to the devices. When conducting a purchase transaction, the devices exchange certificates via a communication channel (that need not be secure) and the purchasing device issues a digitally signed electronic check which is periodically deposited over an advantageously secure channel with a clearing service. The present invention enables microbilling transactions by embedding liability in the certificates.

Abstract: The present invention provides a microbilling system that integrates with existing billing systems and existing devices. In a preferred embodiment of the invention, the devices store digital certificates with short-lived expiration dates and specifying transaction limits, preferably using a trust management system. A provisioning agent periodically (e.g., once a day) issues the certificates over a secure channel to the devices. When conducting a purchase transaction, the devices exchange certificates via a communication channel (that need not be secure) and the purchasing device issues a digitally signed electronic check which is periodically deposited over an advantageously secure channel with a clearing service. The present invention enables microbilling transactions by embedding liability in the certificates.

Abstract: The present invention provides a microbilling system that integrates with existing billing systems and existing devices. In a preferred embodiment of the invention, the devices store digital certificates with short-lived expiration dates and specifying transaction limits, preferably using a trust management system. A provisioning agent periodically (e.g., once a day) issues the certificates over a secure channel to the devices. When conducting a purchase transaction, the devices exchange certificates via a communication channel (that need not be secure) and the purchasing device issues a digitally signed electronic check which is periodically deposited over an advantageously secure channel with a clearing service. The present invention enables microbilling transactions by embedding liability in the certificates.

Abstract: Methods, media and systems for responding to a Denial of Service (DoS) attack are provided. In some embodiments, a method includes detecting a DoS attack, migrating one or more processes that provide a service to an unaffected system; authenticating users that are authorized to use the service; and routing traffic generated by authenticated users to the unaffected system.

Abstract: In accordance with the present invention, computer implemented methods and systems are provided that allow an application to automatically recover from software failures and attacks. Using one or more sensors, failures may be detected in the application. In response to detecting the failure, the portion of the application's code that caused the failure is isolated. Using the input vectors that caused the failure, information regarding the failure (e.g., the type of failure), a core dump file (e.g., stack trace), etc., an emulator-based vaccine that repairs the failure is constructed. In response to verifying that the vaccine repaired the failure, the application is automatically updated with the emulator-based vaccine without user intervention. Application community features that efficiently use the resources available in software monoculture is also provided.

Abstract: Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems are provided. These systems and methods provide an alert correlator and an alert distributor that enable early signs of an attack to be detected and rapidly disseminated to collaborating systems. The alert correlator utilizes data structures to correlate alert detections and provide a mechanism through which threat information can be revealed to other collaborating systems. The alert distributor uses an efficient technique to group collaborating systems and then pass data between certain members of those groups according to a schedule. In this way data can be routinely distributed without generating excess traffic loads.

Abstract: The present invention provides a microbilling system that integrates with existing billing systems and existing devices. In a preferred embodiment of the invention, the devices store digital certificates with short-lived expiration dates and specifying transaction limits, preferably using a trust management system. A provisioning agent periodically (e.g., once a day) issues the certificates over a secure channel to the devices. When conducting a purchase transaction, the devices exchange certificates via a communication channel (that need not be secure) and the purchasing device issues a digitally signed electronic check which is periodically deposited over an advantageously secure channel with a clearing service. The present invention enables microbilling transactions by embedding liability in the certificates.