公开(公告)号：US09124653B2

公开(公告)日：2015-09-01

申请号：US10934873

申请日：2004-09-03

申请人： Ophir Rachman ,  Gabriel Malka ,  Uri Raz

发明人： Ophir Rachman ,  Gabriel Malka ,  Uri Raz

IPC分类号： G06F15/16 ,  H04L29/08

CPC分类号： H04L67/34

摘要： A client on a network includes a file system that includes various non-streamable software applications. A streaming support system in the client enables a streamable software application to be located in the file system and executed in a streaming mode without being isolated from the non-streamable software applications in the file system. Non-streamable software applications can invoke the streamable software application, and vice versa. Multiple streamable software applications can be concurrently located throughout the file system and can be executed in the client in the streaming mode without restriction to any particular portion of the main file system. Streamable applications can be located anywhere in the file system that the corresponding non-streamable versions of the applications would be able to be located. The main file system does not need to contain complete copies of the required files for any streamable applications.

摘要翻译： 网络上的客户端包括包含各种不可流软件应用的文件系统。 客户端中的流式传输支持系统使流可用软件应用程序位于文件系统中，并以流式传输方式执行，而不会与文件系统中的不可流式软件应用程序隔离。 不可流动的软件应用程序可以调用可流式软件应用程序，反之亦然。 多个可流式软件应用程序可以同时位于整个文件系统中，并且可以在流模式下在客户端中执行，而不受主文件系统的任何特定部分的限制。 可流式应用程序可以位于文件系统的任何位置，相应的可流式传输版本的应用程序将能够位于。 主文件系统不需要包含任何可流式应用程序所需文件的完整副本。

公开(公告)号：US20110082962A1

公开(公告)日：2011-04-07

申请号：US12572158

申请日：2009-10-01

申请人： Oded HOROVITZ ,  Ophir RACHMAN ,  Wei XU ,  Adrian DRZEWIECKI ,  Xiaoxin CHEN

发明人： Oded HOROVITZ ,  Ophir RACHMAN ,  Wei XU ,  Adrian DRZEWIECKI ,  Xiaoxin CHEN

IPC分类号： G06F12/00 ,  G06F9/455 ,  G06F12/16

CPC分类号： G06F11/301 ,  G06F11/3089 ,  G06F12/10 ,  G06F21/53 ,  G06F21/566 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2221/2101

摘要： A method for monitoring a data structure maintained by guest software within a virtual machine is disclosed. Changes to the contents of the data structure are determined, such as by placing write traces on the memory pages containing the data structure. Also, the method involves determining when memory pages containing the data structure are swapped into and/or out of guest physical memory by the guest software, such as by placing write traces on the memory pages containing the guest page table and detecting changes to the present bit of page table entries involved in mapping virtual addresses for the data structure. Information about the contents of the data structure is retained while memory pages containing the data structure are swapped out of guest physical memory.

摘要翻译： 公开了一种用于监视由虚拟机内的客户软件维护的数据结构的方法。 确定对数据结构内容的更改，例如通过在包含数据结构的内存页上放置写入轨迹。 此外，该方法包括确定包含数据结构的存储器页面何时由客户软件交换到和/或离开客户机物理存储器，例如通过在包含访客页面表的存储器页面上放置写入跟踪并检测对当前的变化 参与映射数据结构的虚拟地址的页表项的位。 关于数据结构的内容的信息被保留，而包含数据结构的存储器页面被从客体物理存储器换出。

公开(公告)号：US06412071B1

公开(公告)日：2002-06-25

申请号：US09561011

申请日：2000-04-28

申请人： Yona Hollander ,  Ophir Rachman ,  Oded Horovitz

发明人： Yona Hollander ,  Ophir Rachman ,  Oded Horovitz

IPC分类号： G06F1130

CPC分类号： G06F21/52 ,  G06F9/4484 ,  G06F12/1441 ,  G06F2209/542

摘要： A method for detecting and preventing unauthorized or illegal attempts to gain enhanced privileges within a computing environment by exploiting the buffer overflow-related weakness of the computer system.

摘要翻译： 一种用于通过利用计算机系统的缓冲器溢出相关弱点来检测和防止未经授权或非法尝试在计算环境内获得增强特权的方法。

公开(公告)号：US08271450B2

公开(公告)日：2012-09-18

申请号：US12572158

申请日：2009-10-01

申请人： Oded Horovitz ,  Ophir Rachman ,  Wei Xu ,  Adrian Drzewiecki ,  Xiaoxin Chen

发明人： Oded Horovitz ,  Ophir Rachman ,  Wei Xu ,  Adrian Drzewiecki ,  Xiaoxin Chen

IPC分类号： G06F7/00 ,  G06F17/00

CPC分类号： G06F11/301 ,  G06F11/3089 ,  G06F12/10 ,  G06F21/53 ,  G06F21/566 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2221/2101

摘要： A method for monitoring a data structure maintained by guest software within a virtual machine is disclosed. Changes to the contents of the data structure are determined, such as by placing write traces on the memory pages containing the data structure. Also, the method involves determining when memory pages containing the data structure are swapped into and/or out of guest physical memory by the guest software, such as by placing write traces on the memory pages containing the guest page table and detecting changes to the present bit of page table entries involved in mapping virtual addresses for the data structure. Information about the contents of the data structure is retained while memory pages containing the data structure are swapped out of guest physical memory.

摘要翻译： 公开了一种用于监视由虚拟机内的客户软件维护的数据结构的方法。 确定对数据结构内容的更改，例如通过在包含数据结构的内存页上放置写入轨迹。 此外，该方法包括确定包含数据结构的存储器页面何时由客户软件交换到和/或离开客户机物理存储器，例如通过在包含访客页面表的存储器页面上放置写入跟踪并检测对当前的变化 参与映射数据结构的虚拟地址的页表项的位。 关于数据结构的内容的信息被保留，而包含数据结构的存储器页面被从客体物理存储器换出。

公开(公告)号：US20060074621A1

公开(公告)日：2006-04-06

申请号：US10931297

申请日：2004-08-31

申请人： Ophir Rachman

发明人： Ophir Rachman

IPC分类号： G06F9/45

CPC分类号： G06Q90/00

摘要： An apparatus and method for the grouping and prioritization of data events using behavioral modeling. The number of events to be analyzed is reduced by generating a behavioral model comprising modeling events groups, by grouping similar events into event groups, by calculating and assigning priority indicators based on the characteristics of the event groups and the behavioral model.

摘要翻译： 一种使用行为建模对数据事件进行分组和优先排序的装置和方法。 通过基于事件组和行为模型的特征计算和分配优先级指标，通过生成包括建模事件组的行为模型来减少要分析的事件的数量，通过将类似的事件分组到事件组中。

公开(公告)号：US07735057B2

公开(公告)日：2010-06-08

申请号：US10646416

申请日：2003-08-21

申请人： Ophir Rachman ,  Uri Raz ,  Danny Holzman ,  Ryan M. McCarten ,  Gilad A. Ben Zeev ,  Yaron Halperin ,  Gabriel Malka

发明人： Ophir Rachman ,  Uri Raz ,  Danny Holzman ,  Ryan M. McCarten ,  Gilad A. Ben Zeev ,  Yaron Halperin ,  Gabriel Malka

IPC分类号： G06F9/44 ,  G06F9/445

CPC分类号： G06F9/44521 ,  G06F8/656 ,  G06F8/658 ,  G06F9/44505

摘要： A software application streamed from a host system to a target system comprises the installation or configuration logic for another software application. In certain embodiments, the installation logic conforms to a well-known installation standard. The described technique allows the use and/or execution of installation logic or other related objects when these objects do not exist in their entirety on the target system. The application installation that results from this process may configure the subsequent application to be delivered only in part (in streamed mode) or in its entirety.

摘要翻译： 从主机系统流向目标系统的软件应用程序包括用于另一软件应用程序的安装或配置逻辑。 在某些实施例中，安装逻辑符合公知的安装标准。 当这些对象在目标系统上不全部存在时，所描述的技术允许安装逻辑或其他相关对象的使用和/或执行。 由此过程产生的应用程序安装可以将后续应用程序配置为部分（流式传输）或全部传送。

公开(公告)号：US07213153B2

公开(公告)日：2007-05-01

申请号：US10874433

申请日：2004-06-22

申请人： Yona Hollander ,  Ophir Rachman ,  Oded Horovitz

发明人： Yona Hollander ,  Ophir Rachman ,  Oded Horovitz

IPC分类号： G06F9/44

CPC分类号： G06F21/53 ,  G06F9/4484 ,  G06F12/1441 ,  G06F2209/542

摘要： A method of intercepting application program interface, including dynamic installation of associated software, within the user portion of an operating system. An API interception control server in conjunction with a system call interception module loads into all active process spaces an API interception module. An initializer module within the API interception module hooks and patches all API modules in the active process address space. When called by the application programs, the API routines' flow of execution, by virtue of their patched code, is re-directed into a user-supplied code in a pre-entry routine of the API interception module. The API routine might be completely by-passed or its input parameters might be filtered and changed by the user code. During the operation, the API routine is double-patched by the API interception module to ensure that all simultaneous calls to the API routine will re-direct its flow of control into the API interception module. A user-supplied code in a post-entry module of the API interception module might filter or change the return values of the API.

摘要翻译： 在操作系统的用户部分内截取应用程序接口的方法，包括关联软件的动态安装。 API拦截控制服务器与系统调用拦截模块一起加载到所有活动进程空间中的一个API拦截模块。 API拦截模块中的初始化程序模块挂接并修补活动进程地址空间中的所有API模块。 当应用程序调用时，API程序的执行流程通过其修补的代码被重定向到API拦截模块的预入口例程中的用户提供的代码。 API例程可能被完全旁路，或者其输入参数可能被用户代码过滤和更改。 在操作期间，API例程由API拦截模块进行双重打补丁，以确保所有对API例程的同时调用都将其控制流重新引导到API拦截模块中。 API拦截模块的后进入模块中的用户提供的代码可能会过滤或更改API的返回值。

公开(公告)号：US20060053228A1

公开(公告)日：2006-03-09

申请号：US10934873

申请日：2004-09-03

申请人： Ophir Rachman ,  Gabriel Malka ,  Uri Raz

发明人： Ophir Rachman ,  Gabriel Malka ,  Uri Raz

IPC分类号： G06F15/16

CPC分类号： H04L67/34

摘要： A client on a network includes a file system that includes various non-streamable software applications. A streaming support system in the client enables a streamable software application to be located in the file system and executed in a streaming mode without being isolated from the non-streamable software applications in the file system. Non-streamable software applications can invoke the streamable software application, and vice versa. Multiple streamable software applications can be concurrently located throughout the file system and can be executed in the client in the streaming mode without restriction to any particular portion of the main file system. Streamable applications can be located anywhere in the file system that the corresponding non-streamable versions of the applications would be able to be located. The main file system does not need to contain complete copies of the required files for any streamable applications.

公开(公告)号：US06823460B1

公开(公告)日：2004-11-23

申请号：US09561395

申请日：2000-04-28

申请人： Yona Hollander ,  Ophir Rachman ,  Oded Horovitz

发明人： Yona Hollander ,  Ophir Rachman ,  Oded Horovitz

IPC分类号： G06F1130

CPC分类号： G06F21/53 ,  G06F9/4484 ,  G06F12/1441 ,  G06F2209/542

摘要： A method of intercepting application program interface, including dynamic installation of associated software, within the user portion of an operating system. An API interception control server in conjunction with a system call interception module loads into all active process spaces an API interception module. An initializer module within the API interception module hooks and patches all API modules in the active process address space. When called by the application programs, the API routines' flow of execution, by virtue of their patched code, is re-directed into a user-supplied code in a pre-entry routine of the API interception module. The API routine might be completely by-passed or its input parameters might be filtered and changed by the user code. During the operation, the API routine is double-patched by the API interception module to ensure that all simultaneous calls to the API routine will re-direct its flow of control into the API interception module. A user-supplied code in a post-entry module of the API interception module might filter or change the return values of the API.

摘要翻译： 在操作系统的用户部分内截取应用程序接口的方法，包括关联软件的动态安装。 API拦截控制服务器与系统调用拦截模块一起加载到所有活动进程空间中的一个API拦截模块。 API拦截模块中的初始化程序模块挂接并修补活动进程地址空间中的所有API模块。 当应用程序调用时，API程序的执行流程通过其修补的代码被重定向到API拦截模块的预入口例程中的用户提供的代码。 API例程可能被完全旁路，或者其输入参数可能被用户代码过滤和更改。 在操作期间，API例程由API拦截模块进行双重打补丁，以确保所有对API例程的同时调用都将其控制流重新引导到API拦截模块中。 API拦截模块的后进入模块中的用户提供的代码可能会过滤或更改API的返回值。