公开(公告)号：US07266690B2

公开(公告)日：2007-09-04

申请号：US11190375

申请日：2005-07-26

申请人： Scott A. Field

发明人： Scott A. Field

IPC分类号： H04L9/00

CPC分类号： G06F12/14 ,  G06F12/126 ,  G06F21/6218 ,  G06F21/78

摘要： The inventive methods and systems provide an approach to protecting unencrypted sensitive information from being paged out to secondary storage, such as a hard disk, during paging operations. In the described embodiment, a key is provided and is maintained in the main memory of a virtual memory system. Measures are taken to protect the key such as page-locking the key in the main memory to ensure that it never gets paged out to the secondary storage. The described key is a desirably large key that is randomly generated by the operating system. When sensitive information is to be placed in the main memory, it is encrypted with the page-locked key. The encrypted sensitive information can then be paged out to secondary storage without concern about its security. When the encrypted sensitive information is needed by a process or application, it is retrieved from secondary storage and decrypted using the page-locked key. For further protection, the sensitive information can be decrypted into a page-locked page of main memory. More than one key can be used to encrypt and/or decrypt the sensitive information.

公开(公告)号：US07124251B2

公开(公告)日：2006-10-17

申请号：US10178291

申请日：2002-06-24

申请人： Jason Clark ,  Scott A. Field ,  Jonathan David Schwartz ,  Clifford P. Van Dyke

发明人： Jason Clark ,  Scott A. Field ,  Jonathan David Schwartz ,  Clifford P. Van Dyke

IPC分类号： G06F12/00

CPC分类号： G06F12/0223

摘要： A stack allocation system and method is described. In one implementation, an attempt is made to allocate N bytes of data to a stack having a fixed depth. A probe size for the stack is determined. Verification is then made to ascertain whether the probe size and the N bytes of data exceed the fixed depth of the stack, prior to allocating the N bytes of data to the stack. In another implementation, the N bytes of data are allocated to a heap; if the probe size and the N bytes of data exceed the fixed depth of the stack.

摘要翻译： 描述了堆栈分配系统和方法。 在一个实现中，尝试将N字节的数据分配给具有固定深度的堆栈。 确定堆叠的探头尺寸。 然后在将N个字节的数据分配给堆栈之前，进行验证以确定探测器大小和数据的N字节是否超过堆栈的固定深度。 在另一个实现中，N字节的数据被分配给堆; 如果探头大小和N字节的数据超过堆栈的固定深度。

公开(公告)号：US08640215B2

公开(公告)日：2014-01-28

申请号：US11690631

申请日：2007-03-23

申请人： Vikas Malhotra ,  Scott A. Field ,  Jaroslav Dunajsky

发明人： Vikas Malhotra ,  Scott A. Field ,  Jaroslav Dunajsky

IPC分类号： H04L29/06

CPC分类号： G06F21/604 ,  G06F2221/2141

摘要： A secure web hosting system is provided. In various embodiments, the secure web hosting system identifies an application that is to be loaded, creates a security token that is unique to the computer system and based on a name of the identified application, receives a request to load the identified application, and creates a process in which to load the identified application, the process having security attributes associated with the created security token. In various embodiments, the secure web hosting system includes an isolation service component that creates a security token based on an application name of an application identified by the configuration file.

摘要翻译： 提供安全的网络托管系统。 在各种实施例中，安全网络托管系统识别要加载的应用，创建对计算机系统唯一的安全令牌，并且基于所识别的应用的名称，接收加载所识别的应用的请求，并创建 加载所识别的应用的过程，该过程具有与所创建的安全令牌相关联的安全属性。 在各种实施例中，安全web托管系统包括基于由配置文件标识的应用的应用名称来创建安全令牌的隔离服务组件。

公开(公告)号：US08584094B2

公开(公告)日：2013-11-12

申请号：US11771594

申请日：2007-06-29

申请人： Rajesh K Dadhia ,  Scott A. Field

发明人： Rajesh K Dadhia ,  Scott A. Field

IPC分类号： G06F9/44 ,  G06F9/455 ,  G06F12/14

CPC分类号： G06F21/566 ,  G06F9/45558 ,  G06F2009/45587 ,  G06F2221/2151

摘要： Tools and techniques for dynamically computing reputation scores for objects are described herein. The tools may provide machine-readable storage media containing machine-readable instructions for receiving requests to dynamically compute reputation scores for the objects, for instantiating protected virtual environments in which to execute the objects, and for computing the reputation score based on how the object behaves when executing within the virtual environment.

摘要翻译： 这里描述了用于动态地计算对象的信誉评分的工具和技术。 这些工具可以提供包含机器可读指令的机器可读存储介质，用于接收动态计算对象的信誉评分的请求，用于实例化其中执行对象的受保护的虚拟环境，以及基于对象的行为如何计算信誉评分 当在虚拟环境中执行时。

公开(公告)号：US08539469B2

公开(公告)日：2013-09-17

申请号：US10880848

申请日：2004-06-30

申请人： Anthony Blumfield ,  Gilad Golan ,  Jason Garms ,  Saud Alshibani ,  Scott A. Field

发明人： Anthony Blumfield ,  Gilad Golan ,  Jason Garms ,  Saud Alshibani ,  Scott A. Field

IPC分类号： G06F9/44 ,  G06F9/445

CPC分类号： G06F8/65 ,  G06F8/60 ,  G06F8/61 ,  G06F8/656 ,  G06F8/71 ,  G06F9/44505

摘要： A facility for applying a software patch is described. Using an automatic patching agent, the facility receives the software patch. In response to receiving the software patch, without user intervention, the facility performs the following acts: First, the facility identifies an instance of an executable module that is currently loaded, and to which the received software patch pertains. Second, the facility applies the received software patch to the identified loaded executable module instance to modify the behavior of the identified executable module instance.

公开(公告)号：US07673341B2

公开(公告)日：2010-03-02

申请号：US11012892

申请日：2004-12-15

申请人： Michael Kramer ,  Matthew Braverman ,  Marc E. Seinfeld ,  Jason Garms ,  Adrian M. Marinescu ,  George Cristian Chicioreanu ,  Scott A. Field

发明人： Michael Kramer ,  Matthew Braverman ,  Marc E. Seinfeld ,  Jason Garms ,  Adrian M. Marinescu ,  George Cristian Chicioreanu ,  Scott A. Field

IPC分类号： G06F12/14

CPC分类号： H04L63/1408 ,  G06F21/562

摘要： The present invention provides a system, method, and computer-readable medium for identifying and removing active malware from a computer. Aspects of the present invention are included in a cleaner tool that may be obtained automatically with an update service or may be downloaded manually from a Web site or similar distribution system. The cleaner tool includes a specialized scanning engine that searches a computer for active malware. Since the scanning engine only searches for active malware, the amount of data downloaded and resource requirements of the cleaner tool are less than traditional antivirus software. The scanning engine searches specific locations on a computer, such as data mapped in memory, configuration files, and file metadata for data characteristic of malware. If malware is detected, the cleaner tool removes the malware from the computer.

摘要翻译： 本发明提供一种用于从计算机识别和去除活动恶意软件的系统，方法和计算机可读介质。 本发明的方面包括在可以使用更新服务自动获得的清洁工具中，或者可以从网站或类似的分发系统手动下载。 更清洁的工具包括专门的扫描引擎，可在计算机上搜索主动恶意软件。 由于扫描引擎仅搜索活动的恶意软件，所以下载的数据量和清洁工具的资源需求比传统的防病毒软件要少。 扫描引擎在计算机上搜索特定位置，例如映射到内存中的数据，配置文件和文件元数据，以便恶意软件的特征。 如果检测到恶意软件，则清洁工具会从计算机中删除恶意软件。

公开(公告)号：US20090241193A1

公开(公告)日：2009-09-24

申请号：US12475883

申请日：2009-06-01

申请人： Bhalchandra S. Pandit ,  Praerit Garg ,  Richard B. Ward ,  Paul J. Leach ,  Scott A. Field ,  Robert P. Reichel ,  John E. Brezak

发明人： Bhalchandra S. Pandit ,  Praerit Garg ,  Richard B. Ward ,  Paul J. Leach ,  Scott A. Field ,  Robert P. Reichel ,  John E. Brezak

IPC分类号： G06F21/20 ,  G06F21/22 ,  G06F21/24 ,  G08B23/00 ,  H04K1/00 ,  G06F15/173 ,  G06F21/06

CPC分类号： G06F21/31 ,  G06F2221/2101

摘要： Improved intrusion detection and/or tracking methods and systems are provided for use across various computing devices and networks. Certain methods, for example, form a substantially unique audit identifier during each authentication/logon process. One method includes identifying one or more substantially unique parameters that are associated with the authentication/logon process and encrypting them to form at least one audit identifier that can then be generated and logged by each device involved in the authentication/logon process. The resulting audit log file can then be audited along with similar audit log files from other devices to track a user across multiple platforms.

摘要翻译： 提供了改进的入侵检测和/或跟踪方法和系统，用于跨越各种计算设备和网络。 例如，某些方法在每个认证/登录过程期间形成基本唯一的审计标识符。 一种方法包括识别与认证/登录过程相关联的一个或多个基本上唯一的参数并将其加密以形成至少一个审核标识符，然后可以由认证/登录过程中涉及的每个设备生成和记录。 然后可以将生成的审核日志文件与来自其他设备的类似审核日志文件一起审核，以跨多个平台跟踪用户。

公开(公告)号：US07591010B2

公开(公告)日：2009-09-15

申请号：US11039637

申请日：2005-01-19

申请人： Art Shelest ,  Scott A. Field ,  Subhashini Raghunathan

发明人： Art Shelest ,  Scott A. Field ,  Subhashini Raghunathan

IPC分类号： G06F9/00 ,  G06F15/16 ,  G06F17/00

CPC分类号： G06F21/55

摘要： A method and system that enables a security policy to separate developer-provided detection criteria from an administrator-provided custom policy is provided. The security system allows a developer of detection criteria to provide a signature file containing the signatures that are available for use by a security policy. The security system also allows an administrator of a computer system to specify a custom policy that uses the signatures of the signature file. The developer may distribute the signature file to host computer systems independently of the administrator's distribution of the rules of the custom policy to the host computer systems. When a security enforcement event occurs at the host computer system, the security system applies the rules of the security policy to the event.

摘要翻译： 提供了一种使安全策略能够将开发人员提供的检测标准与管理员提供的自定义策略分开的方法和系统。 安全系统允许检测标准的开发者提供包含可由安全策略使用的签名的签名文件。 安全系统还允许计算机系统的管理员指定使用签名文件签名的自定义策略。 开发人员可以将签名文件分发到主机计算机系统，而不管管理员将自定义策略的规则分发给主机系统。 当主机计算机系统发生安全执行事件时，安全系统将安全策略的规则应用于事件。

公开(公告)号：US20090007100A1

公开(公告)日：2009-01-01

申请号：US11769916

申请日：2007-06-28

申请人： Scott A. Field ,  Brandon Baker

发明人： Scott A. Field ,  Brandon Baker

IPC分类号： G06F9/455 ,  H04L9/32

CPC分类号： G06F21/562 ,  G06F9/45558 ,  G06F21/53 ,  G06F21/566 ,  G06F2009/45575 ,  G06F2009/45587

摘要： Techniques described herein enable virtualizing a processor into one or more virtual machines and suspending an operating system of one of the virtual machines from outside of the operating system environment. Once suspended, these techniques capture a snapshot of the virtual machine to determine a presence of malware. This snapshot may also be used to determine whether an unauthorized change has occurred within contents of the virtual machine. Remedial action may occur responsive to determining a presence of malware or an unauthorized change.

摘要翻译： 这里描述的技术能够将处理器虚拟化为一个或多个虚拟机，并且将虚拟机之一的操作系统从操作系统环境外部挂起。 一旦暂停，这些技术将捕获虚拟机的快照，以确定是否存在恶意软件。 该快照也可以用于确定在虚拟机的内容内是否发生未经授权的更改。 响应于确定恶意软件的存在或未经授权的更改可能会发生补救措施。

公开(公告)号：US20080235790A1

公开(公告)日：2008-09-25

申请号：US11690631

申请日：2007-03-23

申请人： Vikas Malhotra ,  Scott A. Field ,  Jaroslav Dunajsky

发明人： Vikas Malhotra ,  Scott A. Field ,  Jaroslav Dunajsky

IPC分类号： G06F7/04

CPC分类号： G06F21/604 ,  G06F2221/2141

摘要： A secure web hosting system is provided. In various embodiments, the secure web hosting system identifies an application that is to be loaded, creates a security token that is unique to the computer system and based on a name of the identified application, receives a request to load the identified application, and creates a process in which to load the identified application, the process having security attributes associated with the created security token. In various embodiments, the secure web hosting system includes an isolation service component that creates a security token based on an application name of an application identified by the configuration file.

摘要翻译： 提供安全的网络托管系统。 在各种实施例中，安全网络托管系统识别要加载的应用，创建对于计算机系统是唯一的安全令牌，并且基于所标识的应用的名称，接收加载所识别的应用的请求，并创建 加载所识别的应用的过程，该过程具有与所创建的安全令牌相关联的安全属性。 在各种实施例中，安全web托管系统包括基于由配置文件标识的应用的应用名称来创建安全令牌的隔离服务组件。