公开(公告)号：US20070162909A1

公开(公告)日：2007-07-12

申请号：US11329984

申请日：2006-01-11

申请人： Pradeep Bahl ,  Narasimha Nagampalli ,  Ramesh Chinta

发明人： Pradeep Bahl ,  Narasimha Nagampalli ,  Ramesh Chinta

IPC分类号： G06F9/46

CPC分类号： G06F21/554 ,  G06F9/468 ,  G06F21/6218

摘要： Techniques for reserving resources in an operating system are provided. The techniques include receiving an indication of an authorization setting specifying a directive and identifying at least a resource, an action, and a principal, configuring to apply the specified directive in relation to the identified action and resource when the principal attempts to perform the identified action in relation to the indicated resource, determining that the principal is attempting to perform the identified action on the identified resource, and applying the specified directive. The techniques function whether or not the resources or principals exist when the resources are reserved.

摘要翻译： 提供了在操作系统中预留资源的技术。 这些技术包括接收指定指令的授权设置的指示，并且至少识别资源，动作和委托人，配置为当主体试图执行所识别的动作时，针对所标识的动作和资源应用所指定的指令 相对于所指示的资源，确定主体正在尝试对所标识的资源执行所识别的动作，并应用指定的指令。 当资源被保留时，该技术是否存在资源或主体。

公开(公告)号：US20060129808A1

公开(公告)日：2006-06-15

申请号：US10993688

申请日：2004-11-19

申请人： Shirish Koti ,  Narasimha Nagampalli ,  Maxim Ivanov ,  Sachin Sheth ,  Emanuel Paleologu ,  Yun Lin ,  Eric Youngblut

发明人： Shirish Koti ,  Narasimha Nagampalli ,  Maxim Ivanov ,  Sachin Sheth ,  Emanuel Paleologu ,  Yun Lin ,  Eric Youngblut

IPC分类号： H04L9/00

CPC分类号： H04L63/0218 ,  H04L63/0263 ,  H04L63/20

摘要： A method and system for distributing and enforcing security policies is provided. A firewall agent executing at a host computer system that is to be protected receives security policies for the enforcement engines responsible for enforcing the security policies on the host computer system. A security policy has rules that each provide a condition and action to be performed when the condition is satisfied. A rule also has a rule type that is used by the distribution system to identify the security components that are responsible for enforcing the rules. To distribute the security policies that have been received at a host computer system, the firewall agent identifies to which enforcement engine a rule applies based in part on rule type. The firewall agent then distributes the rule to the identified enforcement engine, which then enforces the rule.

公开(公告)号：US20070101335A1

公开(公告)日：2007-05-03

申请号：US11266506

申请日：2005-11-03

申请人： Narasimha Nagampalli ,  Pradeep Bahl ,  Ramesh Chinta

发明人： Narasimha Nagampalli ,  Pradeep Bahl ,  Ramesh Chinta

IPC分类号： G06F9/46

CPC分类号： G06F9/4843 ,  G06F9/5027 ,  G06F2209/5018

摘要： A computer-readable medium bearing computer-executable instructions which, when executed on a computer, carry out a method for handling a request for an operating system service is presented. The method comprises receiving a request for execution of an operating system service. The corresponding operating system service is then identified. A unique service identifier that corresponds to the requested operating system service is obtained. A service thread is generated, the thread being associated with an executing process. Storage associated with the service thread is initialized with the unique service identifier. Thereafter, the execution of the service thread is initiated.

摘要翻译： 一种具有计算机可执行指令的计算机可读介质，其在计算机上执行时执行用于处理对操作系统服务的请求的方法。 该方法包括接收执行操作系统服务的请求。 然后识别相应的操作系统服务。 获得与所请求的操作系统服务相对应的唯一服务标识符。 生成服务线程，线程与执行进程相关联。 与服务线程相关联的存储将使用唯一的服务标识符初始化。 此后，启动服务线程的执行。

公开(公告)号：US20070016675A1

公开(公告)日：2007-01-18

申请号：US11181376

申请日：2005-07-13

申请人： Pradeep Bahl ,  Ramesh Chinta ,  Narasimha Nagampalli ,  Scott Field

发明人： Pradeep Bahl ,  Ramesh Chinta ,  Narasimha Nagampalli ,  Scott Field

IPC分类号： G06F15/173

CPC分类号： H04L63/1441 ,  H04L63/101

摘要： A computer system having secured network services is presented. The computer system comprises a processor, a memory, and a network action processing module. The network action processing module processes network actions from one or more network services executing on the computer system. The computer system is further configured to execute at least network service performing network actions in conjunction with the network action processing module. Upon receiving a network action from a network service, the network action processing module determines whether the network action is a valid network action according to a network action control list. If the network action is determined to not be a valid network action, the network action is blocked. Alternatively, if the network action is determined to be a valid network action, the network action is permitted to be completed.

摘要翻译： 提出了一种具有安全网络服务的计算机系统。 计算机系统包括处理器，存储器和网络动作处理模块。 网络动作处理模块处理来自在计算机系统上执行的一个或多个网络服务的网络动作。 该计算机系统进一步被配置为至少执行网络服务，与网络动作处理模块一起执行网络动作。 网络动作处理模块从网络服务接收到网络动作后，根据网络动作控制列表判断网络动作是否为有效的网络动作。 如果网络动作被确定为不是有效的网络动作，则网络动作被阻止。 或者，如果网络动作被确定为有效的网络动作，则允许网络动作被完成。