Abstract: A method is provided for a host node in a computer network to determine its coordinates in a d-dimensional network space, comprising discovering an address of a peer node in the network, measuring network latency between the host node and the peer node, determining whether network latency has been measured for at least d+1 peer nodes, where, if network latency has not been measured for at least d+1 peer nodes, estimating the network coordinates of the host node, and where, if network latency has been measured for at least d+1 peer nodes, calculating the network coordinates of the host node using d+1 measured latencies.

Abstract: A topology management process is implemented which involves removing or “tearing down” connections between nodes in certain situations in order to try to replace those connections with more optimal ones. Idle connections are torn down unless those are in a “notify” state; a notify state being one in which a request for content has been made to a neighbour but that neighbour has no available content as yet. Idle connections in a notify state are torn down only if they remain idle for a longer time than that required before an idle connection is torn down. To avoid problems caused by clusters of node forming and of loners being unable to join the cloud, network churn algorithms are taught. These involve requiring nodes to drop connections when specified conditions are met. Relative content distribution between connections is monitored and this information used to influence selection of those connections to drop.

Abstract: A method is provided for a host node in a computer network to determine its coordinates in a d-dimensional network space, comprising discovering an address of a peer node in the network, measuring network latency between the host node and the peer node, determining whether network latency has been measured for at least d+1 peer nodes, where, if network latency has not been measured for at least d+1 peer nodes, estimating the network coordinates of the host node, and where, if network latency has been measured for at least d+1 peer nodes, calculating the network coordinates of the host node using d+1 measured latencies.

Abstract: A containment system may include a protection system which may protect the computing device from future attacks. For example, a patch may be automatically generated which resolves a detected vulnerability in a program. IN another example, a filter may be automatically generated which filters actions and/or messages which take advantage of a detected vulnerability in a program.

Abstract: A containment system may include generating and/or sending an alert as the basis for safely sharing knowledge about detected worms. An alert may contain information that proves that a given program has a vulnerability. The alert may be self-certifying such that its authenticity may be independently verified by a computing system.

Abstract: The majority of such software attacks exploit software vulnerabilities or flaws to write data to unintended locations. For example, control-data attacks exploit buffer overflows or other vulnerabilities to overwrite a return address in the stack, a function pointer, or some other piece of control data. Non-control-data attacks exploit similar vulnerabilities to overwrite security critical data without subverting the intended control flow in the program. We describe a method for securing software against both control-data and non-control-data attacks. A static analysis is carried out to determine data flow information for a software program. Data-flow tracking instructions are formed in order to track data flow during execution or emulation of that software. Also, checking instructions are formed to check the tracked data flow against the static analysis results and thereby identify potential attacks or errors. Optional optimisations are described to reduce the resulting additional overheads.

Abstract: One aspect of the invention is a vulnerability detection mechanism that can detect a large class of attacks through dynamic dataflow analysis. Another aspect of the invention includes self-certifying alerts as the basis for safely sharing knowledge about worms. Another aspect of the invention is a resilient and self-organizing protocol to propagate alerts to all non-infected nodes in a timely fashion, even when under active attack during a worm outbreak. Another aspect of the invention is a system architecture that enables a large number of mutually untrusting computers to collaborate in the task of stopping a previously unknown worm, even when the worm is spreading rapidly and exploiting unknown vulnerabilities in popular software packages.

Abstract: Methods of detecting memory errors using write integrity testing are described. In an embodiment, additional analysis is performed when a program is compiled. This analysis identifies a set of objects which can be written by each instruction in the program. Additional code is then inserted into the program so that, at runtime, the program checks before performing a write instruction that the particular object being written is one of the set of objects that it is allowed to write. The inserted code causes an exception to be raised if this check fails and allows the write to proceed if the check is successful. In a further embodiment, code may also be inserted to perform checks before indirect control-flow transfer instructions, to ensure that those instructions cannot transfer control to locations different from those intended.

Abstract: The invention provides methods of encoding content for distribution over a network and methods for decoding encoded content which has been distributed over the network. In a first example in which the content is divided into a plurality of segments and each segment comprising a plurality of blocks of data, the method comprises selecting a segment from the plurality of segments and selecting at least two blocks of the selected segment from a store of blocks. A new encoded block is created from a linear combination of the selected blocks.

Abstract: Methods and apparatus for generating error reports with enhanced privacy are described. In an embodiment the error is triggered by an input to a software program. An error report is generated by identifying conditions on an input to the program which ensure that, for any input which satisfies the conditions, the software program will follow the same execution path such that the error can be reproduced. The error report may include these conditions or may include a new input generated using the conditions.

Abstract: Methods and architectures for automatic filter generation are described. In an embodiment, these filters are generated in order to block inputs which would otherwise disrupt the normal functioning of a program. An initial set of filter conditions is generated by analyzing the path of a program from a point at which a bad input is received to the point at which the malfunctioning of the program is detected and creating conditions on an input which ensure that this path is followed. Having generated the initial set of filter conditions, the set is made less specific by determining which instructions do not influence whether the point of detection of the attack is reached and removing the filter conditions which correspond to these instructions.

Abstract: The invention relates to content distribution over a network and provides methods of controlling the distribution, of receiving the content and of publishing content. The method of controlling distribution of content over a network includes receiving a content description and location information for a source of the content from a publisher, where the content description comprises authorisation details associated with the publisher.

Abstract: A wire protocol is described which implements connection management and other methods to give enhanced peer-to-peer content distribution. Connections between nodes can be placed in a “notify” state when they are idle but may soon yield useful content. This notify state is also used together with a content request/response cycle to allow a peer to evaluate content available at a neighbour. If no suitable content is available a notify state is entered. When new content is later received at the neighbour it is able to inform the requesting node to allow it to restart the content request/response cycle.

Abstract: A topology management process is implemented which involves removing or “tearing down” connections between nodes in certain situations in order to try to replace those connections with more optimal ones. Idle connections are torn down unless those are in a “notify” state; a notify state being one in which a request for content has been made to a neighbour but that neighbour has no available content as yet. Idle connections in a notify state are torn down only if they remain idle for a longer time than that required before an idle connection is torn down. To avoid problems caused by clusters of node forming and of loners being unable to join the cloud, network churn algorithms are taught. These involve requiring nodes to drop connections when specified conditions are met. Relative content distribution between connections is monitored and this information used to influence selection of those connections to drop.

Abstract: A system-wide selective action management facility is provided. Such a facility can support selective action management for multiple applications executing on one or more computer systems (including the operating system and its components, such as a file system). A system-wide action management facility can log actions performed on the computer system(s) and record relationships between such actions (e.g., between actions of different sources, including different documents, different applications and even different computer systems). When a user discovers a mistake, the tool allows the user to select one or more past actions (i.e., the “mistake”) for removal or replacement with one or more correction actions. The tool can also re-execute dependent actions to restore the relevant state of the system at the time of the designation, absent the “mistake”. As such, actions throughout the system can be selectively undone, fixed and/or redone in an exemplary system-wide selective action management tool.

Abstract: A containment system may include generating and/or sending an alert as the basis for safely sharing knowledge about detected worms. An alert may contain information that proves that a given program has a vulnerability. The alert may be self-certifying such that its authenticity may be independently verified by a computing system.

Abstract: A method is provided for a host node in a computer network to determine its coordinates in a d-dimensional network space, comprising discovering an address of a peer node in the network, measuring network latency between the host node and the peer node, determining whether network latency has been measured for at least d+1 peer nodes, where, if network latency has not been measured for at least d+1 peer nodes, estimating the network coordinates of the host node, and where, if network latency has been measured for at least d+1 peer nodes, calculating the network coordinates of the host node using d+1 measured latencies.

Abstract: A containment system may include a protection system which may protect the computing device from future attacks. For example, a patch may be automatically generated which resolves a detected vulnerability in a program. IN another example, a filter may be automatically generated which filters actions and/or messages which take advantage of a detected vulnerability in a program.

Abstract: One aspect of the invention is a vulnerability detection mechanism that can detect a large class of attacks through dynamic dataflow analysis. Another aspect of the invention includes self-certifying alerts as the basis for safely sharing knowledge about worms. Another aspect of the invention is a resilient and self-organizing protocol to propagate alerts to all non-infected nodes in a timely fashion, even when under active attack during a worm outbreak. Another aspect of the invention is a system architecture that enables a large number of mutually untrusting computers to collaborate in the task of stopping a previously unknown worm, even when the worm is spreading rapidly and exploiting unknown vulnerabilities in popular software packages.

Abstract: A system-wide selective action management facility is provided. Such a facility can support selective action management for multiple applications executing on one or more computer systems (including the operating system and its components, such as a file system). A system-wide action management facility can log actions performed on the computer system(s) and record relationships between such actions (e.g., between actions of different sources, including different documents, different applications and even different computer systems). When a user discovers a mistake, the tool allows the user to select one or more past actions (i.e., the “mistake”) for removal or replacement with one or more correction actions. The tool can also re-execute dependent actions to restore the relevant state of the system at the time of the designation, absent the “mistake”.