公开(公告)号：US08745742B1

公开(公告)日：2014-06-03

申请号：US12264101

申请日：2008-11-03

申请人： Sourabh Satish ,  William E. Sobel ,  Bruce McCorkendale

发明人： Sourabh Satish ,  William E. Sobel ,  Bruce McCorkendale

IPC分类号： G06F12/14 ,  G06F7/00 ,  G06F17/30

CPC分类号： G06F7/00 ,  G06F17/30 ,  G06F21/00 ,  G06F21/568

摘要： A computer-implemented method for processing web content may comprise receiving web content encoded with malicious steganographic code. Before presenting the web content, the method may comprise modifying the web content to create modified content such that information conveyed by the malicious steganographic code is at least partially corrupted in the modified content. Additionally, a functionality of the modified content may be at least substantially similar to a functionality of the web content following modification of the web content to create the modified content. Various other methods, computer-readable media, and systems are also disclosed.

摘要翻译： 用于处理网页内容的计算机实现的方法可以包括接收用恶意隐写代码编码的网络内容。 在呈现网络内容之前，该方法可以包括修改网络内容以创建修改的内容，使得恶意隐身代码传达的信息在修改的内容中至少部分地被破坏。 此外，修改的内容的功能可以至少基本上类似于web内容的修改之后的web内容的功能，以创建修改的内容。 还公开了各种其它方法，计算机可读介质和系统。

公开(公告)号：US08713687B2

公开(公告)日：2014-04-29

申请号：US12336668

申请日：2008-12-17

申请人： William E. Sobel ,  Sourabh Satish

发明人： William E. Sobel ,  Sourabh Satish

IPC分类号： G06F7/04 ,  G06F21/12

CPC分类号： H04L63/20 ,  G06F21/125 ,  G06F21/126 ,  G06F21/552 ,  G06F21/577 ,  G06F21/604 ,  H04L63/1433 ,  H04L63/145

摘要： A computer-implemented method for enabling community-tested security features for legacy applications may include: 1) identifying a plurality of client systems, 2) identifying a legacy application on a client system within the plurality of client systems, 3) identifying a security-feature-enablement rule for the legacy application, 4) enabling at least one security feature for the legacy application by executing the security-feature-enablement rule, 5) determining the impact of the security-feature-enablement rule on the health of the legacy application, and then 6) relaying the impact of the security-feature-enablement rule on the health of the legacy application to a server. Various other methods, systems, and computer-readable media are also disclosed.

摘要翻译： 用于实现遗留应用的经社区测试的安全特征的计算机实现的方法可以包括：1）识别多个客户端系统，2）识别多个客户端系统内的客户端系统上的遗留应用; 3） 用于遗留应用的特征启用规则，4）通过执行安全特征启用规则来为遗留应用启用至少一个安全特征，5）确定安全特征使能规则对遗产的健康的影响 应用程序，然后6）将安全功能启用规则的影响中继到传统应用程序的运行状况到服务器。 还公开了各种其它方法，系统和计算机可读介质。

公开(公告)号：US08626675B1

公开(公告)日：2014-01-07

申请号：US12559943

申请日：2009-09-15

申请人： Sourabh Satish

发明人： Sourabh Satish

IPC分类号： G06F15/18

CPC分类号： G06N5/003 ,  G06N5/00

摘要： A computer-implemented method for user-specific tuning of classification heuristics may include: 1) identifying a trusted software component on the computing device that has been excluded from analysis by a classification heuristic, 2) applying the classification heuristic to the trusted software component, 3) determining that the classification heuristic incorrectly classified the trusted software component, and then 4) lowering a confidence score associated with the classification heuristic.

摘要翻译： 用于用户特定的分类启发式调谐的计算机实现方法可以包括：1）通过分类启发式来识别已经从分析排除的计算设备上的可信软件组件，2）将分类启发式应用于可信软件组件， 3）确定分类启发式错误地分类可信软件组件，然后4）降低与分类启发式相关联的置信度分数。

公开(公告)号：US08499350B1

公开(公告)日：2013-07-30

申请号：US12511885

申请日：2009-07-29

申请人： Sourabh Satish

发明人： Sourabh Satish

IPC分类号： G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00

CPC分类号： G06F21/566

摘要： A file on a computer system is evaluated against trust criteria to determine whether the file is compatible with the trust criteria. Responsive to the file being incompatible with the trust criteria, the file is assigned to a package. Files assigned to the package are tracked to determine whether the files collectively perform malicious behavior. The package is convicted as malware responsive to the files in the package collectively performing malicious behavior.

摘要翻译： 根据信任条件对计算机系统上的文件进行评估，以确定文件是否与信任条件兼容。 响应于与信任条件不兼容的文件，该文件被分配给一个包。 跟踪分配给包的文件，以确定文件是否集体执行恶意行为。 该软件包被定罪为恶意软件，响应包中的文件，共同执行恶意行为。

公开(公告)号：US08353058B1

公开(公告)日：2013-01-08

申请号：US12410166

申请日：2009-03-24

申请人： Bruce McCorkendale ,  Sourabh Satish ,  William E. Sobel

发明人： Bruce McCorkendale ,  Sourabh Satish ,  William E. Sobel

IPC分类号： G08B29/00 ,  G08B23/00 ,  G06F12/14 ,  G06F15/173 ,  H04L9/00

CPC分类号： G06F21/55 ,  G06F21/56 ,  H04L63/1416

摘要： A computer-implemented method for detecting rootkits is disclosed. The computer-implemented method may include sending periodic security communications from a privileged-processor-mode region of a computing device. The computer-implemented method may also include identifying at least one of the periodic security communications. The computer-implemented method may further include determining, based on the periodic security communications, whether the privileged-processor-mode region of the computing device has been compromised. Various other methods, systems, and computer-readable media are also disclosed.

摘要翻译： 公开了一种用于检测rootkit的计算机实现方法。 计算机实现的方法可以包括从计算设备的特权处理器模式区域发送周期性安全通信。 计算机实现的方法还可以包括识别周期性安全通信中的至少一个。 计算机实现的方法还可以包括基于周期性安全通信来确定计算设备的特权处理器模式区域是否已被破坏。 还公开了各种其它方法，系统和计算机可读介质。

公开(公告)号：US08353021B1

公开(公告)日：2013-01-08

申请号：US12242625

申请日：2008-09-30

申请人： Sourabh Satish ,  William E. Sobel

发明人： Sourabh Satish ,  William E. Sobel

IPC分类号： H04L29/06

CPC分类号： H04L63/0263 ,  H04L63/0218

摘要： A security system monitors the trustworthiness and firewall configurations of a set of clients, where a firewall configuration comprises a set of firewall rules that control access by an application to network communication functionalities of a client. Based on the firewall rules used by other clients and the reputation of those clients, the system determines a set of default firewall rules by selecting one or more rules that are used by the more trustworthy clients. The default firewall rules are made available to other clients, which may use these default rules. This leverages community knowledge about how much network access to allow for a particular application.

摘要翻译： 安全系统监视一组客户机的可信赖性和防火墙配置，其中防火墙配置包括控制应用程序对客户端的网络通信功能的访问的一组防​​火墙规则。 根据其他客户端使用的防火墙规则和这些客户端的声誉，系统通过选择一个或多个更可信赖的客户端使用的规则来确定一组默认防火墙规则。 默认防火墙规则对其他客户端可用，可能使用这些默认规则。 这有助于社区关于允许特定应用程序访问多少网络的知识。

公开(公告)号：US08250085B1

公开(公告)日：2012-08-21

申请号：US12338943

申请日：2008-12-18

申请人： Sourabh Satish

发明人： Sourabh Satish

IPC分类号： G06F7/00

CPC分类号： G06Q10/10 ,  G06F21/552 ,  G06F21/645

摘要： A method and system for improving data loss prevention via cross leveraging fingerprints of protected data is described. In one embodiment, fingerprints of sensitive data of multiple organizations are shared across data loss prevention (DLP) systems of these organizations. A DLP system of each organization monitors information content associated with this organization to detect sensitive data of other organizations, and notifies one or more users within the organization upon detecting sensitive data of other organizations. In addition, a report of external data loss detection is provided to users within an organization whose sensitive data is detected in information content of the other organizations.

摘要翻译： 描述了一种通过交叉利用受保护数据指纹来改善数据丢失预防的方法和系统。 在一个实施例中，多个组织的敏感数据的指纹在这些组织的数据丢失预防（DLP）系统之间共享。 每个组织的DLP系统监视与该组织相关联的信息内容以检测其他组织的敏感数据，并在检测到其他组织的敏感数据后通知组织内的一个或多个用户。 另外，在其他组织的信息内容中检测到敏感数据的组织内的用户提供外部数据丢失检测报告。

公开(公告)号：US08239953B1

公开(公告)日：2012-08-07

申请号：US12412232

申请日：2009-03-26

申请人： Sourabh Satish ,  William E. Sobel

发明人： Sourabh Satish ,  William E. Sobel

IPC分类号： G06F11/00

CPC分类号： H04L63/105

摘要： A security module manages differences in hygiene by applying differing levels of security policy to interactions of users with clients according to separate hygiene of the users and the clients. The module monitors computer security practices of clients and users in an environment, and uses this to client a machine hygiene score for a given client and a user hygiene score for a given user. The scores represent an assessment of the trustworthiness of the client and of the user. The module dynamically combines the scores computed for an interaction between the given user and given client, and applies a level of security policy to the interaction accordingly, determining what activities can be performed on the client based on the level of policy applied.

摘要翻译： 安全模块通过根据用户和客户端的不同卫生情况，将不同级别的安全策略应用于用户与客户端的互动，从而管理卫生方面的差异。 该模块在环境中监视客户端和用户的计算机安全实践，并使用它来为给定客户端的客户端提供机器卫生分数，以及给定用户的用户卫生评分。 分数表示对客户端和用户的可信度的评估。 该模块动态地组合为给定用户和给定客户端之间的交互计算的分数，并且相应地将一级安全策略应用于交互，基于所应用的策略级别来确定可以在客户端上执行哪些活动。

公开(公告)号：US08214878B1

公开(公告)日：2012-07-03

申请号：US12238356

申请日：2008-09-25

申请人： Brian Hernacki ,  Sourabh Satish ,  William E. Sobel

发明人： Brian Hernacki ,  Sourabh Satish ,  William E. Sobel

IPC分类号： H04L29/00

CPC分类号： G06F9/45558 ,  G06F2009/4557

摘要： When copying a guest from a source virtual environment to a target virtual environment, policy control of the target environment is provided. A configuration specification is created based on the source virtual environment and the guest to be copied. The configuration specification contains specific policies and/or requirements of the guest. The guest and the configuration specification are copied to the target virtual environment. The target virtual environment is examined to determine whether it is compliant with the copied configuration specification. If so, the copied guest runs in the target virtual environment. If not, the target virtual environment can be modified to be in compliance with the configuration specification.

摘要翻译： 将guest虚拟机从源虚拟环境复制到目标虚拟环境时，将提供目标环境的策略控制。 基于源虚拟环境和要复制的guest虚拟机创建配置规范。 配置规范包含客户的特定策略和/或要求。 guest虚拟机和配置规范被复制到目标虚拟环境中。 检查目标虚拟环境以确定其是否符合复制的配置规范。 如果是这样，复制的客户端将在目标虚拟环境中运行。 如果没有，则可以修改目标虚拟环境以符合配置规范。

公开(公告)号：US08181028B1

公开(公告)日：2012-05-15

申请号：US12140993

申请日：2008-06-17

申请人： Brian Hernacki ,  Sourabh Satish

发明人： Brian Hernacki ,  Sourabh Satish

IPC分类号： G06F21/00

CPC分类号： G06F21/575 ,  G06F21/31 ,  G06F2221/2143 ,  G06Q20/3829 ,  H04L63/062 ,  H04L63/083 ,  H04L2463/062

摘要： In one embodiment, a key list entry corresponding to a user's private key is securely deleted from a key list of a user device on shutdown of the user device. Subsequently, input of the user's private key will not allow decryption of an encrypted partition storing encrypted data on the user device. In another embodiment, a key list entry corresponding to a user's private key is automatically and securely re-provisioned on boot up of the user device. Subsequently, input of the user's private key will allow decryption of the encrypted partition on the user device.

摘要翻译： 在一个实施例中，在用户设备关机时，从用户设备的密钥列表中安全地删除与用户私钥相对应的密钥列表条目。 随后，用户私钥的输入将不允许对在用户设备上存储加密数据的加密分区进行解密。 在另一个实施例中，在用户设备的启动时，自动且安全地重新配置对应于用户私钥的密钥列表条目。 随后，用户私钥的输入将允许对用户设备上的加密分区进行解密。