-
公开(公告)号:US20090043823A1
公开(公告)日:2009-02-12
申请号:US12102672
申请日:2008-04-14
申请人: LIVIU IFTODE , Stephen Smaldone , Aniruddha Bohra
发明人: LIVIU IFTODE , Stephen Smaldone , Aniruddha Bohra
IPC分类号: G06F17/30
CPC分类号: G06F17/3007
摘要: According to various embodiments of the invention, a system and method for controlling a file system. In some embodiments, a control plane interposes between a data plane user and a data plane, intercepts file system operations, and performs control plane operations upon the file system operations. In one such embodiment, the system and method is implemented between a data plane user that is a local file system user and a data plane that is a local file system. In another such embodiment, the system and method is implemented between a data plane user that is a client and a data plane that is a file server. Furthermore, for an embodiment where the control plane that interposes between a client and a file server, the control plane can be implemented as a file system proxy. Control plane operations include, but are not limited to, observation, verification, and transformation of a file system operation.
摘要翻译: 根据本发明的各种实施例,一种用于控制文件系统的系统和方法。 在一些实施例中,控制平面介于数据平面用户与数据平面之间,拦截文件系统操作,并在文件系统操作时执行控制平面操作。 在一个这样的实施例中,系统和方法在作为本地文件系统用户的数据平面用户和作为本地文件系统的数据平面之间实现。 在另一个这样的实施例中,系统和方法在作为客户机的数据平面用户和作为文件服务器的数据平面之间实现。 此外,对于在客户机和文件服务器之间插入的控制平面的实施例,控制平面可以被实现为文件系统代理。 控制平面操作包括但不限于文件系统操作的观察,验证和转换。
-
公开(公告)号:US10693853B2
公开(公告)日:2020-06-23
申请号:US12842279
申请日:2010-07-23
申请人: Gang Xu , Cristian Borcea , Liviu Iftode
发明人: Gang Xu , Cristian Borcea , Liviu Iftode
摘要: A non-transitory computer-readable storage medium storing a set of instructions executable by a processor. The set of instructions is operable to receive a request from a node to join a trusted ad hoc network. The set of instructions is further operable to authenticate the node to join the trusted ad hoc network. The authentication is performed based on a verification that the node will comply with a security policy of the trusted ad hoc network. The set of instructions is further operable to send, to the node, a verification that the trusted ad hoc network complies with the security policy. The set of instructions is further operable to add the node to the trusted ad hoc network.
-
公开(公告)号:US07930733B1
公开(公告)日:2011-04-19
申请号:US11400876
申请日:2006-04-10
申请人: Liviu Iftode , Gang Xu
发明人: Liviu Iftode , Gang Xu
IPC分类号: G06F7/04
CPC分类号: G06F21/52 , G06F21/575 , G06F2221/2103
摘要: A system and method of providing trusted service transactions includes associating a commitment with a remote service. The commitment includes a trusted list of runtime dependencies to execute a transaction. The method includes monitoring an actual list of runtime dependencies invoked during execution of the transaction using a trusted monitor. Execution is blocked if a deviation of the actual list from the trusted list is detected. Therefore, a completed transaction is allowed only if no deviation is found between the trusted and invoked list of runtime dependencies. A certificate authority in cooperation with software vendors preferably provide a signed commitment. The commitment is delivered by the provider to a user upon request and verified by the requester. The transaction is then executed by the user. Therefore, trust is verified before and during the transaction and privacy of data is guaranteed after completion.
摘要翻译: 提供可信服务事务的系统和方法包括将承诺与远程服务相关联。 承诺包括执行事务的运行时依赖关系的受信任列表。 该方法包括使用可信监视器监视在执行事务期间调用的运行时依赖关系的实际列表。 如果检测到实际列表与受信任列表的偏差,则执行被阻止。 因此,只有在受信任和调用的运行时依赖关系列表之间没有发现偏差的情况下,才允许完成的事务。 与软件供应商合作的认证机构最好提供签署的承诺。 承诺由供应商根据请求提供给用户并由请求者验证。 然后由用户执行事务。 因此,在交易之前和期间对信任进行了验证,完成后保证数据的隐私。
-
4.发明授权Balancing malware rootkit detection with power consumption on mobile devices 有权在移动设备上平衡恶意软件rootkit检测功耗公开(公告)号:US08566935B2
公开(公告)日:2013-10-22
申请号:US13106479
申请日:2011-05-12
申请人: Horacio Andres Lagar-Cavilla , Jeffrey Bickford , Vinod Ganapathy , Liviu Iftode , Alexander Varshavsky
发明人: Horacio Andres Lagar-Cavilla , Jeffrey Bickford , Vinod Ganapathy , Liviu Iftode , Alexander Varshavsky
CPC分类号: G06F21/56 , G06F21/577 , G06F21/81 , H04W12/12 , Y02D70/1224 , Y02D70/142 , Y02D70/144 , Y02D70/164
摘要: The subject disclosure presents a novel technique for balancing the tradeoff between security monitoring and energy consumption on mobile devices. Security/energy tradeoffs for host-based detectors focusing on rootkits are analyzed along two axes: a scanning frequency, and a surface of attack. Experimental results are applied to a hypervisor-based framework, and a sweet spot is identified to minimize both energy consumption and a window of vulnerability for critical operating system objects such as code pages and kernel data.
摘要翻译: 该主题公开提出了一种用于平衡移动设备上的安全监控和能量消耗之间的权衡的新颖技术。 主要针对rootkit的主机检测器的安全/能量权衡分析了两个轴:扫描频率和攻击面。 实验结果应用于基于虚拟机管理程序的框架,并且确定了一个最佳点,以最小化关键操作系统对象(如代码页和内核数据)的能耗和脆弱性窗口。
-
5.发明申请Balancing Malware Rootkit Detection with Power Consumption on Mobile Devices 有权在移动设备上平衡恶意软件Rootkit检测功耗公开(公告)号:US20120291126A1
公开(公告)日:2012-11-15
申请号:US13106479
申请日:2011-05-12
申请人: Horacio Andres Lagar-Cavilla , Jeffrey Bickford , Vinod Ganapathy , Liviu Iftode , Alexander Varshavsky
发明人: Horacio Andres Lagar-Cavilla , Jeffrey Bickford , Vinod Ganapathy , Liviu Iftode , Alexander Varshavsky
IPC分类号: G06F21/00
CPC分类号: G06F21/56 , G06F21/577 , G06F21/81 , H04W12/12 , Y02D70/1224 , Y02D70/142 , Y02D70/144 , Y02D70/164
摘要: The subject disclosure presents a novel technique for balancing the tradeoff between security monitoring and energy consumption on mobile devices. Security/energy tradeoffs for host-based detectors focusing on rootkits are analyzed along two axes: a scanning frequency, and a surface of attack. Experimental results are applied to a hypervisor-based framework, and a sweet spot is identified to minimize both energy consumption and a window of vulnerability for critical operating system objects such as code pages and kernel data.
摘要翻译: 该主题公开提出了一种用于平衡移动设备上的安全监控和能量消耗之间的权衡的新颖技术。 主要针对rootkit的主机检测器的安全/能量权衡分析了两个轴:扫描频率和攻击面。 实验结果应用于基于虚拟机管理程序的框架,并且确定了一个最佳点,以最小化关键操作系统对象(如代码页和内核数据)的能耗和脆弱性窗口。
-
公开(公告)号:US08332632B2
公开(公告)日:2012-12-11
申请号:US13084614
申请日:2011-04-12
申请人: Liviu Iftode , Gang Xu
发明人: Liviu Iftode , Gang Xu
IPC分类号: H04L29/06
CPC分类号: G06F21/52 , G06F21/575 , G06F2221/2103
摘要: A system and method to ensure trustworthiness of a remote service provided by a service provider. The method includes monitoring runtime dependencies invoked during execution of a service transaction associated with the remote service, the service transaction being requested by a service requester. The method further includes determining whether a deviation exists between the runtime dependencies and a trusted list of dependencies associated with the remote service. The method also includes blocking execution of the service transaction based on determining that the deviation between the runtime dependencies and the trusted list of dependencies exists.
摘要翻译: 一种确保服务提供商提供的远程服务的可信赖性的系统和方法。 该方法包括监视在与远程服务相关联的服务事务的执行期间调用的运行时依赖性,服务请求者请求服务事务。 该方法还包括确定运行时依赖性之间是否存在偏差以及与远程服务相关联的依赖关系的受信任列表。 该方法还包括基于确定运行时依赖关系和可信依赖关系列表之间的偏差存在而阻止服务事务的执行。
-
7.发明申请公开(公告)号:US20120023550A1
公开(公告)日:2012-01-26
申请号:US12842279
申请日:2010-07-23
申请人: Gang Xu , Cristian Borcea , Liviu Iftode
发明人: Gang Xu , Cristian Borcea , Liviu Iftode
IPC分类号: H04L29/06
摘要: A non-transitory computer-readable storage medium storing a set of instructions executable by a processor. The set of instructions is operable to receive a request from a node to join a trusted ad hoc network. The set of instructions is further operable to authenticate the node to join the trusted ad hoc network. The authentication is performed based on a verification that the node will comply with a security policy of the trusted ad hoc network. The set of instructions is further operable to send, to the node, a verification that the trusted ad hoc network complies with the security policy. The set of instructions is further operable to add the node to the trusted ad hoc network.
摘要翻译: 一种非暂时的计算机可读存储介质,其存储可由处理器执行的一组指令。 该组指令可操作以从节点接收请求以加入可信自组织网络。 所述指令集进一步可操作以验证所述节点以加入所述可信自组织网络。 基于验证该节点将遵守可信自组织网络的安全策略来执行认证。 所述指令集进一步可操作以向所述节点发送所述可信自组织网络遵守所述安全策略的验证。 所述指令集进一步可操作以将所述节点添加到所述可信自组织网络。
-
公开(公告)号:US08868626B2
公开(公告)日:2014-10-21
申请号:US12102672
申请日:2008-04-14
申请人: Liviu Iftode , Stephen Smaldone , Aniruddha Bohra
发明人: Liviu Iftode , Stephen Smaldone , Aniruddha Bohra
CPC分类号: G06F17/3007
摘要: According to various embodiments of the invention, a system and method for controlling a file system. In some embodiments, a control plane interposes between a data plane user and a data plane, intercepts file system operations, and performs control plane operations upon the file system operations. In one such embodiment, the system and method is implemented between a data plane user that is a local file system user and a data plane that is a local file system. In another such embodiment, the system and method is implemented between a data plane user that is a client and a data plane that is a file server. Furthermore, for an embodiment where the control plane that interposes between a client and a file server, the control plane can be implemented as a file system proxy. Control plane operations include, but are not limited to, observation, verification, and transformation of a file system operation.
摘要翻译: 根据本发明的各种实施例,一种用于控制文件系统的系统和方法。 在一些实施例中,控制平面介于数据平面用户与数据平面之间,拦截文件系统操作,并在文件系统操作时执行控制平面操作。 在一个这样的实施例中,系统和方法在作为本地文件系统用户的数据平面用户和作为本地文件系统的数据平面之间实现。 在另一个这样的实施例中,系统和方法在作为客户机的数据平面用户和作为文件服务器的数据平面之间实现。 此外,对于在客户机和文件服务器之间插入的控制平面的实施例,控制平面可以被实现为文件系统代理。 控制平面操作包括但不限于文件系统操作的观察,验证和转换。
-
9.发明申请公开(公告)号:US20110258303A1
公开(公告)日:2011-10-20
申请号:US13074252
申请日:2011-03-29
申请人: Badri Nath , Liviu Iftode , Pravin Shankar , Lu Han
发明人: Badri Nath , Liviu Iftode , Pravin Shankar , Lu Han
IPC分类号: G06F15/16
CPC分类号: G06F9/468
摘要: A system and method is disclosed which may comprise receiving, via a computing device, from a first user having a first personal device, a request for sharing access to a resource or a state of a second personal device of a second user, the first user and second user having an on-line social network relationship; and determining whether to grant sharing access to the one of the resource and the state of the second personal device of the second user. Determining whether to grant sharing access may be based, at least in part, upon the nature of the on-line social network relationship. The method and apparatus may comprise registering, via the computing device, an ownership link for a personal device and an owner having a certified identity within the social network; storing the ownership link; and utilizing the ownership link for determining whether to grant sharing access.
摘要翻译: 公开了一种系统和方法,其可以包括经由计算设备从具有第一个人设备的第一用户接收对共享对资源的访问的请求或第二用户的第二个人设备的状态的请求,所述第一用户 第二用户具有在线社交网络关系; 以及确定是否授予对所述第二用户的所述资源和所述第二个人设备的状态中的一个的共享访问。 确定是否授予共享访问可以至少部分地基于在线社交网络关系的性质。 该方法和装置可以包括通过计算设备注册个人设备的所有权链接和在社交网络内具有认证身份的所有者; 存储所有权链接; 并利用所有权链接来确定是否授予共享访问权限。
-
公开(公告)号:US20110191580A1
公开(公告)日:2011-08-04
申请号:US13084614
申请日:2011-04-12
申请人: Liviu Iftode , Gang Xu
发明人: Liviu Iftode , Gang Xu
IPC分类号: H04L29/06
CPC分类号: G06F21/52 , G06F21/575 , G06F2221/2103
摘要: A system and method to ensure trustworthiness of a remote service provided by a service provider. The method includes monitoring runtime dependencies invoked during execution of a service transaction associated with the remote service, the service transaction being requested by a service requester. The method further includes determining whether a deviation exists between the runtime dependencies and a trusted list of dependencies associated with the remote service. The method also includes blocking execution of the service transaction based on determining that the deviation between the runtime dependencies and the trusted list of dependencies exists.
摘要翻译: 一种确保服务提供商提供的远程服务的可信赖性的系统和方法。 该方法包括监视在与远程服务相关联的服务事务的执行期间调用的运行时依赖性,服务请求者请求服务事务。 该方法还包括确定运行时依赖性之间是否存在偏差以及与远程服务相关联的依赖关系的受信任列表。 该方法还包括基于确定运行时依赖关系和可信依赖关系列表之间的偏差存在而阻止服务事务的执行。
-
-
-
-
-
-
-
-
-
搜索结果
11 条记录 (耗时 0.015 秒)
