Anh NGUYEN-TUONG - Charlottesville VA, US Jack W. DAVIDSON - Charlottesville VA, US Michele CO - Charlottesville VA, US Jason D. HISER - Charlottesville VA, US John C. KNIGHT - Charlottesville VA, US - Charlottesville VA, US
Assignee:
UNIVERSITY OF VIRGINIA PATENT FOUNDATION - Charlottesville VA
International Classification:
H04L 29/06 G06F 17/24
Abstract:
Methods and systems are described for detecting command injection attacks. A positive, taint inference method includes receiving signature fragments on one hand, converting command injection instructions into command fragments on another hand, thus identifying potential attacks upon the condition that a command injection instruction includes critical untrusted parts by using signature fragments. A system detects command injection attacks using this kind of method, and remediates and rejects potential attacks.
Method Of Instruction Location Randomization (Ilr) And Related System
Jason D. Hiser - Charlottesville VA, US Anh Nguyen-Tuong - Charlottesville VA, US Michele Co - Charlottesville VA, US Jack W. Davidson - Charlottesville VA, US
Assignee:
University of Virginia Patent Foundation - Charlottesville VA
International Classification:
H04L 29/06
US Classification:
726 1, 726 26
Abstract:
A method and system for relocating executable instructions to arbitrary locations are disclosed. The instruction relocation may be arbitrary or random, and may operate on groups of instructions or individual instructions. Such relocation may be achieved through hardware or software, and may use a virtual machine, software dynamic translators, interpreters, or emulators. Instruction relocation may use or produce a specification governing how to relocate the desired instructions. Randomizing the location of instructions provides defenses against a variety of security attacks. The disclosed embodiments provide many advantages over other instruction relocation techniques, such as low runtime overhead, no required user interaction, applicability post-deployment, and the ability to operate on arbitrary executable programs.
University of Virginia since Nov 2010
Research Scientist
University of Virginia Jul 2007 - Nov 2010
Research Associate
University of Virginia Aug 2006 - May 2007
Lecturer
IBM Austin Research Laboratory 2002 - 2002
Intern
Education:
University of Virginia 2003 - 2006
Ph.D., Computer Science
University of Virginia 1999 - 2003
MCS, Computer Science
University of California, Berkeley 1987 - 1991
B.A., Asian Studies
Languages:
Mandarin (intermediate), French (beginner), German (beginner)