Abstract: According to some illustrative embodiments, a method for blending the data of an execution environment and the data of the protected application includes modifying the data values of the protected application using the values of the execution environment in a semantically-neutral manner or modifying the data values of the execution environment using the values of the protected application in a semantically-neutral manner.

Abstract: According to some illustrative embodiments of the invention, a method is performed that includes using a representation of a computer software program, using identified addresses which correspond to a part of the representation, and converting the representation into a created binary program, which includes reserving spaces at the identified addresses in the created binary program's address space at the same addresses as the identified addresses in the representation.

Abstract: Methods and systems are described for detecting command injection attacks. A positive, taint inference method includes receiving signature fragments on one hand, converting command injection instructions into command fragments on another hand, thus identifying potential attacks upon the condition that a command injection instruction includes critical untrusted parts by using signature fragments. A system detects command injection attacks using this kind of method, and remediates and rejects potential attacks.

Abstract: Methods and systems are described for detecting command injection attacks. A positive, taint inference method includes receiving signature fragments on one hand, converting command injection instructions into command fragments on another hand, thus identifying potential attacks upon the condition that a command injection instruction includes critical untrusted parts by using signature fragments. A system detects command injection attacks using this kind of method, and remediates and rejects potential attacks.

Abstract: Systems and methods for relocating executable instructions to arbitrary locations are described, in which the relocation of the instructions may be arbitrary or random, and may operate on groups of instructions or individual instructions. Such relocation may be achieved through hardware or software, and may use a virtual machine, software dynamic translators, interpreters, or emulators. Instruction relocation may use or produce a specification governing how to relocate the desired instructions. Randomizing the location of instructions provides defenses against a variety of security attacks. Such systems and methods may provide many advantages over other instruction relocation techniques, such as low runtime overhead, no required user interaction, applicability post-deployment, and the ability to operate on arbitrary executable programs.

Abstract: Method, system and computer program product for applying existing anti-tampering and obfuscation techniques to virtual machine technology and offers several distinct advantages. The anti-tampering and obfuscation transforms can be applied continuously to prevent adversaries from gaining information about the program through emulation or dynamic analysis. In addition, the encryption can be used to prevent hackers from gaining information using static attacks. The use of a virtual machine also allows for low overhead execution of the obfuscated binaries as well as finer adjustment of the amount of overhead that can be tolerated. In addition, more protection can be applied to specific portions of the application that can tolerate slowdown. The in-corporation of a virtual machine also makes it easy to extend the technology to integrate new developments and resistance mechanisms, leading to less development time, increased savings, and quicker deployment.

Abstract: According to some illustrative embodiments, a method for blending the data of an execution environment and the data of the protected application includes modifying the data values of the protected application using the values of the execution environment in a semantically-neutral manner or modifying the data values of the execution environment using the values of the protected application in a semantically-neutral manner.

Abstract: According to some illustrative embodiments of the invention, a method is performed that includes using a representation of a computer software program, using identified addresses which correspond to a part of the representation, and converting the representation into a created binary program, which includes reserving spaces at the identified addresses in the created binary program's address space at the same addresses as the identified addresses in the representation.

Abstract: Methods and systems are described for detecting command injection attacks. A positive, taint inference method includes receiving signature fragments on one hand, converting command injection instructions into command fragments on another hand, thus identifying potential attacks upon the condition that a command injection instruction includes critical untrusted parts by using signature fragments. A system detects command injection attacks using this kind of method, and remediates and rejects potential attacks.

Abstract: Method, system and computer program product for applying existing anti-tampering and obfuscation techniques to virtual machine technology and offers several distinct advantages. The anti-tampering and obfuscation transforms can be applied continuously to prevent adversaries from gaining information about the program through emulation or dynamic analysis. In addition, the encryption can be used to prevent hackers from gaining information using static attacks. The use of a virtual machine also allows for low overhead execution of the obfuscated binaries as well as finer adjustment of the amount of overhead that can be tolerated. In addition, more protection can be applied to specific portions of the application that can tolerate slowdown. The in-corporation of a virtual machine also makes it easy to extend the technology to integrate new developments and resistance mechanisms, leading to less development time, increased savings, and quicker deployment.

Abstract: Method, system and computer program product for applying existing anti-tampering and obfuscation techniques to virtual machine technology and offers several distinct advantages. The anti-tampering and obfuscation transforms can be applied continuously to prevent adversaries from gaining information about the program through emulation or dynamic analysis. In addition, the encryption can be used to prevent hackers from gaining information using static attacks. The use of a virtual machine also allows for low overhead execution of the obfuscated binaries as well as finer adjustment of the amount of overhead that can be tolerated. In addition, more protection can be applied to specific portions of the application that can tolerate slowdown. The in-corporation of a virtual machine also makes it easy to extend the technology to integrate new developments and resistance mechanisms, leading to less development time, increased savings, and quicker deployment.

Abstract: Methods and systems are described for detecting command injection attacks. A positive, taint inference method includes receiving signature fragments on one hand, converting command injection instructions into command fragments on another hand, thus identifying potential attacks upon the condition that a command injection instruction includes critical untrusted parts by using signature fragments. A system detects command injection attacks using this kind of method, and remediates and rejects potential attacks.

Abstract: A method and system for relocating executable instructions to arbitrary locations are disclosed. The instruction relocation may be arbitrary or random, and may operate on groups of instructions or individual instructions. Such relocation may be achieved through hardware or software, and may use a virtual machine, software dynamic translators, interpreters, or emulators. Instruction relocation may use or produce a specification governing how to relocate the desired instructions. Randomizing the location of instructions provides defenses against a variety of security attacks. The disclosed embodiments provide many advantages over other instruction relocation techniques, such as low runtime overhead, no required user interaction, applicability post-deployment, and the ability to operate on arbitrary executable programs.

Abstract: Method, system and computer program product for applying existing anti-tampering and obfuscation technique to virtual machine technology and offers several distinct advantages. The anti-tampering and obfuscation transforms can be applied continuously to prevent adversaries from gaining information about the program through emulation or dynamic analysis. In addition, the encryption can be used to prevent hackers from gaining information using static attacks. The use of a virtual machine also allows for low overhead execution of the obfuscated binaries as well as finer adjustment of the amount of overhead that can be tolerated. In addition, more protection can be applied to specific portions of the application that can tolerate slowdown. The incorporation of a virtual machine also makes it easy to extend the technology to integrate new developments and resistance mechanisms, leading to less development time, increased savings, and quicker deployment.