公开(公告)号：US09594881B2

公开(公告)日：2017-03-14

申请号：US13229502

申请日：2011-09-09

申请人： Rishi Bhargava

发明人： Rishi Bhargava ,  David P. Reese, Jr.

IPC分类号： G06F21/60 ,  G06F21/00 ,  G06F21/57 ,  G06F21/56 ,  G06F12/08

CPC分类号： G06F21/00 ,  G06F12/08 ,  G06F21/577 ,  G06F2212/1052 ,  G06F2212/151

摘要： A method in one example implementation includes synchronizing a first memory page set with a second memory page set of a virtual guest machine, inspecting the first memory page set off-line, and detecting a threat in the first memory page set. The method further includes taking an action based on the threat. In more specific embodiments, the method includes updating the first memory page set with a subset of the second memory page set at an expiration of a synchronization interval, where the subset of the second memory page set was modified during the synchronization interval. In other more specific embodiments, the second memory page set of the virtual guest machine represents non-persistent memory of the virtual guest machine. In yet other specific embodiments, the action includes at least one of shutting down the virtual guest machine and alerting an administrator.

摘要翻译： 一个示例实现中的方法包括：将第一存储器页面集合与虚拟访客机器的第二存储器页面集合进行同步，检查离线的第一存储器页面以及检测第一存储器页面集合中的威胁。 该方法还包括基于威胁采取行动。 在更具体的实施例中，该方法包括在同步间隔期满之前用第二存储器页组的子集来更新第一存储器页组，其中第二存储器页集的子集在同步间隔期间被修改。 在其他更具体的实施例中，虚拟客机的第二存储器页组表示虚拟客机的非持久存储器。 在其他具体实施例中，该动作包括关闭虚拟客机并警告管理员中的至少一个。

公开(公告)号：US08555404B1

公开(公告)日：2013-10-08

申请号：US11437317

申请日：2006-05-18

申请人： E. John Sebes ,  Rishi Bhargava ,  David P. Reese

发明人： E. John Sebes ,  Rishi Bhargava ,  David P. Reese

IPC分类号： G06F7/04

CPC分类号： H04L63/10 ,  H04L63/102

摘要： Techniques which allow definition and enforcement of connectivity-based action and execution authorization policies. On a computer, an action or execution attempt is intercepted in real-time. The connectivity state of the computer, the subject process, the program file of the subject process, the attempted action and the object of the attempted action are determined. An authorization policy considering the connectivity state indicates whether the attempted action is authorized or not. In a tracking mode, the attempted action and its authorization are logged and the attempted action is allowed to proceed. In an enforcement mode, unauthorized attempts are blocked and logged, thereby enforcing the authorization policy.

摘要翻译： 允许定义和实施基于连接的操作和执行授权策略的技术。 在计算机上，实时拦截动作或执行尝试。 确定计算机的连接状态，主题进程，主题进程的程序文件，尝试的动作和尝试动作的对象。 考虑连接状态的授权策略表示尝试的动作是否被授权。 在跟踪模式中，记录尝试的操作及其授权，并允许尝试的操作继续。 在强制模式中，未经授权的尝试被阻止和记录，从而执行授权策略。

公开(公告)号：US20130247226A1

公开(公告)日：2013-09-19

申请号：US11437317

申请日：2006-05-18

申请人： E. John Sebes ,  Rishi Bhargava ,  David P. Reese

发明人： E. John Sebes ,  Rishi Bhargava ,  David P. Reese

IPC分类号： H04L29/06

CPC分类号： H04L63/10 ,  H04L63/102

摘要： Techniques which allow definition and enforcement of connectivity-based action and execution authorization policies. On a computer, an action or execution attempt is intercepted in real-time. The connectivity state of the computer, the subject process, the program file of the subject process, the attempted action and the object of the attempted action are determined. An authorization policy considering the connectivity state indicates whether the attempted action is authorized or not. In a tracking mode, the attempted action and its authorization are logged and the attempted action is allowed to proceed. In an enforcement mode, unauthorized attempts are blocked and logged, thereby enforcing the authorization policy.

摘要翻译： 允许定义和实施基于连接的操作和执行授权策略的技术。 在计算机上，实时拦截动作或执行尝试。 确定计算机的连接状态，主题进程，主题进程的程序文件，尝试的动作和尝试动作的对象。 考虑连接状态的授权策略表示尝试的动作是否被授权。 在跟踪模式下，记录尝试的操作及其授权，并允许尝试的操作继续。 在强制模式中，未经授权的尝试被阻止和记录，从而执行授权策略。

公开(公告)号：US20130024934A1

公开(公告)日：2013-01-24

申请号：US13629765

申请日：2012-09-28

申请人： E. John Sebes ,  Rishi Bhargava

发明人： E. John Sebes ,  Rishi Bhargava

IPC分类号： G06F21/22

CPC分类号： G06F21/51

摘要： A method and system for the classification of software in networked systems, includes: determining a software received by a sensor is attempting to execute on a computer system of the sensor; classifying the software as authorized or unauthorized to execute, and gathering information on the software by the sensor if the software is classified as unauthorized to execute. The sensor sends the information on the software to one or more actuators, which determine whether or not to act on one or more targets based on the information. If so, then the actuator sends a directive to the target(s). The target(s) updates its responses according to the directive. The classification of the software is definitive and is not based on heuristics or rules or policies and without any need to rely on any a priori information about the software.

摘要翻译： 一种用于网络系统中的软件分类的方法和系统，包括：确定由传感器接收的软件正在尝试在传感器的计算机系统上执行; 将软件分类为授权或未经授权执行，并且如果软件被分类为未经授权执行，则由传感器收集关于软件的信息。 传感器将软件上的信息发送到一个或多个执行器，这些执行器基于该信息确定是否对一个或多个目标进行操作。 如果是这样，则执行器向目标发送一个指令。 目标根据指令更新其响应。 软件的分类是确定性的，不是基于启发式或规则或策略，也不需要依赖任何有关该软件的先验信息。

公开(公告)号：US07856661B1

公开(公告)日：2010-12-21

申请号：US11182320

申请日：2005-07-14

申请人： E. John Sebes ,  Rishi Bhargava

发明人： E. John Sebes ,  Rishi Bhargava

IPC分类号： G06F12/14

CPC分类号： G06F21/51

摘要： A method and system for the classification of software in networked systems, includes: determining a software received by a sensor is attempting to execute on a computer system of the sensor; classifying the software as authorized or unauthorized to execute, and gathering information on the software by the sensor if the software is classified as unauthorized to execute. The sensor sends the information on the software to one or more actuators, which determine whether or not to act on one or more targets based on the information. If so, then the actuator sends a directive to the target(s). The target(s) updates its responses according to the directive. The classification of the software is definitive and is not based on heuristics or rules or policies and without any need to rely on any a priori information about the software.

摘要翻译： 一种用于网络系统中的软件分类的方法和系统，包括：确定由传感器接收的软件正在尝试在传感器的计算机系统上执行; 将软件分类为授权或未经授权执行，并且如果软件被分类为未经授权执行，则由传感器收集关于软件的信息。 传感器将软件上的信息发送到一个或多个执行器，这些执行器基于该信息确定是否对一个或多个目标进行操作。 如果是这样，则执行器向目标发送一个指令。 目标根据指令更新其响应。 软件的分类是确定性的，不是基于启发式或规则或策略，也不需要依赖任何有关该软件的先验信息。

公开(公告)号：US08701182B2

公开(公告)日：2014-04-15

申请号：US13558181

申请日：2012-07-25

申请人： Rishi Bhargava ,  Chiradeep Vittal ,  Swaroop Saveram

发明人： Rishi Bhargava ,  Chiradeep Vittal ,  Swaroop Saveram

IPC分类号： H04L29/06

CPC分类号： G06F21/62 ,  G06F11/3006 ,  G06F11/3051

摘要： A system for and method of automatically enforcing a configuration change process for change requests of one or more configurable element within one or more configurable computation systems. The system comprises means for managing a configuration change process for one or more configurable elements within a corresponding configurable computation system, means for generation a configuration request, means for applying a set of authorization rules to the configuration change requests to generate selective authorization of the CEs, and means for selectively locking and unlocking changes to configurable elements within the configurable computational systems.

摘要翻译： 一种用于自动执行用于在一个或多个可配置计算系统内的一个或多个可配置元件的改变请求的配置改变过程的系统和方法。 该系统包括用于管理对应可配置计算系统内的一个或多个可配置元素的配置改变过程的装置，用于生成配置请求的装置，用于将一组授权规则应用于配置改变请求以产生对CE的选择性授权的装置 以及用于选择性地锁定和解锁对可配置计算系统内的可配置元件的改变的装置。

公开(公告)号：US08332929B1

公开(公告)日：2012-12-11

申请号：US12008274

申请日：2008-01-09

申请人： Rishi Bhargava ,  Chiradeep Vittal ,  Swaroop Sayeram

发明人： Rishi Bhargava ,  Chiradeep Vittal ,  Swaroop Sayeram

IPC分类号： H04L29/06

CPC分类号： G06F21/62 ,  G06F11/3006 ,  G06F11/3051

摘要： A system for and method of automatically enforcing a configuration change process for change requests of one or more configurable element within one or more configurable computation systems. The system comprises means for managing a configuration change process for one or more configurable elements within a corresponding configurable computation system, means for generation a configuration request, means for applying a set of authorization rules to the configuration change requests to generate selective authorization of the CEs, and means for selectively locking and unlocking changes to configurable elements within the configurable computational systems.

摘要翻译： 一种用于自动执行用于在一个或多个可配置计算系统内的一个或多个可配置元件的改变请求的配置改变过程的系统和方法。 该系统包括用于管理对应可配置计算系统内的一个或多个可配置元素的配置改变过程的装置，用于生成配置请求的装置，用于将一组授权规则应用于配置改变请求以产生对CE的选择性授权的装置 以及用于选择性地锁定和解锁对可配置计算系统内的可配置元件的改变的装置。

公开(公告)号：US20120297176A1

公开(公告)日：2012-11-22

申请号：US13558181

申请日：2012-07-25

申请人： Rishi Bhargava ,  Chiradeep Vittal ,  Swaroop Sayeram

发明人： Rishi Bhargava ,  Chiradeep Vittal ,  Swaroop Sayeram

IPC分类号： G06F15/177

CPC分类号： G06F21/62 ,  G06F11/3006 ,  G06F11/3051

摘要： A system for and method of automatically enforcing a configuration change process for change requests of one or more configurable element within one or more configurable computation systems. The system comprises means for managing a configuration change process for one or more configurable elements within a corresponding configurable computation system, means for generation a configuration request, means for applying a set of authorization rules to the configuration change requests to generate selective authorization of the CEs, and means for selectively locking and unlocking changes to configurable elements within the configurable computational systems.

公开(公告)号：US08307437B2

公开(公告)日：2012-11-06

申请号：US12944567

申请日：2010-11-11

申请人： E. John Sebes ,  Rishi Bhargava

发明人： E. John Sebes ,  Rishi Bhargava

IPC分类号： G06F7/40

CPC分类号： G06F21/51

摘要： A method and system for the classification of software in networked systems, includes: determining a software received by a sensor is attempting to execute on a computer system of the sensor; classifying the software as authorized or unauthorized to execute, and gathering information on the software by the sensor if the software is classified as unauthorized to execute. The sensor sends the information on the software to one or more actuators, which determine whether or not to act on one or more targets based on the information. If so, then the actuator sends a directive to the target(s). The target(s) updates its responses according to the directive. The classification of the software is definitive and is not based on heuristics or rules or policies and without any need to rely on any a priori information about the software.

摘要翻译： 一种用于网络系统中的软件分类的方法和系统，包括：确定由传感器接收的软件正在尝试在传感器的计算机系统上执行; 将软件分类为授权或未经授权执行，并且如果软件被分类为未经授权执行，则由传感器收集关于软件的信息。 传感器将软件上的信息发送到一个或多个执行器，这些执行器基于该信息确定是否对一个或多个目标进行操作。 如果是这样，则执行器向目标发送一个指令。 目标根据指令更新其响应。 软件的分类是确定性的，不是基于启发式或规则或策略，也不需要依赖任何有关该软件的先验信息。

公开(公告)号：US20110138461A1

公开(公告)日：2011-06-09

申请号：US13022148

申请日：2011-02-07

申请人： Rishi Bhargava ,  E. John Sebes

发明人： Rishi Bhargava ,  E. John Sebes

IPC分类号： G06F21/00

CPC分类号： G06F21/566 ,  G06F21/31 ,  G06F21/44 ,  G06F21/53 ,  G06F21/554 ,  G06F21/56 ,  G06F21/60 ,  G06F21/6218 ,  G06F2221/2149

摘要： A method is described to maintain (including generate) an inventory of a system of a plurality of containers accessible by a computer system. At least one container is considered to determine whether the container is executable in at least one of a plurality of execution environments characterizing the computer system. Each execution environment is in the group comprising a native binary execution environment configured to execute native machine language instructions and a non-native execution environment configured to execute at least one program to process non-native machine language instructions to yield native machine language instructions. The inventory is maintained based on a result of the considering step. The inventory may be used to exercise control over what executables are allowed to execute on the computer system.

摘要翻译： 描述了一种维护（包括生成）可由计算机系统访问的多个容器的系统的库存的方法。 考虑至少一个容器来确定容器是否在表征计算机系统的多个执行环境中的至少一个中是可执行的。 每个执行环境在包括被配置为执行本地机器语言指令的本地二进制执行环境的组中，以及被配置为执行至少一个程序以处理非本地机器语言指令以产生本地机器语言指令的非本地执行环境。 基于考虑步骤的结果维护库存。 库存可用于对计算机系统上允许执行的可执行文件进行控制。