-
41.发明申请TECHNIQUES FOR SECURING A CHECKED-OUT VIRTUAL MACHINE IN A VIRTUAL DESKTOP INFRASTRUCTURE 有权在虚拟桌面基础设施中安全检查虚拟机的技术公开(公告)号:US20120240181A1
公开(公告)日:2012-09-20
申请号:US13049480
申请日:2011-03-16
IPC分类号: G06F21/00
CPC分类号: G06F21/57 , G06F9/452 , G06F9/45558 , G06F21/53
摘要: Techniques for securing checked-out virtual machines in a virtual desktop infrastructure (VDI) are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for securing a checked-out guest virtual machine including receiving a request for checking-out a guest virtual machine hosted by a server network element, wherein checking-out the guest virtual machine comprises transferring hosting of the guest virtual machine from the server network element to a client network element. The method for securing a checked-out guest virtual machines may also include configuring a security module for the guest virtual machine in order to secure the guest virtual machine and providing the security module to the guest virtual machine when the guest virtual machine is checked-out.
摘要翻译: 公开了在虚拟桌面基础设施(VDI)中确保检出的虚拟机的技术。 在一个特定的示例性实施例中,这些技术可以被实现为用于保护被检出的客户虚拟机的方法,包括接收由服务器网络元件托管的访客虚拟机的检出请求,其中,检出来宾虚拟机 包括将来宾虚拟机的主机从服务器网络元件传送到客户端网络元件。 用于保护签出来宾虚拟机的方法还可以包括:为访客虚拟机配置安全模块,以便在访客虚拟机被检出时保护访客虚拟机并将该安全模块提供给客体虚拟机 。
-
42.发明授权Systems and methods for determining whether to perform a computing operation that is optimized for a specific storage-device-technology type 有权用于确定是否执行针对特定存储设备技术类型而优化的计算操作的系统和方法公开(公告)号:US08140804B1
公开(公告)日:2012-03-20
申请号:US12337132
申请日:2008-12-17
CPC分类号: G06F3/0653 , G06F3/0605 , G06F3/0634 , G06F3/0679
摘要: A computer-implemented method for determining whether to perform a computing operation that is optimized for a specific storage-device-technology type may comprise: 1) performing at least one proximate read operation by accessing a control location on a storage device and then accessing a test location on the storage device that is logically proximate to the control location, 2) performing at least one remote read operation by accessing a test location on the storage device that is logically remote from the control location, 3) determining, by comparing a length of time to access the proximate test location with a length of time to access the remote test location, a technology type of the storage device, and then 4) determining, based on the technology type of the storage device, whether to perform the computing operation. Corresponding systems and computer-readable media are also disclosed.
摘要翻译: 用于确定是否执行针对特定存储设备技术类型优化的计算操作的计算机实现的方法可以包括:1)通过访问存储设备上的控制位置并且然后访问 在逻辑上靠近控制位置的存储设备上的测试位置,2)通过访问逻辑上远离控制位置的存储设备上的测试位置来执行至少一个远程读取操作,3)通过比较长度 的时间以访问远程测试位置的时间长度,存储设备的技术类型,然后4)基于存储设备的技术类型来确定是否执行计算操作 。 还公开了相应的系统和计算机可读介质。
-
公开(公告)号:US08104083B1
公开(公告)日:2012-01-24
申请号:US12059622
申请日:2008-03-31
CPC分类号: G06F21/53 , G06F9/4401 , G06F9/45558 , G06F21/56 , G06F2009/45579
摘要: A method includes creating a first virtual machine comprising a remote file system. The method further includes causing all input/output from a second virtual machine to be redirected to the remote file system, the first virtual machine and the second virtual machine being on a single physical computer. The file system is securely protected from any malicious code executing on the second virtual machine by the hardware enforced partitioning between the first virtual machine and the second virtual machine.
摘要翻译: 一种方法包括创建包括远程文件系统的第一虚拟机。 该方法还包括使得来自第二虚拟机的所有输入/输出被重定向到远程文件系统,第一虚拟机和第二虚拟机位于单个物理计算机上。 通过在第一虚拟机和第二虚拟机之间的硬件强制分区,文件系统被安全地保护免受在第二虚拟机上执行的任何恶意代码。
-
公开(公告)号:US07472418B1
公开(公告)日:2008-12-30
申请号:US10643564
申请日:2003-08-18
CPC分类号: G06F21/566 , G06F21/56 , H04L63/1425
摘要: Inbound and outbound traffic on a computer system are intercepted and compared to determine if the presence of malicious code is indicated. Outbound traffic that is sufficiently similar to recently received inbound traffic is indicative of the presence of malicious code. In some embodiments, if the presence of malicious code is indicated, the user, as well as other individuals or systems, are notified of the detection. In some embodiments, if desired, protective actions are initiated to hinder or block the propagation of the malicious code from the host computer system to other computer systems, as well as to remove or inactivate the malicious code on the host computer system.
摘要翻译: 拦截和比较计算机系统上的入站和出站流量,以确定是否显示恶意代码的存在。 与最近收到的入站流量非常相似的出站流量表示存在恶意代码。 在一些实施例中,如果指示恶意代码的存在,则向用户以及其他个人或系统通知该检测。 在一些实施例中,如果需要,启动保护动作以阻止或阻止恶意代码从主计算机系统传播到其他计算机系统,以及移除或停用主机计算机系统上的恶意代码。
-
公开(公告)号:US09450960B1
公开(公告)日:2016-09-20
申请号:US12265157
申请日:2008-11-05
IPC分类号: H04L29/06
CPC分类号: H04L63/10 , G06F21/53 , G06F21/568 , G06F21/6218 , H04L63/102 , H04L63/1416
摘要: A method includes creating a virtual machine including a remote file system, a file system service, and a security application. Access to the remote file system is restricted with the security application upon an unknown malicious code outbreak. The more that is known about the threat, the more precise are the restrictions placed upon the file system thus reducing the impact on users of the file system to an absolute minimum.
摘要翻译: 一种方法包括创建包括远程文件系统,文件系统服务和安全应用程序的虚拟机。 在未知的恶意代码爆发时,访问远程文件系统受到安全应用程序的限制。 对威胁的了解越多,对文件系统的限制越准确,从而将对文件系统的用户的影响降到绝对最小。
-
公开(公告)号:US08706745B1
公开(公告)日:2014-04-22
申请号:US12130839
申请日:2008-05-30
CPC分类号: G06F21/564
摘要: A computer-implemented method for determining a file set may include identifying a file set and identifying a key file for the file set. The method may also include transmitting a key-file identifier to a second computing system. A first computing system may receive first and second file identifiers from a second computing system. The first computing system may determine whether the file set comprises a file identified by the first file identifier, and whether the file set comprises a file identified by the second file identifier. The method also includes transmitting a result of the determination to the second computing system. A method for determining a file set on a second computing device is also disclosed. Corresponding systems and computer-readable media are also disclosed.
摘要翻译: 用于确定文件集的计算机实现的方法可以包括识别文件集并且识别文件集的密钥文件。 该方法还可以包括将密钥文件标识符发送到第二计算系统。 第一计算系统可以从第二计算系统接收第一和第二文件标识符。 第一计算系统可以确定文件集是否包括由第一文件标识符标识的文件,以及文件集是否包括由第二文件标识符标识的文件。 该方法还包括将确定的结果发送给第二计算系统。 还公开了一种用于确定在第二计算设备上的文件集的方法。 还公开了相应的系统和计算机可读介质。
-
47.发明授权Enabling selective policy driven propagation of configuration elements between and among a host and a plurality of guests 有权启用主机和多个客户端之间的配置元素的选择性策略驱动的传播公开(公告)号:US08578006B2
公开(公告)日:2013-11-05
申请号:US13074850
申请日:2011-03-29
IPC分类号: G06F15/173
CPC分类号: G06F9/44505
摘要: Configuration elements are selectively propagated between a host and multiple guests, based on a policy. Configuration elements of the host and guests are monitored. Changes made to monitored configuration elements are detected. It is determined whether to propagate changed configuration elements between operating system environments based on the policy. It can be determined to propagate changed configuration element(s) from a source to one or more destinations in response to factors such as the identity and/or classification of the source, or the type, attribute(s), content and/or identity of the changed configuration element(s). The creation of new guests is detected. In response, at least one configuration element from at least one source is automatically propagated to a newly created guest.
摘要翻译: 基于策略,配置元素在主机和多个客户端之间选择性地传播。 监控主机和客户端的配置元素。 检测到对受监视的配置元素进行的更改。 根据策略确定是否在操作系统环境之间传播已更改的配置元素。 响应于诸如源的身份和/或分类或类型,属性,内容和/或身份的因素,可以确定将更改的配置元素从源传播到一个或多个目的地 的更改的配置元素。 检测到新客人的创建。 作为响应,来自至少一个源的至少一个配置元素被自动传播到新创建的访客。
-
48.发明授权Methods and systems for enforcing network access control in a virtual environment 有权在虚拟环境中执行网络访问控制的方法和系统公开(公告)号:US08281363B1
公开(公告)日:2012-10-02
申请号:US12059725
申请日:2008-03-31
IPC分类号: H04L29/06
CPC分类号: H04L29/08846 , G06F2009/45595 , H04L61/2038
摘要: A computer-implemented method may include receiving a request to access a network. The request may be sent from a virtual machine. The method may also include proxying the request to a network-access-control module, receiving a response from the network-access-control module, and transmitting the response to the virtual machine. Proxying the request to the network-access-control module may include assigning the virtual machine a virtual identifier. Proxying the request may also include creating a temporary interface. The temporary interface may be programmed to receive the response from the network-access-control module and transmit the response to the virtual machine. Various other methods, systems, and computer-readable media are also disclosed herein.
摘要翻译: 计算机实现的方法可以包括接收访问网络的请求。 请求可以从虚拟机发送。 该方法还可以包括向网络访问控制模块代理请求,从网络访问控制模块接收响应,以及将响应发送到虚拟机。 向网络访问控制模块代理请求可以包括为虚拟机分配虚拟标识符。 代理请求还可以包括创建临时接口。 临时接口可以被编程为从网络访问控制模块接收响应并将响应发送到虚拟机。 本文还公开了各种其它方法,系统和计算机可读介质。
-
公开(公告)号:US08001049B2
公开(公告)日:2011-08-16
申请号:US11860686
申请日:2007-09-25
IPC分类号: G06Q40/00
CPC分类号: G06Q20/403 , G06Q20/04 , G06Q20/40 , G06Q40/12
摘要: Contextual data is gathered about a user's known location and/or about a user's expected location and generates contextual indicators based on at least a portion of the gathered contextual data. The contextual indicators are provided to one or more relying parties, such as an anti-fraud system to allow the anti-fraud system to more effectively determine the validity of transactions associated with the user, such as credit card transactions associated with the user's credit card.
摘要翻译: 收集关于用户的已知位置和/或关于用户的预期位置的上下文数据,并且基于所收集的上下文数据的至少一部分来生成上下文指示符。 上下文指标被提供给一个或多个依赖方,例如反欺诈系统,以允许反欺诈系统更有效地确定与用户相关联的交易的有效性,诸如与用户的信用卡相关联的信用卡交易 。
-
公开(公告)号:US07827607B2
公开(公告)日:2010-11-02
申请号:US11271656
申请日:2005-11-09
IPC分类号: G06F21/00
CPC分类号: H04L63/20 , H04L63/105 , H04L63/1433 , H04L63/1441
摘要: Security sensor data from intrusion detection system (IDS) sensors, vulnerability assessment (VA) sensors, and/or other security sensors is used to enhance the compliancy determination in a client compliancy system. A database is used to store the security sensor data. In one particular embodiment, a list of device compliance statuses indexed by corresponding identifiers (e.g., IP/MAC addresses) combined from IDS, VA, and/or other security sensing technologies is made available as a non-compliance database for query, so that clients and other compliancy authentication elements can tell that a particular client appears to be out of compliance. A client-side self-policing compliance system is enabled, and can be used in conjunction with automated endpoint compliance policy configuration to reduce system administrator burden.
摘要翻译: 来自入侵检测系统(IDS)传感器,脆弱性评估(VA)传感器和/或其他安全传感器的安全传感器数据用于增强客户端符合性系统中的合规性确定。 数据库用于存储安全传感器数据。 在一个特定实施例中,由IDS,VA和/或其他安全感测技术组合的对应标识符(例如,IP / MAC地址)索引的设备合规性状态列表可用作用于查询的不合规数据库,使得 客户端和其他合规认证元素可以告诉某个客户端似乎不合规。 启用了客户端自我监管合规性系统,并且可以与自动化端点合规策略配置结合使用,以减少系统管理员的负担。
-
-
-
-
-
-
-
-
-
搜索结果
167 条记录 (耗时 0.025 秒)
