公开(公告)号：US08239953B1

公开(公告)日：2012-08-07

申请号：US12412232

申请日：2009-03-26

申请人： Sourabh Satish ,  William E. Sobel

发明人： Sourabh Satish ,  William E. Sobel

IPC分类号： G06F11/00

CPC分类号： H04L63/105

摘要： A security module manages differences in hygiene by applying differing levels of security policy to interactions of users with clients according to separate hygiene of the users and the clients. The module monitors computer security practices of clients and users in an environment, and uses this to client a machine hygiene score for a given client and a user hygiene score for a given user. The scores represent an assessment of the trustworthiness of the client and of the user. The module dynamically combines the scores computed for an interaction between the given user and given client, and applies a level of security policy to the interaction accordingly, determining what activities can be performed on the client based on the level of policy applied.

摘要翻译： 安全模块通过根据用户和客户端的不同卫生情况，将不同级别的安全策略应用于用户与客户端的互动，从而管理卫生方面的差异。 该模块在环境中监视客户端和用户的计算机安全实践，并使用它来为给定客户端的客户端提供机器卫生分数，以及给定用户的用户卫生评分。 分数表示对客户端和用户的可信度的评估。 该模块动态地组合为给定用户和给定客户端之间的交互计算的分数，并且相应地将一级安全策略应用于交互，基于所应用的策略级别来确定可以在客户端上执行哪些活动。

公开(公告)号：US08140804B1

公开(公告)日：2012-03-20

申请号：US12337132

申请日：2008-12-17

申请人： William E. Sobel ,  Bruce McCorkendale

发明人： William E. Sobel ,  Bruce McCorkendale

IPC分类号： G06F3/00 ,  G06F12/00

CPC分类号： G06F3/0653 ,  G06F3/0605 ,  G06F3/0634 ,  G06F3/0679

摘要： A computer-implemented method for determining whether to perform a computing operation that is optimized for a specific storage-device-technology type may comprise: 1) performing at least one proximate read operation by accessing a control location on a storage device and then accessing a test location on the storage device that is logically proximate to the control location, 2) performing at least one remote read operation by accessing a test location on the storage device that is logically remote from the control location, 3) determining, by comparing a length of time to access the proximate test location with a length of time to access the remote test location, a technology type of the storage device, and then 4) determining, based on the technology type of the storage device, whether to perform the computing operation. Corresponding systems and computer-readable media are also disclosed.

摘要翻译： 用于确定是否执行针对特定存储设备技术类型优化的计算操作的计算机实现的方法可以包括：1）通过访问存储设备上的控制位置并且然后访问 在逻辑上靠近控制位置的存储设备上的测试位置，2）通过访问逻辑上远离控制位置的存储设备上的测试位置来执行至少一个远程读取操作，3）通过比较长度 的时间以访问远程测试位置的时间长度，存储设备的技术类型，然后4）基于存储设备的技术类型来确定是否执行计算操作 。 还公开了相应的系统和计算机可读介质。

公开(公告)号：US08140782B1

公开(公告)日：2012-03-20

申请号：US12061043

申请日：2008-04-02

申请人： William E. Sobel ,  Randall Richards Cook

发明人： William E. Sobel ,  Randall Richards Cook

IPC分类号： G06F13/00

CPC分类号： G06F9/45558 ,  G06F2009/45562 ,  G06F2009/45579 ,  G06F2009/45583

摘要： Embodiments in accordance with the invention permit a virtualization application to interact with a SuperFetch feature of an operating system so that on creation of a virtualization layer the SuperFetch feature is provided the opportunity to act on the newly available file system objects of the virtualization layer. Further, when the virtualization layer is removed, embodiments in accordance with the invention remove the file system objects associated with the virtualization layer from utilization by the SuperFetch feature.

摘要翻译： 根据本发明的实施例允许虚拟化应用与操作系统的SuperFetch特征进行交互，使得在创建虚拟化层时，提供SuperFetch特征作用于虚拟化层的新可用文件系统对象上的机会。 此外，当去除虚拟化层时，根据本发明的实施例将与虚拟化层相关联的文件系统对象从SuperFetch特征的利用中去除。

公开(公告)号：US08104083B1

公开(公告)日：2012-01-24

申请号：US12059622

申请日：2008-03-31

申请人： William E. Sobel ,  Bruce McCorkendale ,  Paul Agbabian

发明人： William E. Sobel ,  Bruce McCorkendale ,  Paul Agbabian

IPC分类号： G06F7/04 ,  G06F12/14 ,  G06F12/00 ,  G06F13/00

CPC分类号： G06F21/53 ,  G06F9/4401 ,  G06F9/45558 ,  G06F21/56 ,  G06F2009/45579

摘要： A method includes creating a first virtual machine comprising a remote file system. The method further includes causing all input/output from a second virtual machine to be redirected to the remote file system, the first virtual machine and the second virtual machine being on a single physical computer. The file system is securely protected from any malicious code executing on the second virtual machine by the hardware enforced partitioning between the first virtual machine and the second virtual machine.

摘要翻译： 一种方法包括创建包括远程文件系统的第一虚拟机。 该方法还包括使得来自第二虚拟机的所有输入/输出被重定向到远程文件系统，第一虚拟机和第二虚拟机位于单个物理计算机上。 通过在第一虚拟机和第二虚拟机之间的硬件强制分区，文件系统被安全地保护免受在第二虚拟机上执行的任何恶意代码。

公开(公告)号：US07818802B2

公开(公告)日：2010-10-19

申请号：US11862167

申请日：2007-09-26

申请人： Peter Szor ,  William E. Sobel

发明人： Peter Szor ,  William E. Sobel

IPC分类号： H04L9/00 ,  G08B23/00

CPC分类号： G06F21/564 ,  G06F21/566

摘要： A blocking-scanning manager (101) detects (200) attempted malicious behavior of running code (120). In response to detection, the blocking-scanning manager (101) blocks (206) the attempted malicious behavior. The blocking-scanning manager (101) generates (208) a signature to identify the code that attempted the malicious behavior. The blocking-scanning manager (101) detects (506) code identified by the signature. Responsive to detection, the blocking-scanning manager (101) blocks (508) execution of the identified code (122).

摘要翻译： 阻止扫描管理器（101）检测（200）尝试的运行代码的恶意行为（120）。 响应于检测，阻塞扫描管理器（101）阻止（206）尝试的恶意行为。 阻塞扫描管理器（101）生成（208）签名以识别尝试恶意行为的代码。 封锁扫描管理器（101）检测（506）由签名识别的代码。 阻挡扫描管理器（101）响应于检测，阻止（508）所识别的代码（122）的执行。

公开(公告)号：US20100162393A1

公开(公告)日：2010-06-24

申请号：US12338456

申请日：2008-12-18

申请人： William E. Sobel ,  Sourabh Satish

发明人： William E. Sobel ,  Sourabh Satish

IPC分类号： G06F21/00

CPC分类号： H04L63/1466 ,  G06F21/554 ,  H04L63/1416 ,  H04L67/02

摘要： A computer-implemented method for detecting man-in-the-browser attacks may include identifying a transaction fingerprint associated with a web site. The method may also include tracking a user's input to the web site. The user's input may be received through a web browser. The method may further include intercepting an outgoing submission to the web site. The method may additionally include determining whether, in light of the transaction fingerprint, the user's input generated the outgoing submission. Various other methods, systems, and computer-readable media are also disclosed.

摘要翻译： 用于检测浏览人员浏览器攻击的计算机实现的方法可以包括识别与网站相关联的交易指纹。 该方法还可以包括跟踪用户对网站的输入。 可以通过网络浏览器接收用户的输入。 该方法可以进一步包括拦截向网站的外发提交。 该方法还可以包括根据交易指纹确定用户的输入是否产生了外发提交。 还公开了各种其它方法，系统和计算机可读介质。

公开(公告)号：US07739738B1

公开(公告)日：2010-06-15

申请号：US11376770

申请日：2006-03-15

申请人： William E. Sobel ,  Bruce E. McCorkendale

发明人： William E. Sobel ,  Bruce E. McCorkendale

IPC分类号： G06F11/30 ,  G06F12/14 ,  H04L12/22

CPC分类号： G06F12/0891 ,  G06F12/0866 ,  G06F12/1491 ,  G06F21/564 ,  G06F21/575 ,  H04L63/1441

摘要： A robust and reliable mechanism is disclosed for detecting whether a system has (or may have) been booted into a compromised or otherwise unprotected environment, so that a persisted clean file cache can be used across boots when appropriate. As such security scanning of files. A clean file cache can be maintained and used by a security application to avoid unnecessarily re-scanning a file that has not been modified since last being scanned and determined clean. Unnecessary scans are therefore avoided.

摘要翻译： 公开了一种用于检测系统是否已经（或可能已经）被引导到受损或以其他不受保护的环境中的鲁棒且可靠的机制，使得在适当的情况下可以跨引导使用持久的干净文件高速缓存。 作为文件的安全扫描。 安全应用程序可以维护和使用干净的文件缓存，以避免不必要地重新扫描自上次被扫描并确定干净以来未被修改的文件。 因此避免了不必要的扫描。

公开(公告)号：US07565686B1

公开(公告)日：2009-07-21

申请号：US10983374

申请日：2004-11-08

申请人： William E. Sobel ,  Mark Kennedy

发明人： William E. Sobel ,  Mark Kennedy

IPC分类号： G06F11/30 ,  G06F12/14 ,  H04L12/22

CPC分类号： H04L63/101 ,  G06F21/51 ,  G06F21/554

摘要： A late binding code manager prevents the unauthorized loading of late binding code into a process. The late binding code manager detects an attempt to load late binding code into a process's address space. Subsequently, the late binding code manager determines whether a detected attempt to load late binding code into a process's address space is permitted. Responsive to the results of a determination as to whether an attempt to load late binding code into a process's address space is permitted, the late binding code manager executes at least one additional step affecting the loading of the late binding code into the process's address space. Such a step can comprise permitting, blocking or modifying the attempt to load the late binding code.

摘要翻译： 后期绑定代码管理器防止未经授权的后期绑定代码加载到进程中。 后期绑定代码管理器检测到将晚期绑定代码加载到进程的地址空间中的尝试。 随后，后期绑定代码管理器确定是否允许检测到将后期绑定代码加载到进程的地址空间中的尝试。 响应于确定是否允许将晚期绑定代码加载到进程的地址空间的结果，后期绑定代码管理器执行影响后期绑定代码加载到进程的地址空间中的至少一个附加步骤。 这样的步骤可以包括允许，阻止或修改加载后期绑定码的尝试。

公开(公告)号：US07472418B1

公开(公告)日：2008-12-30

申请号：US10643564

申请日：2003-08-18

申请人： Bruce McCorkendale ,  William E. Sobel

发明人： Bruce McCorkendale ,  William E. Sobel

IPC分类号： G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G06F15/18 ,  G08B23/00

CPC分类号： G06F21/566 ,  G06F21/56 ,  H04L63/1425

摘要： Inbound and outbound traffic on a computer system are intercepted and compared to determine if the presence of malicious code is indicated. Outbound traffic that is sufficiently similar to recently received inbound traffic is indicative of the presence of malicious code. In some embodiments, if the presence of malicious code is indicated, the user, as well as other individuals or systems, are notified of the detection. In some embodiments, if desired, protective actions are initiated to hinder or block the propagation of the malicious code from the host computer system to other computer systems, as well as to remove or inactivate the malicious code on the host computer system.

摘要翻译： 拦截和比较计算机系统上的入站和出站流量，以确定是否显示恶意代码的存在。 与最近收到的入站流量非常相似的出站流量表示存在恶意代码。 在一些实施例中，如果指示恶意代码的存在，则向用户以及其他个人或系统通知该检测。 在一些实施例中，如果需要，启动保护动作以阻止或阻止恶意代码从主计算机系统传播到其他计算机系统，以及移除或停用主机计算机系统上的恶意代码。

公开(公告)号：US08959509B1

公开(公告)日：2015-02-17

申请号：US12131502

申请日：2008-06-02

申请人： William E. Sobel ,  Jennifer Sterner

发明人： William E. Sobel ,  Jennifer Sterner

IPC分类号： G06F9/46

CPC分类号： G06F9/4843

摘要： Techniques for virtual machine backup scheduling are disclosed. In one particular exemplary embodiment, the techniques may be realized as an apparatus for scheduling one or more backup operations. The apparatus may comprise one or more virtual machines to operate on one or more systems. The apparatus may also comprise a backup manager to monitor resource requirements associated with at least one of the one or more virtual machines, associate the resource requirements with each of the one or more virtual machines, and to create a backup schedule for the one or more virtual machines based at least in part upon the resource requirements associated with the at least one of the one or more virtual machines. The apparatus may further comprise a module for implementing backups of the one or more virtual machines based at least in part upon the backup schedule created by the backup manager.

摘要翻译： 公开了虚拟机备份调度技术。 在一个特定示例性实施例中，可以将技术实现为用于调度一个或多个备份操作的装置。 该装置可以包括一个或多个在一个或多个系统上操作的虚拟机。 所述装置还可以包括备用管理器，用于监视与所述一个或多个虚拟机中的至少一个虚拟机相关联的资源需求，将所述资源需求与所述一个或多个虚拟机中的每一个相关联，并且为所述一个或多个虚拟机创建备份计划 至少部分地基于与所述一个或多个虚拟机中的至少一个虚拟机相关联的资源需求的虚拟机。 该装置还可以包括用于至少部分地基于由备份管理器创建的备份计划来实现一个或多个虚拟机的备份的模块。