Abstract: A method and system for renewing software at the component-level is provided. A client program includes a base component for loading a software component into at least one loadable region of the program to update the program. Code in the software component is for writing state data associating the state of the update in storage, upon execution of the software component, and testing the state data to verify condition of the updated program and disallowing rollback and roll-forward attacks, the state data comprising hash chain values. The state data for verifying the correctness of the updated program is entangled with application data used for the program functionality. A server includes: an update pool having a plurality of software updates deployed in each client, and a policy control for monitoring and controlling at least one of: the length of time the client runs until the software update is invoked, a chain of the updates; and the granularity of the update.

Abstract: Systems and techniques for securing accessible computer-executable program code and systems are provided. One or more base functions may be generated and blended with existing program code, such that it may be difficult or impossible for a potential attacker to distinguish the base functions from the existing code. The systems and code also may be protected using a variety of other blending and protection techniques, such as fractures, variable dependent coding, dynamic data mangling, and cross-linking, which may be used individually or in combination, and/or may be blended with the base functions.

Abstract: Methods and devices for thwarting code and control flow based attacks on software. The source code of a subject piece of software is automatically divided into basic blocks of logic. Selected basic blocks are amended so that their outputs are extended. Similarly, other basic blocks are amended such that their inputs are correspondingly extended. The amendments increase or create dependencies between basic blocks such that tampering with one basic block's code causes other basic blocks to malfunction when executed.

Abstract: A tissue biopsy device comprising an inner needle loaded by a first spring and held in place by a first trigger; an outer needle loaded by a second spring and held in place by a second trigger; an outer housing that surrounds the first and the second needles; and a handle attached thereto.

Abstract: Systems and techniques for securing accessible computer-executable program code and systems are provided. One or more base functions may be generated and blended with existing program code, such that it may be difficult or impossible for a potential attacker to distinguish the base functions from the existing code. The systems and code also may be protected using a variety of other blending and protection techniques, such as fractures, variable dependent coding, dynamic data mangling, and cross-linking, which may be used individually or in combination, and/or may be blended with the base functions.

Abstract: Systems and techniques for securing accessible computer-executable program code and systems are provided. One or more base functions may be generated and blended with existing program code, such that it may be difficult or impossible for a potential attacker to distinguish the base functions from the existing code. The systems and code also may be protected using a variety of other blending and protection techniques, such as fractures, variable dependent coding, dynamic data mangling, and cross-linking, which may be used individually or in combination, and/or may be blended with the base functions.

Abstract: A fast closing mechanism includes a rotation shaft and an ejector pin. The ejector pin is rotatably assembled to the side plate by the rotation shaft. The ejector pin strides over the side plate. The ejector pin includes a first portion and a second portion. The first portion is connected to a handle via a rod, and the second portion is located above a press plate. The fast closing mechanism may have an additional ejector pin based on current structures, the press plate may press against a moving contact at an initial stage of a closing process, so that the moving contact will not move during the initial stage of the closing process. The mechanical energy generated during the closing process is stored in an energy storage spring. At a later stage of the closing process, the ejector pin releases the press plate to accomplish closing quickly.

Abstract: Methods and devices for thwarting code and control flow based attacks on software. The source code of a subject piece of software is automatically divided into basic blocks of logic. Selected basic blocks are amended so that their outputs are extended. Similarly, other basic blocks are amended such that their inputs are correspondingly extended. The amendments increase or create dependencies between basic blocks such that tampering with one basic block's code causes other basic blocks to malfunction when executed.

Abstract: A method to secure a non-native application. The non-native application is processed to obtain an application stub to be triggered within a virtual machine. The processing of the non-native application also provide a native code function upon which the application stub depends. The non-native function is part of a trusted module that extends security services from the trusted module to the virtual machine. The trusted module is a native code application that creates a trusted zone as a root of trustiness extending to the virtual machine by an execution-enabling mechanism between the application tab and the non-native function.

Abstract: A method and system is provided to automatically propagate dependencies from one part of a software application to another previously unrelated part. Propagation of essential code functionality and data to other parts of the program serves to augment common arithmetic functions with Mixed Boolean Arithmetic (MBA) formulae that are bound to pre-existing parts of the program. A software application is first analyzed on a compiler level to determine the program properties which hold in the program. Thereafter, conditions are constructed based on these properties and encoded in formulae that encode the condition in data and operations. Real dependencies throughout the application are therefore created such that if a dependency is broken the program will no longer function correctly.

Abstract: A storage system is dynamically reconfigured. The storage system includes storage pools that each include one or more storage disks. Storage pools to be expanded are determined as target storage pools. For the target storage pools, source storage disks to be moved into the target storage pools are determined from other storage pools than the target storage pools in the storage system. The source storage disks are migrated to the respective target storage pools.

Abstract: Attacks by computer viruses, worm programs, and other hostile software (‘malware’), have become very serious problems for computer systems connected to large communication networks such as the Internet. One potential defense against such attacks is to employ diversity—that is, making each copy of the attacked software different. However, existing diversity techniques do not offer sufficient levels of protection. The invention provides an effective diversity solution by applying tamper resistant software (TRS) encoding techniques, to the communications that take place between software components, with corresponding changes to the code handling those communications. These communications may include, for example, data passed between software routines via parameters or mutually accessible variables, light-weight messages, signals and semaphores passed between threads, and messages passed between software processes. Effective TRS encoding techniques include data-flow encoding and mass-data encoding techniques.

Abstract: Systems and methods for unattended authentication of software applications to provide these applications with access to shared resources. A server password manager (SPM) module resident on a node also occupied by a requester software application requesting access to resources receives the requestor's request. The SPM module creates a request package containing the requestor's information as well as the node's identifying information. The request package is then transmitted to a credentials manager (CM) module in a CM node. The request package, encrypted by the SPM module with encryption keys previously generated by the CM module, is decrypted by the CM module. The contents are checked against data stored by the CM module regarding the SPM module and the requestor application when these were registered with the CM. If the data matches, then the CM provides credentials which are used to give the requestor application access to the requested resources.

Abstract: A method and system that provides secure modules that can address Java platform weaknesses and protect Java bytecode during execution time. The secure modules are implemented in C/C++ as an example. Because implementation of the security modules is made in C/C++, this enables use of security technology that secures C/C++ software code.

Abstract: A system and method for transforming a software application comprising binary code and optionally associated data, from an original form to a more secure form. The method includes performing a combination of binary transmutations to the application, and interlocking the transmutations by generating and placing interdependencies between the transmutations, wherein a transmutation is an irreversible change to the application. Different types of the transmutations are applied at varied granularities of the application. The transmutations are applied to the application code and the implanted code as well. The result is a transformed software application which is semantically equivalent to the original software application but is resistant to static and/or dynamic attacks.

Abstract: A method for rendering software resistant to reverse engineering. Replace at least one first constant (mathematical expression, etc.) in a computational expression with a second mixed mathematical and bitwise-Boolean expression, the first constant being simpler than the second expression and the second expression being based on the value or the variables found in the first constant (or expression).

Abstract: A method, migration manager, and system of storage system migration. The method includes creating a first zone including a host system in a first SAN-based storage system and an in-band SAN virtualization storage node. The method creates a second zone including a backend storage system in the first SAN-based storage system and the in-band SAN virtualization storage node. A storage unit exported by the backend storage system is mapped to a virtual storage unit created on the in-band SAN virtualization storage node, and a third zone including the host system and backend storage system in the first SAN-based storage system is canceled. The method is performed without disrupting an existing connection path between the host system and the backend storage system in the first SAN-based storage system. A migration manager of a migration system migrates a first SAN-based storage system into an in-band SAN virtualization storage system.

Abstract: An assembly auxiliary jig facilitates assembly of an electronic device having a casing, a first fitting, a second fitting, and a wire. The assembly auxiliary jig includes: a base having therein a receiving space for positioning and receiving the casing and an accessing recess configured to communicate with the receiving space and facilitate access to the casing; a first platform disposed at the base and having a positioning groove in communication with the receiving space to thereby receive the first fitting; a first lid hinged to the first platform and configured to close the positioning groove; a second platform disposed at the base and defined with a positioning recess in communication with the receiving space to receive the second fitting; and a second lid hinged to the second platform and configured to close the positioning recess.

Abstract: An exemplary burning system (600) for a liquid crystal display (670) includes an optic-electric transformer (610), a comparator circuit (650), and a micro-controller unit (660). The optic-electric transformer is configured for measuring optical flicker of a liquid crystal display, and transforming the measurement into a corresponding flicker signal. The comparator circuit is configured for receiving the flicker signal, comparing a voltage of the flicker signal to a reference voltage, determining whether optical flicker of the liquid crystal display is acceptable or nonexistent based on the comparison, and determining a parameter representing an optimum common voltage of the liquid crystal display when the optical flicker of the liquid crystal display is acceptable or nonexistent. The micro-controller unit is configured for burning the parameter into the liquid crystal display. A related method for burning a liquid crystal display is also provided.

Abstract: Methods and devices for thwarting code and control flow based attacks on software. The source code of a subject piece of software is automatically divided into basic blocks of logic. Selected basic blocks are amended so that their outputs are extended. Similarly, other basic blocks are amended such that their inputs are correspondingly extended. The amendments increase or create dependencies between basic blocks such that tampering with one basic block's code causes other basic blocks to malfunction when executed.