-
公开(公告)号:EP3531332A1
公开(公告)日:2019-08-28
申请号:EP19169431.4
申请日:2014-12-30
申请人: Nicira Inc.
发明人: THOTA, Kiran, Kumar , FEROZ, Azeem , WIESE, James
摘要: A method for encrypting messages sent by guest virtual machines (GVMs) on a host. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. If yes, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host. When two different GVMs are part of two different logical overlay networks that are implemented on common network fabric, the method in some embodiments encrypts the data messages exchanged between the GVMs of one logical network differently than the data messages exchanged between the GVMs of another logical network. In some embodiments, the method can also encrypt different types of data messages from the same GVM differently. Also, in some embodiments, the method can dynamically enforce encryption rules in response to dynamically detected events, such as malware infections.
-
-
3.发明公开A FRAMEWORK FOR COORDINATION BETWEEN ENDPOINT SECURITY AND NETWORK SECURITY SERVICES 审中-公开新框架端点之间的安全和网络安全服务协调
公开(公告)号:EP2984600A1
公开(公告)日:2016-02-17
申请号:EP14725858.6
申请日:2014-04-11
申请人: Nicira Inc.
CPC分类号: H04L63/20 , G06F21/53 , G06F21/554 , G06F21/56 , G06F21/568
摘要: Systems and techniques are described for virtual machine security. A described technique includes operating one or more virtual machines each in accordance with a respective security container, wherein the respective security container is associated with a respective rule that specifies transfer of the virtual machine from the respective security container to a quarantine container based on one or more criteria. One or more security services are operated on the one or more virtual machines to identify one or more security threats associated with one or more of the virtual machines. One or more tags generated by the endpoint security services are obtained, where each tag is for a virtual machine that is associated with one of the identified security threats. And one of the virtual machines is identified as requiring transfer to the quarantine container based on, at least, one or more of the Obtained tags and the one or more criteria.
-
公开(公告)号:EP3567504A1
公开(公告)日:2019-11-13
申请号:EP19184011.5
申请日:2014-04-11
申请人: Nicira Inc.
摘要: Systems and techniques are described for virtual machine security. A described technique includes operating one or more virtual machines each in accordance with a respective security container, wherein the respective security container is associated with a respective rule that specifies transfer of the virtual machine from the respective security container to another security container based on one or more criteria. One or more security services are operated on the one or more virtual machines to identify one or more security threats associated with one or more of the virtual machines. One of the virtual machines is identified as requiring transfer to the another security container based on, at least, one or more of the security threats and one or more criteria.
-
-
公开(公告)号:EP3161718A1
公开(公告)日:2017-05-03
申请号:EP14896895.1
申请日:2014-12-30
申请人: Nicira Inc.
CPC分类号: G06F21/602 , G06F9/45558 , G06F9/542 , G06F21/56 , G06F21/568 , G06F21/6236 , G06F2009/45587 , G06F2221/034 , G09C1/00 , H04L9/14 , H04L63/0428 , H04L63/123 , H04L63/1408 , H04L63/1441 , H04L2209/24
摘要: For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host. When two different GVMs are part of two different logical overlay networks that are implemented on common network fabric, the method in some embodiments encrypts the data messages exchanged between the GVMs of one logical network differently than the data messages exchanged between the GVMs of another logical network. In some embodiments, the method can also encrypt different types of data messages from the same GVM differently. Also, in some embodiments, the method can dynamically enforce encryption rules in response to dynamically detected events, such as malware infections.
摘要翻译: 对于执行一个或多个访客虚拟机(GVM)的主机,一些实施例提供了用于加密由GVM发送的数据消息的新型加密方法。 该方法最初接收要发送给在主机上执行的GVM的数据消息。 然后该方法基于一组一个或多个加密规则确定它是否应该加密数据消息。 当进程确定它应该加密接收到的数据消息时,它加密数据消息并将加密的数据消息转发到其目的地; 否则,该方法只是将未加密的接收到的数据消息转发到其目的地。 在一些实施例中,主机不同地加密在主机上执行的不同GVM的数据消息。 当两个不同的GVM是在公共网络结构上实现的两个不同逻辑覆盖网络的一部分时,该方法在一个实施例中加密在一个逻辑网络的GVM之间交换的数据消息,而不是在另一个逻辑网络的GVM之间交换的数据消息 。 在一些实施例中,该方法还可以不同地加密来自相同GVM的不同类型的数据消息。 而且,在一些实施例中,该方法可以响应于动态检测到的事件(诸如恶意软件感染)而动态地实施加密规则。
-
-
-
-
-
搜索结果
6 条记录 (耗时 0.013 秒)
