Abstract: Methods for accelerated code injection detection using operating system controlled memory attributes are performed by systems and apparatuses. The methods optimize search operations for memory segments in system and virtual memories by searching for segment attributes. A set of memory segments is determined wherein each memory segment in the set includes specific attributes. The memory segments in the set are ranked for a threat level based on segment attribute. The threat level is used to determine subsequent actions including providing indications of the memory segments in the set and initiating execution of an anti-malware application. Relevant segment attributes used for the segment search can be dynamically updated in an attribute list. Segment attributes of a segment can be determined by accessing a memory manager of an operating system via an API.

Abstract: Methods for accelerated code injection detection using operating system controlled memory attributes are performed by systems and apparatuses. The methods optimize search operations for memory segments in system and virtual memories by searching for segment attributes. A set of memory segments is determined wherein each memory segment in the set includes specific attributes. The memory segments in the set are ranked for a threat level based on segment attribute. The threat level is used to determine subsequent actions including providing indications of the memory segments in the set and initiating execution of an anti-malware application. Relevant segment attributes used for the segment search can be dynamically updated in an attribute list. Segment attributes of a segment can be determined by accessing a memory manager of an operating system via an API.

Abstract: The prevention of impersonation attacks based on hijacked common gateway interface (CGI) session IDs is disclosed. In accordance with one embodiment, a secured communication channel is formed between a server and a client using an initial transport layer security (TLS) key. Additionally, an authenticated CGI session is formed over the secured communication channel based on an initial CGI session identifier (ID). Further, the initial CGI session ID and the initial TLS key are combined into a pair. Next, incoming data that includes an incoming CGI session ID is received via a secured communication channel. An incoming TLS key of the secured communication channel that carries the incoming CGI session ID is then retrieved. Based on the retrieved incoming TLS key, the incoming data is permitted to execute on the server when the incoming TLS key matches the initial TLS key of the pair.

Abstract: The prevention of impersonation attacks based on hijacked common gateway interface (CGI) session IDs is disclosed. In accordance with one embodiment, a secured communication channel is formed between a server and a client using an initial transport layer security (TLS) key. Additionally, an authenticated CGI session is formed over the secured communication channel based on an initial CGI session identifier (ID). Further, the initial CGI session ID and the initial TLS key are combined into a pair. Next, incoming data that includes an incoming CGI session ID is received via a secured communication channel. An incoming TLS key of the secured communication channel that carries the incoming CGI session ID is then retrieved. Based on the retrieved incoming TLS key, the incoming data is permitted to execute on the server when the incoming TLS key matches the initial TLS key of the pair.

Abstract: A user object is created via an administrator interface. The user object indicates access to system resources for an individual user. The user object is provided a permission time period specifying when a user associated with the object can access the system resource with a computing device. To access the resource, the computing device would generate a request or attempt to access the system resource. In response the request or access attempt, the user object is read to determine when the user of the computing device can access the resource. The user of the computing device could be provided access to the resource during the time period and denied access to the resource outside of the time period.