Evaluating results of multiple virtual machines that use application randomization mechanism

US 10,200,401 B1
Filed: 05/25/2017
Issued: 02/05/2019
Est. Priority Date: 12/17/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

initializing, by a computing system, a plurality of virtual machines (VMs), wherein initializing the plurality of VMs comprises;

for at least one particular VM of the plurality of VMs;

generating, by the computing system, a randomized instance of an operating system for the particular VM, wherein the randomized instance of the operating system for the particular VM has a randomized Application Binary Interface (ABI), the randomized ABI being a randomized version of an ABI of the operating system; and

installing, by the computing system, the randomized instance of the operating system for the particular VM on the particular VM; and

deploying, by the computing system, the plurality of VMs;

receiving, by the computing system, a series of incoming messages from a client device;

distributing, by the computing system, a copy of each incoming message in the series of incoming messages to each VM of the plurality of VMs;

receiving, by the computing system, results generated by the plurality of VMs in response to the series of incoming messages, wherein the results generated by the VMs in response to the series of incoming messages include a first result different from a second result if code executing in one of the VMs uses the randomized version of the ABI and code executing in another one of the VMs uses a publicly available version of the ABI, the publicly available version of the ABI being different from the randomized version of the ABI;

performing, by the computing system, a comparison on the results; and

in response to the comparison revealing that two or more of the results are not the same, performing, by the computing system, a cybersecurity defense action.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An example method includes providing, by a computing system, first randomized configuration information, generating, by the computing system and based on the first randomized configuration information, a first unique instance of a software component, providing second randomized configuration information, wherein the second randomized configuration information is different from the first randomized configuration information, and generating, based on the second randomized configuration information, a second unique instance of the software component that is executable on the runtime computing system. The first and second unique instances of the software component comprise different instances of the same software component that each are configured to have uniquely different operating characteristics during execution on the runtime computing system, and the first and second unique instances of the software component are each further configured, during execution on the runtime computing system, to output false information to an external computing system.

43 Citations

View as Search Results

13 Claims

1. A method comprising:
- initializing, by a computing system, a plurality of virtual machines (VMs), wherein initializing the plurality of VMs comprises;
  
  for at least one particular VM of the plurality of VMs;
  
  generating, by the computing system, a randomized instance of an operating system for the particular VM, wherein the randomized instance of the operating system for the particular VM has a randomized Application Binary Interface (ABI), the randomized ABI being a randomized version of an ABI of the operating system; and
  
  installing, by the computing system, the randomized instance of the operating system for the particular VM on the particular VM; and
  
  deploying, by the computing system, the plurality of VMs;
  
  receiving, by the computing system, a series of incoming messages from a client device;
  
  distributing, by the computing system, a copy of each incoming message in the series of incoming messages to each VM of the plurality of VMs;
  
  receiving, by the computing system, results generated by the plurality of VMs in response to the series of incoming messages, wherein the results generated by the VMs in response to the series of incoming messages include a first result different from a second result if code executing in one of the VMs uses the randomized version of the ABI and code executing in another one of the VMs uses a publicly available version of the ABI, the publicly available version of the ABI being different from the randomized version of the ABI;
  
  performing, by the computing system, a comparison on the results; and
  
  in response to the comparison revealing that two or more of the results are not the same, performing, by the computing system, a cybersecurity defense action.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein receiving the results comprises receiving, by the computing system, response messages generated by the plurality of VMs for transmission to the client device.
  - 3. The method of claim 1, wherein receiving the results comprises receiving, by the computing system, error reports from the plurality of VMs.
  - 4. The method of claim 1, wherein receiving the results comprises receiving, by the computing system, receiving VM configuration data.
  - 5. The method of claim 1, wherein the particular VM is a first VM, and wherein an ABI of an operating system of a second VM of the plurality of VMs is the same as the publicly available ABI of the operating system of the second VM.
  - 6. The method of claim 1, wherein the particular VM is a first VM, wherein the randomized ABI of the randomized instance of the operating system for the first VM is a first randomized ABI, and wherein initializing the plurality of VMs comprises:
    - generating, by the computing system, a randomized instance of the operating system for a second VM of the plurality of VMs, wherein the randomized instance of the operating system for the second VM has a second randomized ABI; and
      
      installing, by the computing system, the randomized instance of the operating system for the second VM,wherein the first randomized ABI is different from the second randomized ABI, and neither the first randomized ABI nor the second randomized ABI are the same as the publicly available ABI of the operating system.

7. A computing system comprising:
- a development computing system comprising a first set of one or more processors;
  
  a runtime computing system comprising a second set of one or more processors;
  
  a distributor comprising a third set of one or more processors; and
  
  a result evaluator comprising a fourth set of one or more processors,wherein the development computing system is configured to;
  
  initialize a plurality of virtual machines (VMs), wherein the development computing system is configured such that, as part of initializing the plurality of VMs, the development computing system;
  
  for at least one particular VM of the plurality of VMs;
  
  generates a randomized instance of an operating system for the particular VM, wherein the randomized instance of the operating system for the particular VM has a randomized Application Binary Interface (ABI), the randomized ABI being a randomized version of an ABI of the operating system; and
  
  installs the randomized instance of the operating system for the particular VM on the particular VM; and
  
  deploy the plurality of VMs on the runtime computing system,wherein the distributor is configured to;
  
  receive a series of incoming messages from a client device; and
  
  distribute a copy of each incoming message in the series of incoming messages to each VM of the plurality of VMs, andwherein the result evaluator is configured to;
  
  receive results generated by the plurality of VMs in response to the series of incoming messages, wherein the results generated by the VMs in response to the series of incoming messages include a first result different from a second result if code executing in one of the VMs uses the randomized version of the ABI and code executing in another one of the VMs uses a publicly available version of the ABI, the publicly available version of the ABI being different from the randomized version of the ABI;
  
  perform a comparison on the results; and
  
  in response to the comparison revealing that two or more of the results are not the same, perform a cybersecurity defense action.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computing system of claim 7, wherein the results comprise response messages generated by the plurality of VMs for transmission to the client device.
  - 9. The computing system of claim 7, wherein the results comprise error reports from the plurality of VMs.
  - 10. The computing system of claim 7, wherein the results comprise VM configuration data.
  - 11. The computing system of claim 7, wherein the particular VM is a first VM and an ABI of an operating system of a second VM of the plurality of VMs is the same as the publicly available ABI of the operating system of the second VM.
  - 12. The computing system of claim 7, wherein the particular VM is a first VM, and the randomized ABI of the randomized instance of the operating system for the first VM is a first randomized ABI, and the development computing system is configured such that, as part of initializing the plurality of VMs, the development computing system:
    - generates a randomized instance of the operating system for a second VM of the plurality of VMs, wherein the randomized instance of the operating system for the second VM has a second randomized ABI; and
      
      installs the randomized instance of the operating system for the second VM on the second VM,wherein the first randomized ABI is different from the second randomized ABI, and neither the first randomized ABI nor the second randomized ABI are the same as the publicly available ABI of the operating system.

13. A non-transitory computer-readable storage medium having instructions stored thereon that, when executed, cause a computing system to:
- initialize a plurality of virtual machines (VMs), wherein as part of causing the computing system to initialize the plurality of VMs, the instructions cause the computing system to;
  
  for at least one particular VM of the plurality of VMs;
  
  generate a randomized instance of an operating system for the particular VM, wherein the randomized instance of the operating system for the particular VM has a randomized Application Binary Interface (ABI), the randomized ABI being a randomized version of an ABI of the operating system; and
  
  install the randomized instance of the operating system for the particular VM on the particular VM; and
  
  deploy the plurality of VMs;
  
  receive a series of incoming messages from a client device;
  
  distribute a copy of each incoming message in the series of incoming messages to each VM of the plurality of VMs;
  
  receive results generated by the plurality of VMs in response to the series of incoming messages, wherein the results generated by the VMs in response to the series of incoming messages include a first result different from a second result if code executing in one of the VMs uses the randomized version of the ABI and code executing in another one of the VMs uses a publicly available version of the ABI, the publicly available version of the ABI being different from the randomized version of the ABI;
  
  perform a comparison on the results; and
  
  in response to the comparison revealing that two or more of the results are not the same, perform a cybersecurity defense action.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Architecture Technology Corporation
Original Assignee
Architecture Technology Corporation
Inventors
Powers, Judson, Joyce, Robert A., McArdle, Daniel
Primary Examiner(s)
Truong, Lechi

Application Number

US15/604,957
Time in Patent Office

621 Days
Field of Search

719328
US Class Current
CPC Class Codes

G06F 11/14   Error detection or correcti...

G06F 2009/45562   Creating, deleting, cloning...

G06F 21/101   by binding digital rights t...

G06F 21/53   by executing in a restricte...

G06F 21/552   involving long-term monitor...

G06F 2221/2127   Bluffing

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/54   Interprogram communication

Evaluating results of multiple virtual machines that use application randomization mechanism

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

43 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Evaluating results of multiple virtual machines that use application randomization mechanism

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links