AsiaIPEX is a one-stop-shop for players in the IP industry, facilitating IP trade and connection to the IP world. Whether you are a patent owner interested in selling your IP, or a manufacturer looking to buy technologies to upgrade your operation, you will find the portal a useful resource.
Back to search results

Software attack protection and recovery via transactional application self-healing

Summary
Lead Inventors: Angelos D. Keromytis, Ph.D.; Michael E. LocastoProblem or Unmet Need:Although computer defense systems for detecting attacks on software applications exist, they are currently unable to take any remedial action once an executing application's state is modified by an attack. In order to prevent exploitation of an attacked application, most defense systems terminate execution of the attacked application process. This mechanism reduces the availability of the application and risks losing ongoing work performed by the software at the time of the attack. Introducing self-healing mechanisms to software that would enable applications to safely continue execution after an attack could limit the extent to which attackers can interrupt normal application use without compromising system security. Details of the Invention:The technology is a method for preventing a software application from crashing due to an external attack or internal fault. The technology supervises an executing application to detect attacks or faults and applies integrity repair policies via dynamic rewriting of the application's executing routines to enable the application to continue normal execution after an attack or fault.
Technology Benefits
• The technology does not require that an application's source code be modified in order to be protected. It therefore can be used with commercial or proprietary applications for which the source code is not readily available. Software vendors also do not need to modify their products in order to take advantage of the technology.• Unlike systems that can only detect and prevent attacks against software, the technology also provides self-healing features that can prevent software from crashing or being terminated in response to an attack; software protected by the technology therefore does not need to be restarted after an attack.• In order to reduce the performance penalty of supervised execution, the technology can be configured to selectively supervise specified portions of an application.
Technology Application
• The technology can reduce the likelihood of software crashes in high-availability and mission-critical scenarios.
Detailed Technology Description
The technology is a method for preventing a software application from crashing due to an external attack or internal fault. The technology supervises an executing application to detect attacks or faults and applies integrity repair policies via dynam...
*Abstract
None
*Inquiry
Calvin ChuColumbia Technology VenturesTel: (212) 854-8444Email: TechTransfer@columbia.edu
*IR
M07-035
*Principal Investigator
*Publications
From STEM to SEAD: Speculative Execution for Automated Defence, M.E. Locasto, A. Stavrou, G.F. Cretu, A.D. Keromytis, Proc. of USENIX ATC 2007, Jun. 2007, Santa Clara, CA, pp. 219-232.
*Web Links
WIPO: WO 2008/092162Patent Issued: 7,962,798
Country/Region
USA

For more information, please click Here
Mobile Device