利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

56 条记录 (耗时 0.033 秒)

    Supporting a consistent user interface within a virtualized environment
    21.
    发明授权
    Supporting a consistent user interface within a virtualized environment 有权

    公开(公告)号:US10310696B1

    公开(公告)日:2019-06-04

    申请号:US14038408

    申请日:2013-09-26

    申请人: Bromium, Inc.

    发明人: Adrian Taylor

    IPC分类号: G06F9/46 G06F9/455 G06F3/048

    摘要: A consistent user interface is provided in a virtualized environment. A first and second application are executed within first and second operating systems running within separate virtual machines upon the same device. A first application receives, from the second application, a request that identifies a particular type of text to be received from a user. The first application selects an associated text input type and displays a text input interface on the device in a configuration allowing text in the selected text input type to be submitted. Optionally, the first virtual machine may have exclusive permission to display a user interface on the device; however, the user interface may include elements whose appearance was determined within other virtual machines.

    Ensuring the privacy and integrity of a hypervisor
    22.
    发明授权
    Ensuring the privacy and integrity of a hypervisor 有权

    公开(公告)号:US10140139B1

    公开(公告)日:2018-11-27

    申请号:US14741147

    申请日:2015-06-16

    申请人: Bromium, Inc.

    发明人: Ian Pratt

    IPC分类号: G06F9/455 G06F9/50

    摘要: Approaches for ensuring the privacy and integrity of a hypervisor. A host operating system manages a set of resources. The host operating system is prevented from accessing a portion of the resources belonging to or allocated by the hypervisor. The host operating system may be prevented from accessing resources belonging to or allocated by the hypervisor by transferring execution of the host operating system into a virtual machine container that does not have sufficient privilege to access any portion of the memory pages in which the hypervisor is executing. After the host operating system provides a requested resource to the hypervisor, the hypervisor may use a hardware component that establishes and enforces constraints on what portions of memory the host operating system is allowed to access to protect the requested resource from the host operating system.

    Synchronizing resources of a virtualized browser
    23.
    发明授权
    Synchronizing resources of a virtualized browser 有权

    公开(公告)号:US10095662B1

    公开(公告)日:2018-10-09

    申请号:US13526409

    申请日:2012-06-18

    申请人: Kiran Bondalapati Vikram Kapoor Prakash Buddhiraja Gaurav Banga Ian Pratt

    发明人: Kiran Bondalapati Vikram Kapoor Prakash Buddhiraja Gaurav Banga Ian Pratt

    IPC分类号: G06F17/21

    摘要: Approaches for synchronizing resources of a virtualized web browser. When a virtualized web browser is instructed to display a web page, a host module executing within a host operating instructs retrieves, from each of one or more virtual machines, contents for a portion of the web page. The virtualized web browser assembles the contents and displays the web page. A web browser executing in the host operating system may, but need not, retrieve any of the content displayed thereby. Instead, the content retrieved by the web browser executing in the host operating system may be retrieved by and rendered within a virtual machine. The behavior of the virtualized web browser may be configured using policy data.

    Restricting network access to untrusted virtual machines
    25.
    发明授权
    Restricting network access to untrusted virtual machines 有权
    限制对不可信虚拟机的网络访问

    公开(公告)号:US09386021B1

    公开(公告)日:2016-07-05

    申请号:US14316629

    申请日:2014-06-26

    申请人: Bromium, Inc.

    发明人: Ian Pratt

    IPC分类号: H04L29/06 G06F9/455

    CPC分类号: H04L63/08 G06F9/45545 G06F9/45558 G06F9/5027 G06F9/5077 G06F2009/45562 G06F2009/45587 G06F2009/45595 G06F2209/5018 H04L63/0209 H04L63/10

    摘要: Approaches for providing operating environments selective access to network resources. A guest operating system, executing on a device, may issue a request to a network device for access to a set of network resources. Once the guest operating system authenticates itself to the network device, the network device provides, to the guest operating system, access to the set of network resources. Note that the host operating system, executing on the device, does not have access to the set of network resources. A guest operating system may be provided access to an untrusted network in a manner that denies the host operating system access to the untrusted network. In this way, any malicious code inadvertently introduced into the host operating system cannot access the untrusted network for unscrupulous purposes.

    摘要翻译: 提供操作环境选择性访问网络资源的方法。 在设备上执行的客户操作系统可以向网络设备发出访问一组网络资源的请求。 一旦客户机操作系统向网络设备认证自身,网络设备向访客操作系统提供对该组网络资源的访问。 请注意,在设备上执行的主机操作系统无法访问该组网络资源。 访客操作系统可以以拒绝主机操作系统访问不可信网络的方式提供对不可信网络的访问。 以这种方式,无意中引入主机操作系统的任何恶意代码无法访问不受信任的网络进行不择手段的访问。

    Management of supervisor mode execution protection (SMEP) by a hypervisor
    27.
    发明授权
    Management of supervisor mode execution protection (SMEP) by a hypervisor 有权
    由管理程序管理主管模式执行保护(SMEP)

    公开(公告)号:US09292328B2

    公开(公告)日:2016-03-22

    申请号:US13902617

    申请日:2013-05-24

    申请人: Bromium, Inc.

    发明人: Ian Pratt Rafal Wojtczuk

    IPC分类号: G06F9/455

    CPC分类号: G06F9/45545

    摘要: Approaches for enabling Supervisor Mode Execution Protection (SMEP) for a guest operating system which does not support SMEP. A guest operating system (OS), which does not support SMEP, is executed within a virtual machine. A hypervisor instructs hardware to enable SMEP for the virtual machine executing the guest operating system. When the hypervisor is notified that the hardware has detected the guest operating system instructing a central processing unit (CPU) to execute code stored in virtual memory accessible by user space while the CPU is in supervisor mode, the hypervisor may consult a policy to identify what, if any, responsive action the hypervisor should perform.

    摘要翻译: 为不支持SMEP的客户机操作系统启用主管模式执行保护(SMEP)的方法。 不支持SMEP的客户机操作系统(OS)在虚拟机中执行。 管理程序指示硬件为执行客户机操作系统的虚拟机启用SMEP。 当管理程序被通知硬件检测到客户操作系统指示中央处理单元(CPU)在CPU处于主管模式时执行存储在虚拟存储器中的可访问的代码,管理程序可以咨询策略以识别什么 (如果有的话)管理程序应该执行的响应动作。

    Approaches for protecting sensitive data within a guest operating system
    28.
    发明授权
    Approaches for protecting sensitive data within a guest operating system 有权
    在客户机操作系统中保护敏感数据的方法

    公开(公告)号:US09239909B2

    公开(公告)日:2016-01-19

    申请号:US13358434

    申请日:2012-01-25

    申请人: Gianni Tedesco Anushree Pole Andrew Southgate Ian Pratt Vikram Kapoor Gaurav Banga

    发明人: Gianni Tedesco Anushree Pole Andrew Southgate Ian Pratt Vikram Kapoor Gaurav Banga

    IPC分类号: G06F21/24 G06F21/00 G06F21/53 G06F21/62 G06F21/74

    CPC分类号: G06F21/00 G06F21/53 G06F21/62 G06F21/74 G06F2221/2143

    摘要: Approaches for preventing unauthorized access of sensitive data within an operating system (OS), e.g., a guest OS used by a virtual machine. Dummy data may be written over physical locations on disk where sensitive data is stored, thereby preventing a malicious program from accessing the sensitive data. Alternately, a delete operation may be performed on sensitive data within an OS, and thereafter the OS is converted into a serialized format to expunge the deleted data. The serialized OS is converted into a deserialized form to facilitate its use. Optionally, a data structure may be updated to identify where sensitive data is located within an OS. When a request to access a portion of the OS is received, the data structure is consulted to determine whether the requested portion contains sensitive data, and if so, dummy data is returned to the requestor without consulting the requested portion of the OS.

    摘要翻译: 用于防止操作系统(OS)内的敏感数据的未经授权的访问的方法,例如虚拟机使用的访客操作系统。 虚拟数据可以写在存储敏感数据的磁盘上的物理位置上,从而防止恶意程序访问敏感数据。 或者,可以对OS内的敏感数据执行删除操作,然后将OS转换为序列化格式以清除已删除的数据。 序列化的操作系统被转换为反序列化的形式以便于其使用。 可选地,可以更新数据结构以识别敏感数据位于OS内的位置。 当接收到访问OS的一部分的请求时,参考数据结构以确定所请求的部分是否包含敏感数据,如果是,则将虚拟数据返回给请求者而不咨询所请求的OS部分。