公开(公告)号：US09785771B1

公开(公告)日：2017-10-10

申请号：US14798239

申请日：2015-07-13

申请人： Bromium, Inc.

发明人： Ian Pratt

IPC分类号： G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00 ,  G06F21/55 ,  G06F13/42

CPC分类号： G06F21/554 ,  G06F13/4282 ,  G06F21/51 ,  G06F21/85 ,  G06F2221/034

摘要： Approaches for protecting a computing device against malicious code using an attack vector involving a USB device. A computing device prevents a USB device from communicating operational input to the computing device using a USB port residing on or coupled to the computing device unless consent data is stored on the computing device. Consent data is data that affirms consent provided by a user of the computing device to allow the USB device to communicate with the computing device using the USB port. Note that the lack of consent data stored on the computing device does not prohibit the USB device from identifying itself to the computing device. In this way, if the USB device comprises malicious code or has been designed in a malicious manner, the USB device will be unable to submit operational input to the computing device without the consent of the user.

公开(公告)号：US09680873B1

公开(公告)日：2017-06-13

申请号：US14320084

申请日：2014-06-30

申请人： Bromium, Inc.

发明人： David Halls ,  Gaurav Banga ,  Ian Pratt ,  Vikram Kapoor ,  Xin Li

IPC分类号： H04L29/06

CPC分类号： H04L63/20 ,  H04L63/08 ,  H04L63/0869 ,  H04W12/06

摘要： Approaches for processing network requests based upon the perceived trustworthiness of the network. A software component renders a judgment, based on a policy that weighs one or more factors, about whether a network accessible to a device should be trusted. If the software component renders a judgment that the network should be trusted, then a network resource identified on a white list of trusted resources is allowed to be retrieved within a host operating system or in a first virtual machine. Conversely, if the software component renders a judgment that the network should not be trusted, then the network resource identified on the white list of trusted resources is prevented from be retrieved within the host operating system or the first virtual machine, and may instead be retrieved within a second virtual machine, which has a more restrictive set of access privileges than the first virtual machine.

公开(公告)号：US09626204B1

公开(公告)日：2017-04-18

申请号：US14828267

申请日：2015-08-17

申请人： Bromium, Inc.

发明人： Gaurav Banga ,  Kiran Bondalapati ,  Ian Pratt ,  Vikram Kapoor

IPC分类号： G06F9/455 ,  H04L29/06 ,  G06F21/53 ,  G06F21/56 ,  G06F9/50

CPC分类号： G06F9/45533 ,  G06F9/455 ,  G06F9/45545 ,  G06F9/45558 ,  G06F9/5027 ,  G06F9/5077 ,  G06F21/00 ,  G06F21/53 ,  G06F21/56 ,  G06F21/566 ,  G06F21/577 ,  G06F2009/45562 ,  G06F2009/45587 ,  G06F2209/5018 ,  H04L63/20

摘要： Approaches for executing untrusted software on a client without compromising the client using micro-virtualization to execute untrusted software in isolated contexts. In response to receiving a request to perform an action, an isolated environment (such as but not limited to a virtual machine) is instantiated without receiving an explicit user instruction to do so. To instantiate the isolated environment, one or more templates for use in instantiating the isolated environment are identified using a policy. The one or more templates describe isolated environment characteristics for different types of activity. After the isolated environment has been instantiated using one or more identified templates, the action may be performed in the isolated environment.

公开(公告)号：US09349008B1

公开(公告)日：2016-05-24

申请号：US14268577

申请日：2014-05-02

申请人： Bromium, Inc.

发明人： Deepak Khajuria ,  Gaurav Banga ,  Vikram Kapoor ,  Ian Pratt ,  Vivek Srivastava

IPC分类号： G06F21/57

CPC分类号： G06F21/57 ,  G06F21/608

摘要： Approaches for processing a digital file in a manner designed to minimize exposure of any malicious code contained therein. A digital file resides with a virtual machine. When the virtual machine receives an instruction to print or digitally transfer at least a portion of the digital file, the virtual machine converts at least a portion of the digital file from an original format to a different format within the virtual machine. The different format preserves a visual presentation of the digital file without supporting metadata or file format data structures of the original format. The virtual machine instructs the host OS to print or digitally transfer the portion of the digital file. The host OS may consult policy data in determining how to service the instruction to print or digitally transfer the digital file.

摘要翻译： 用于以旨在最小化其中包含的任何恶意代码的暴露的方式处理数字文件的方法。 数字文件驻留有虚拟机。 当虚拟机接收到打印或数字传送数字文件的至少一部分的指令时，虚拟机将数字文件的至少一部分从原始格式转换为虚拟机内的不同格式。 不同的格式保留了数字文件的可视化呈现，而不支持原始格式的元数据或文件格式数据结构。 虚拟机指示主机OS打印或数字传输数字文件的一部分。 主机操作系统可以在确定如何服务打印数字文件或数字传输指令时查询策略数据。

公开(公告)号：US09104544B1

公开(公告)日：2015-08-11

申请号：US13468843

申请日：2012-05-10

申请人： Krzysztof Uchronski ,  Martin O'Brien ,  Jacob Gorm Hansen ,  Kiran Bondalapati ,  Ian Pratt ,  Gaurav Banga ,  Vikram Kapoor

发明人： Krzysztof Uchronski ,  Martin O'Brien ,  Jacob Gorm Hansen ,  Kiran Bondalapati ,  Ian Pratt ,  Gaurav Banga ,  Vikram Kapoor

IPC分类号： G06F3/06 ,  G06F12/02

CPC分类号： G06F12/02 ,  G06F3/0608 ,  G06F3/0641 ,  G06F3/0671 ,  G06F9/45558 ,  G06F9/5027 ,  G06F9/5077 ,  G06F2009/45579 ,  G06F2009/45583 ,  G06F2209/5018

摘要： Mitigating eviction of the memory pages of virtualized machines. Upon detecting that a request to perform an I/O operation has been issued against a block stored a disk, a determination is made as to whether a pristine copy of the contents of the block is stored in memory. If a pristine copy of the contents of the block is stored in memory, then the request may be performed by updating mapping data that maps a page of memory to a location in memory at which the pristine copy is stored. In this way, the request is performed without performing the I/O operation against the block stored on disk. Various approaches for resharing memory, including memory of a template virtual machine, are discussed.

摘要翻译： 减轻虚拟化机器的内存页面。 在检测到针对存储的盘的块发出对I / O操作的请求时，确定块的内容的原始副本是否存储在存储器中。 如果块的内容的原始副本存储在存储器中，则可以通过更新将存储器页映射到存储原始副本的存储器中的位置的映射数据来执行请求。 以这种方式，执行请求而不对存储在磁盘上的块执行I / O操作。 讨论了重新共享内存的各种方法，包括模板虚拟机的内存。

公开(公告)号：US09092625B1

公开(公告)日：2015-07-28

申请号：US13708703

申请日：2012-12-07

申请人： Bromium, Inc.

发明人： Rahul C Kashyap ,  J. McEnroe Samuel Navaraj ,  Baibhav Singh ,  Arun Passi ,  Rafal Wojtczuk

IPC分类号： G06F21/00 ,  G06F21/56 ,  G06F9/455

CPC分类号： G06F9/45558 ,  G06F9/45533 ,  G06F21/52 ,  G06F21/53 ,  G06F21/552 ,  G06F21/56 ,  G06F21/566 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2221/034

摘要： The execution of a process within a VM may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM. The trigger event may be analyzed in relation to a set of heuristics, and based on the analysis, a data collection process may be initiated wherein the data comprises information about events occurring in the first virtual machine.

摘要翻译： 可以监视VM内的进程的执行，并且当触发事件发生时，启动附加监视，包括存储描述在VM内发生的实时事件的行为数据。 然后可以将该行为数据与关于该类型的进程的预期行为的信息进行比较，以便确定恶意软件是否损害了VM。 可以相对于一组启发式来分析触发事件，并且基于分析，可以启动数据收集过程，其中数据包括关于在第一虚拟机中发生的事件的信息。

公开(公告)号：US20140259159A1

公开(公告)日：2014-09-11

申请号：US14194747

申请日：2014-03-02

申请人： Bromium, Inc.

发明人： Gaurav Banga ,  Rahul Kashyap ,  Andrew Southgate

IPC分类号： G06F21/56

CPC分类号： G06F21/568 ,  G06F21/56

摘要： Approaches for ensuring a digital file does not contain malicious code. A digital file in an original format may or may not contain malicious code. An intermediate copy of the digital file in an intermediate format is created from the digital file in the original format. The intermediate format preserves a visual or audio presentation of the digital file without supporting metadata or file format data structures of the original format. A sterilized copy of the digital file is created from the intermediate copy. The sterilized copy is in the original format. The sterilized copy comprises a digital signature indicating that the sterilized copy has been converted from the intermediate format to the original format. Advantageously, the sterilized copy is guaranteed to not possess any malicious code.

摘要翻译： 确保数字文件的方法不包含恶意代码。 原始格式的数字文件可能包含或不包含恶意代码。 以原始格式从数字文件创建中间格式的数字文件的中间拷贝。 中间格式保留数字文件的视觉或音频呈现，而不支持原始格式的元数据或文件格式数据结构。 从中间拷贝创建数字文件的无菌拷贝。 灭菌副本是原始格式。 灭菌副本包括指示灭菌副本已经从中间格式转换为原始格式的数字签名。 有利地，保证无菌拷贝不具有任何恶意代码。

公开(公告)号：US08752047B2

公开(公告)日：2014-06-10

申请号：US13223091

申请日：2011-08-31

申请人： Gaurav Banga ,  Kiran Bondalapati ,  Ian Pratt ,  Vikram Kapoor

发明人： Gaurav Banga ,  Kiran Bondalapati ,  Ian Pratt ,  Vikram Kapoor

IPC分类号： G06F9/455 ,  G06F9/44 ,  G06F21/00

CPC分类号： G06F9/45533 ,  G06F9/45558 ,  G06F9/5077 ,  G06F21/53 ,  G06F2009/45587

摘要： Approaches for transferring data to a client by safely receiving the data in or more virtual machines. In response to the client determining that digital content, originating from an external source, is to be received or processed by the client, the client identifies, without human intervention, one or more virtual machines, executing or to be executed on the client, into which the digital content is to be stored. In doing so, the client may consult policy data to determine a placement policy, a containment policy, and a persistence policy for any virtual machine to receive the digital content. In this way, digital content, such as executable code or interpreted data, of unknown trustworthiness may be safely received by the client without the possibility of any malicious code therein from affecting any undesirable consequence upon the client.

摘要翻译： 通过在或多个虚拟机中安全接收数据来将数据传输到客户端的方法。 响应于客户端确定来自外部源的数字内容将被客户端接收或处理，客户端在没有人为干预的情况下识别一个或多个虚拟机，在客户机上执行或执行， 数字内容将被存储。 在这样做时，客户端可以查询策略数据以确定放置策略，收容策略和任何虚拟机接收数字内容的持久性策略。 以这种方式，客户端可以安全地接收到具有未知可信度的数字内容，例如可执行代码或解释数据，而不存在任何恶意代码在客户端上不会产生任何不良后果的可能性。

公开(公告)号：US08667594B1

公开(公告)日：2014-03-04

申请号：US13419356

申请日：2012-03-13

申请人： Gaurav Banga ,  Rahul Kashyap ,  Andrew Southgate

发明人： Gaurav Banga ,  Rahul Kashyap ,  Andrew Southgate

IPC分类号： G06F21/00

CPC分类号： G06F21/568 ,  G06F21/56

摘要： Approaches for ensuring a digital file does not contain malicious code. A digital file in an original format may or may not contain malicious code. An intermediate copy of the digital file in an intermediate format is created from the digital file in the original format. The intermediate format preserves a visual or audio presentation of the digital file without supporting metadata or file format data structures of the original format. A sterilized copy of the digital file is created from the intermediate copy. The sterilized copy is in the original format. The sterilized copy comprises a digital signature indicating that the sterilized copy has been converted from the intermediate format to the original format. Advantageously, the sterilized copy is guaranteed to not possess any malicious code.

摘要翻译： 确保数字文件的方法不包含恶意代码。 原始格式的数字文件可能包含或不包含恶意代码。 以原始格式从数字文件创建中间格式的数字文件的中间拷贝。 中间格式保留数字文件的视觉或音频呈现，而不支持原始格式的元数据或文件格式数据结构。 从中间拷贝创建数字文件的无菌拷贝。 灭菌副本是原始格式。 灭菌副本包括指示灭菌副本已经从中间格式转换为原始格式的数字签名。 有利地，保证无菌拷贝不具有任何恶意代码。

公开(公告)号：US10430614B2

公开(公告)日：2019-10-01

申请号：US15133077

申请日：2016-04-19

申请人： Bromium, Inc.

发明人： Ian Pratt ,  Rahul C. Kashyap ,  Gaurav Banga

IPC分类号： G06F21/71 ,  H04L29/06 ,  G06F21/53 ,  G06F21/56

摘要： Approaches for transferring control to a bit set. Execution of a bit set upon a host operating system is monitored. A determination is made that the execution of the bit set exhibits a suspicious characteristic. In response, the execution of the bit set on the host operating system is ceased. Then, the bit set is copied into an isolated environment and control to the bit set is transferred within the isolated environment. Thereafter, execution analysis upon the bit set is initiated in the isolated environment. The isolated environment may, but need not, reside on a different physical device than upon which executes the host operating system.