公开(公告)号：US07293173B2

公开(公告)日：2007-11-06

申请号：US11190376

申请日：2005-07-26

申请人： Scott A. Field

发明人： Scott A. Field

IPC分类号： H04L9/00

CPC分类号： G06F12/14 ,  G06F12/126 ,  G06F21/6218 ,  G06F21/78

摘要： The inventive methods and systems provide an approach to protecting unencrypted sensitive information from being paged out to secondary storage, such as a hard disk, during paging operations. In the described embodiment, a key is provided and is maintained in the main memory of a virtual memory system. Measures are taken to protect the key such as page-locking the key in the main memory to ensure that it never gets paged out to the secondary storage. The described key is a desirably large key that is randomly generated by the operating system. When sensitive information is to be placed in the main memory, it is encrypted with the page-locked key. The encrypted sensitive information can then be paged out to secondary storage without concern about its security. When the encrypted sensitive information is needed by a process or application, it is retrieved from secondary storage and decrypted using the page-locked key. For further protection, the sensitive information can be decrypted into a page-locked page of main memory. More than one key can be used to encrypt and/or decrypt the sensitive information.

摘要翻译： 本发明的方法和系统提供了一种在寻呼操作期间保护未加密的敏感信息被分页到辅助存储（例如硬盘）的方法。 在所描述的实施例中，提供了一个密钥并将其维护在虚拟存储器系统的主存储器中。 采取措施来保护密钥，如锁定主内存中的密钥，以确保它不会被分页到辅助存储。 所描述的密钥是由操作系统随机生成的期望的大密钥。 当敏感信息被放置在主存储器中时，它使用页锁密钥进行加密。 然后可以将加密的敏感信息分页到二级存储，而不用担心其安全性。 当进程或应用程序需要加密的敏感信息时，将从辅助存储器中检索并使用页面锁定密钥进行解密。 为了进一步保护，敏感信息可以被解密为主存储器的页面锁定页面。 可以使用多个密钥来加密和/或解密敏感信息。

公开(公告)号：US07280956B2

公开(公告)日：2007-10-09

申请号：US10692843

申请日：2003-10-24

申请人： David B. Cross ,  Jainrong Gu ,  Duncan Bryce ,  Shishir Pardikar ,  Pradeep Jnana Madhavarapu ,  Scott A. Field ,  Kelvin S. Yiu

发明人： David B. Cross ,  Jainrong Gu ,  Duncan Bryce ,  Shishir Pardikar ,  Pradeep Jnana Madhavarapu ,  Scott A. Field ,  Kelvin S. Yiu

IPC分类号： G06F9/24

CPC分类号： G06F21/10

摘要： An encrypted file system (EFS) and an underlying file transfer protocol to permit a client to encrypt, decrypt, and transfer file(s) resident on a server are disclosed. A user at a client computer can open, read, and write to encrypted files, including header information associated with encrypted files, and can add users to or remove users from an encrypted file.

摘要翻译： 公开了一种加密文件系统（EFS）和底层文件传输协议，以允许客户机加密，解密和传输驻留在服务器上的文件。 客户端计算机上的用户可以打开，读取和写入加密文件，包括与加密文件相关联的标题信息，并且可以将用户添加到加密文件或从加密文件中删除用户。

公开(公告)号：US07818781B2

公开(公告)日：2010-10-19

申请号：US10957314

申请日：2004-10-01

申请人： Gilad Golan ,  Mark Vayman ,  Scott A. Field

发明人： Gilad Golan ,  Mark Vayman ,  Scott A. Field

IPC分类号： G06F17/00 ,  H04K1/00 ,  H04L9/00

CPC分类号： H04L63/20 ,  G06F21/604 ,  G06Q40/00 ,  H04L63/08 ,  H04L63/126

摘要： A facility for setting and revoking policies is provided. The facility receives a request from a controlling process a request to set a policy on a controlled process, and determines whether the controlling process has privilege to set the policy on the controlled process. If the facility determines that the controlling process has privilege to set the policy on the controlled process, the facility sets the policy on the controlled process, which causes the policy to be applied to the controlled process to determine whether the controlled process has authorization to access one or more resources.

摘要翻译： 提供了设置和撤销政策的设施。 该设施从控制进程接收到一个请求以设置受控进程的策略，并且确定控制进程是否具有在受控进程上设置策略的权限。 如果设施确定控制过程具有在受控进程上设置策略的权限，则该设施将该策略设置在受控进程上，该策略将该策略应用于受控进程以确定受控进程是否具有访问权限 一个或多个资源。

公开(公告)号：US07765374B2

公开(公告)日：2010-07-27

申请号：US11627314

申请日：2007-01-25

申请人： Scott A. Field ,  Brandon Baker ,  Eric Traut ,  Suyash Sinha ,  Joy Ganguly ,  Forrest Foltz ,  David Cutler

发明人： Scott A. Field ,  Brandon Baker ,  Eric Traut ,  Suyash Sinha ,  Joy Ganguly ,  Forrest Foltz ,  David Cutler

IPC分类号： G06F21/22

CPC分类号： G06F21/552 ,  G06F9/468 ,  G06F21/51 ,  G06F21/53 ,  G06F2221/2105 ,  G06F2221/2141 ,  G06F2221/2149

摘要： This document describes tools capable of enabling a protection agent to determine, from memory inaccessible from an operating-system privilege mode, whether one or more resources of an operating system have been modified. In some instances, these tools may enable the protection agent to reside within a virtual machine monitor. In other instances, the tools may enable the protection agent to reside within a distinct virtual partition provided by the virtual machine monitor. By operating outside of the operating-system privilege mode, the protection agent may be less vulnerable to attacks by entities operating within the operating-system privilege mode.

摘要翻译： 本文档描述了能够使保护代理能够从不能从操作系统特权模式访问的存储器确定操作系统的一个或多个资源是否已被修改的工具。 在某些情况下，这些工具可能使保护代理能够驻留在虚拟机监视器中。 在其他情况下，这些工具可以使保护代理能够驻留在由虚拟机监视器提供的不同虚拟分区中。 通过在操作系统特权模式之外操作，保护代理可能不太容易受到在操作系统特权模式下操作的实体的攻击。

公开(公告)号：US07707619B2

公开(公告)日：2010-04-27

申请号：US11045733

申请日：2005-01-28

申请人： Art Shelest ,  Pradeep Bahl ,  Scott A. Field

发明人： Art Shelest ,  Pradeep Bahl ,  Scott A. Field

IPC分类号： H04L29/00

CPC分类号： H04L63/10 ,  G06F11/079 ,  G06F21/53 ,  G06F21/554

摘要： A method and system for selectively excluding a program from a security policy is provided. The security system receives from a user an indication of a program with a problem that is to be excluded from the security policy. When the program executes and a security enforcement event occurs, the security system does not apply the security policy. If the problem appears to be resolved as a result of excluding the program from the security policy, then the user may assume that the security policy is the cause of the problem.

摘要翻译： 提供了一种用于从安全策略中选择性地排除程序的方法和系统。 安全系统从用户接收到具有要从安全策略中排除的问题的程序的指示。 当程序执行并发生安全执行事件时，安全系统不应用安全策略。 如果由于从安全策略中排除程序，问题似乎得到解决，那么用户可能认为安全策略是问题的原因。

公开(公告)号：US07624443B2

公开(公告)日：2009-11-24

申请号：US11018412

申请日：2004-12-21

申请人： Michael Kramer ,  Scott A. Field ,  Marc E. Seinfeld ,  Carl Carter-Schwendler ,  Paul Luber ,  Adrian M. Marinescu

发明人： Michael Kramer ,  Scott A. Field ,  Marc E. Seinfeld ,  Carl Carter-Schwendler ,  Paul Luber ,  Adrian M. Marinescu

IPC分类号： G06F11/00 ,  G06F17/30 ,  G06F15/177 ,  G06F1/24 ,  H04L29/06 ,  G06F11/30 ,  G06F15/173 ,  G06F12/00

CPC分类号： G06F21/568 ,  G06F21/554 ,  Y10S707/99953

摘要： A self-healing device is provided in which changes made between the time that an infection resulting from an attack on the device was detected and an earlier point in time to which the device is capable of being restored may be recovered based, at least in part, on what kinds of changes were made, whether the changes were bona fide or malware induced, whether the changes were made after the time that the infection likely occurred, and whether new software was installed.

摘要翻译： 提供了一种自愈设备，其中，可以在至少部分地恢复在检测到由设备的攻击引起的感染的时间与设备能够恢复到的较早时间点之间进行的改变 关于什么样的变化，这些变化是真正的还是恶意软件引起的，这些变化是否在感染可能发生的时间之后进行，以及是否安装了新的软件。

公开(公告)号：US07571482B2

公开(公告)日：2009-08-04

申请号：US11170792

申请日：2005-06-28

申请人： Alexey A. Polyakov ,  Gretchen L. Loihle ,  Mihai Costea ,  Robert J. Hensing, Jr. ,  Scott A. Field ,  Vincent R. Orgovan ,  Yi-Min Wang ,  Yun Lin

发明人： Alexey A. Polyakov ,  Gretchen L. Loihle ,  Mihai Costea ,  Robert J. Hensing, Jr. ,  Scott A. Field ,  Vincent R. Orgovan ,  Yi-Min Wang ,  Yun Lin

IPC分类号： G06F12/14 ,  G06F11/00

CPC分类号： G06F21/566

摘要： Embodiments of a RootKit detector are directed to identifying a RootKit on a computer that is designed to conceal malware. Aspects of the RootKit detector leverage services provided by kernel debugger facilities to automatically obtain data in specified data structures that are maintained by an operating system. Then the data obtained from the kernel debugger facilities is processed with an integrity checker that determines whether the data contains properties sufficient to declare that a RootKit is resident on the computer.

摘要翻译： RootKit检测器的实施例旨在识别被设计为隐藏恶意软件的计算机上的RootKit。 RootKit检测器的各个方面利用内核调试工具提供的服务来自动获取由操作系统维护的指定数据结构中的数据。 然后，使用完整性检查器处理从内核调试器设备获取的数据，该检查器确定数据是否包含足以声明RootKit驻留在计算机上的属性。

公开(公告)号：US07543333B2

公开(公告)日：2009-06-02

申请号：US10118808

申请日：2002-04-08

申请人： Bhalchandra S. Pandit ,  Praerit Garg ,  Richard B. Ward ,  Paul J. Leach ,  Scott A. Field ,  Robert P. Reichel ,  John E. Brezak

发明人： Bhalchandra S. Pandit ,  Praerit Garg ,  Richard B. Ward ,  Paul J. Leach ,  Scott A. Field ,  Robert P. Reichel ,  John E. Brezak

IPC分类号： G06F21/06 ,  G06F21/20 ,  G06F21/22 ,  G06F21/24 ,  G08B23/00 ,  G06F15/173 ,  H04K1/00

CPC分类号： G06F21/31 ,  G06F2221/2101

摘要： Improved intrusion detection and/or tracking methods and systems are provided for use across various computing devices and networks. Certain methods, for example, form a substantially unique audit identifier during each authentication/logon process. One method includes identifying one or more substantially unique parameters that are associated with the authentication/logon process and encrypting them to form at least one audit identifier that can then be generated and logged by each device involved in the authentication/logon process. The resulting audit log file can then be audited along with similar audit log files from other devices to track a user across multiple platforms.

摘要翻译： 提供了改进的入侵检测和/或跟踪方法和系统，用于跨越各种计算设备和网络。 例如，某些方法在每个认证/登录过程期间形成基本唯一的审计标识符。 一种方法包括识别与认证/登录过程相关联的一个或多个基本上唯一的参数并将其加密以形成至少一个审核标识符，然后可以由认证/登录过程中涉及的每个设备生成和记录。 然后可以将生成的审核日志文件与来自其他设备的类似审核日志文件一起审核，以跨多个平台跟踪用户。

公开(公告)号：US20090007102A1

公开(公告)日：2009-01-01

申请号：US11771594

申请日：2007-06-29

申请人： Rajesh K. Dadhia ,  Scott A. Field

发明人： Rajesh K. Dadhia ,  Scott A. Field

IPC分类号： G06F9/455

CPC分类号： G06F21/566 ,  G06F9/45558 ,  G06F2009/45587 ,  G06F2221/2151

摘要： Tools and techniques for dynamically computing reputation scores for objects are described herein. The tools may provide machine-readable storage media containing machine-readable instructions for receiving requests to dynamically compute reputation scores for the objects, for instantiating protected virtual environments in which to execute the objects, and for computing the reputation score based on how the object behaves when executing within the virtual environment.

摘要翻译： 这里描述了用于动态地计算对象的信誉评分的工具和技术。 这些工具可以提供包含机器可读指令的机器可读存储介质，用于接收动态计算对象的信誉评分的请求，用于实例化其中执行对象的受保护的虚拟环境，以及基于对象的行为如何计算信誉评分 当在虚拟环境中执行时。

公开(公告)号：US20080183996A1

公开(公告)日：2008-07-31

申请号：US11627314

申请日：2007-01-25

申请人： Scott A. Field ,  Brandon Baker ,  Eric Traut ,  Suyash Sinha ,  Joy Ganguly ,  Forrest Foltz ,  David Cutler

发明人： Scott A. Field ,  Brandon Baker ,  Eric Traut ,  Suyash Sinha ,  Joy Ganguly ,  Forrest Foltz ,  David Cutler

IPC分类号： G06F12/00

CPC分类号： G06F21/552 ,  G06F9/468 ,  G06F21/51 ,  G06F21/53 ,  G06F2221/2105 ,  G06F2221/2141 ,  G06F2221/2149

摘要： This document describes tools capable of enabling a protection agent to determine, from memory inaccessible from an operating-system privilege mode, whether one or more resources of an operating system have been modified. In some instances, these tools may enable the protection agent to reside within a virtual machine monitor. In other instances, the tools may enable the protection agent to reside within a distinct virtual partition provided by the virtual machine monitor. By operating outside of the operating-system privilege mode, the protection agent may be less vulnerable to attacks by entities operating within the operating-system privilege mode.

摘要翻译： 本文档描述了能够使保护代理能够从不能从操作系统特权模式访问的存储器确定操作系统的一个或多个资源是否已被修改的工具。 在某些情况下，这些工具可能使保护代理能够驻留在虚拟机监视器中。 在其他情况下，这些工具可以使保护代理能够驻留在由虚拟机监视器提供的不同虚拟分区中。 通过在操作系统特权模式之外操作，保护代理可能不太容易受到在操作系统特权模式下操作的实体的攻击。