Abstract: A method for preventing a side channel attack by executing an enclave on a remote computing device. The method comprises configuring the enclave based on configuration parameters defined by a computing device. A page created in first enclave cache memory in the remote computing device and adding virtual page address information and page security attributes corresponding to the page in a second enclave cache memory, and an encrypted log entry is created in a protected memory of the remote computing device. The enclave is initiated by comparing the log entry and a second hash key generated by the remote computing device. A new page of pre-defined size is dynamically added to the first enclave cache memory after initiation of the enclave. The enclave is executed based on a successful validation of a size of the page created in first enclave cache memory to be equal to the pre-defined page size.

Abstract: In a cloud app market, a cloud infrastructure customer can purchase apps for performing services such as rootkit detection and network security for a customer virtual machine run by the cloud infrastructure customer. A cloud infrastructure provider executes a provider virtual machine monitor or hypervisor on cloud infrastructure. The cloud app is provided with a customer virtual machine monitor nested on the provider virtual machine monitor. The customer virtual machine, together with a nested management domain of the customer, execute on the customer virtual machine monitor.

Abstract: In a cloud app market, a cloud infrastructure customer can purchase apps for performing services such as rootkit detection and network security for a customer virtual machine run by the cloud infrastructure customer. A cloud infrastructure provider executes a provider virtual machine monitor or hypervisor on cloud infrastructure. The cloud app is provided with a customer virtual machine monitor nested on the provider virtual machine monitor. The customer virtual machine, together with a nested management domain of the customer, execute on the customer virtual machine monitor.

Abstract: In a cloud app market, a cloud infrastructure customer can purchase apps for performing services such as rootkit detection and network security for a customer virtual machine run by the cloud infrastructure customer. A cloud infrastructure provider executes a provider virtual machine monitor or hypervisor on cloud infrastructure. The cloud app is provided with a customer virtual machine monitor nested on the provider virtual machine monitor. The customer virtual machine, together with a nested management domain of the customer, execute on the customer virtual machine monitor.

Abstract: In a cloud app market, a cloud infrastructure customer can purchase apps for performing services such as rootkit detection and network security for a customer virtual machine run by the cloud infrastructure customer. A cloud infrastructure provider executes a provider virtual machine monitor or hypervisor on cloud infrastructure. The cloud app is provided with a customer virtual machine monitor nested on the provider virtual machine monitor. The customer virtual machine, together with a nested management domain of the customer, execute on the customer virtual machine monitor.

Abstract: The subject disclosure presents a novel technique for balancing the tradeoff between security monitoring and energy consumption on mobile devices. Security/energy tradeoffs for host-based detectors focusing on rootkits are analyzed along two axes: a scanning frequency, and a surface of attack. Experimental results are applied to a hypervisor-based framework, and a sweet spot is identified to minimize both energy consumption and a window of vulnerability for critical operating system objects such as code pages and kernel data.

Abstract: The subject disclosure presents a novel technique for balancing the tradeoff between security monitoring and energy consumption on mobile devices. Security/energy tradeoffs for host-based detectors focusing on rootkits are analyzed along two axes: a scanning frequency, and a surface of attack. Experimental results are applied to a hypervisor-based framework, and a sweet spot is identified to minimize both energy consumption and a window of vulnerability for critical operating system objects such as code pages and kernel data.

Abstract: A dynamic analysis tool uses anomaly detection to find heap-based bugs. In spite of the evolving nature of the heap, programs generally exhibit several of properties of their heap usage that remain stable. Periodically, during the execution of the program, the analysis tool computes a suite of metrics which are sensitive to the state of the heap. These metrics track heap behavior, and the stability of the heap reflects quantitatively in the values of these metrics. The ranges of stable metrics, obtained by running a program on a multiple input training set, are then treated as indicators of correct behavior, and are used in conjunction with an anomaly detector to find heap-based bugs.

Abstract: An automatic system for spyware detection and signature generation compares packets of output from a computer in response to standard user inputs, to packets of a standard output set derived from a known clean machine. Differences between these two packet sets are analyzed with respect to whether they relate to unknown web servers and whether they incorporate user-derived information. This analysis is used to provide an automatic detection of and signature generation for spyware infecting the machine.

Abstract: A dynamic analysis tool uses anomaly detection to find heap-based bugs. In spite of the evolving nature of the heap, programs generally exhibit several of properties of their heap usage that remain stable. Periodically, during the execution of the program, the analysis tool computes a suite of metrics which are sensitive to the state of the heap. These metrics track heap behavior, and the stability of the heap reflects quantitatively in the values of these metrics. The ranges of stable metrics, obtained by running a program on a multiple input training set, are then treated as indicators of correct behavior, and are used in conjunction with an anomaly detector to find heap-based bugs.