摘要:
A hygiene-based determination of legitimacy of activities performed by applications on clients is performed. A receiving module receives, from a client, information regarding an application that is performing an activity on the client. A hygiene score module determines a score distribution for hygiene scores of other clients on which the same type of application has performed the same activity. A correlation module correlates the activity being performed by the application on the client with the score distribution for hygiene scores. A reputation computation module computes, based on the correlation, a reputation score for the activity with respect to the application performing the activity. Finally, a legitimacy identification module identifies, based on the reputation score, whether the activity is an illegitimate activity for the application. Where the activity is illegitimate for the application, a malware management module can conduct various techniques for managing the application which is likely infected with malware.
摘要:
To prevent gaming of a reputation system, a security token is generated for a security module using metadata about the client observed during the registration of the security module. The registration server selects metadata for use in generating the security token. The generated security token is provided to identify the client in later transactions. A security server may conduct a transaction with the client and observe metadata about the client during the transaction. The security server also extracts metadata from the security token. The security server correlates the observed metadata during the transaction with the extracted metadata from the security token. Based on the result of the correlation, a security policy is applied. As a result, the metadata in the security token enables stateless verification of the client.
摘要:
Policy-based performance of continuous data protection on protected data. A write request targeted to a portion of the protected data is detected. In addition, a journaling policy data structure(s) is accessed. The journaling policy data structure represents policy for how frequently to journal write request to a backup medium and/or what backup medium to journal write requests to depending on one or more characteristics of write request targets. The journaling policy data structure is then used to determine whether the write request should be presently journaled and/or to identify the backup medium that the write request should be journaled to based on the one or more characteristics of the portion of the protected data targeted by the write request. The journaling policy may, but need not, be selected so as to preserve storage and/or network bandwidth associated with the journaling process.
摘要:
Methods, apparati, and computer-readable media for protecting computer code (1) from malicious retrievers (3). A method embodiment of the present invention comprises the steps of generating (22) retrieval information characteristic of data sent to a retriever (3) by the computer code (1) in response to a retrieval command (5) issued by the retriever (3); accessing at least one rule (6) using at least some of said retrieval information as an input to said at least one rule (6); and, when said at least one rule (6) informs that the retrieval is not acceptable, flagging (28) the retrieval command (5) as suspicious.
摘要:
Incremental updating of a file (100) that has been rebased or realigned is accomplished through the use of a canonical form (100B). In terms of rebasing, a canonical form (100B) is one that has been rebased to a predetermined base address (104). In one embodiment this predetermined base address (104) is zero. In terms of realigning, a canonical form (100B) is one that has been realigned in a predetermined way. In one embodiment, the segments (110) of the file (100) are realigned such that there is no gap (114) between the end of one segment (110) and the start of the next segment (110). In another embodiment, the segments (110) of the file (100) are realigned to page boundaries (112) of a predetermined size. An incremental update (124) for the file (100) is determined that transforms the file from the canonical form (100B) to the desired update form (100C). The process of updating the file (100) comprises transforming the file (100) to the canonical form (100B) and applying the incremental update (124) to the canonical form (100B).
摘要:
Techniques are disclosed that enable extrusion detection (i.e., outgoing confidential information from an enterprise or other entity). The techniques operate to detect outgoing confidential information at the gateway and/or the client, even if that confidential information is encrypted, compressed, or otherwise obfuscated before transmission (e.g., via email or to a portable storage media such as a memory stick).
摘要:
A method and apparatus for preventing leakage of sensitive information from a computer is described. The method includes identifying data entered into the computer system as sensitive data, tainting the sensitive data with at least one taint bit to form a tainted data, tracking the tainted data within the computer system and identifying at least one condition that compromises the security of the tainted data. The system is a computer system including taint analysis software for identifying data entered into the computer system as sensitive data, tainting the sensitive data with at least one taint bit to form a tainted data, tracking the tainted data within the computer system and identifying at least one condition that compromises the security of the tainted data.
摘要:
A method, system and computer-readable medium for encrypting a file on a computer system based on the content of the file. The method is setting an encryption policy, wherein the encryption policy is at least one attribute related to content of at least one file, scanning at least one file on a computer system for content, matching the content of the scanned at least one file to the at least one attribute set in the encryption policy and encrypting the scanned at least one file with a key in response to a match between the content of the scanned at least one file and the at least one attribute set in the encryption policy. The system is a computer system that includes policy-based encryption software that performs the steps embodied by the method.
摘要:
Methods, apparati, and computer-readable media for matching patterns of symbols within computer systems. A method embodiment of the present invention comprises composing (11) a pattern matching expression; and embedding (12) a function using storage means within the expression to form a character matching string. The expression may be a regular expression. The character matching string is compared (13) against a target string. The target string may be one that is suspected to contain malicious computer code.
摘要:
An outgoing e-mail manager inserts headers into outgoing e-mail messages originating from at least one source on a computer. Each header includes data concerning the source of the e-mail. An e-mail header manager monitors an e-mail stream, and reads headers inserted into e-mail messages. The e-mail header manager applies a security policy to e-mail messages, responsive to the contents of the inserted headers.