利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

27 条记录 (耗时 0.021 秒)

    Distributed policy service
    1.
    发明授权
    Distributed policy service 有权
    分布式政策服务

    公开(公告)号:US08819211B2

    公开(公告)日:2014-08-26

    申请号:US13556769

    申请日:2012-07-24

    申请人: Katherine Barabash Rami Cohen Vinit Jain Renato J. Recio Benny Rochwerger

    发明人: Katherine Barabash Rami Cohen Vinit Jain Renato J. Recio Benny Rochwerger

    IPC分类号: G06F15/173

    CPC分类号: H04L41/0893 H04L63/20

    摘要: According to one embodiment of the present disclosure, an approach is provided in which a policy server receives a request for a policy from a requestor. The policy server identifies an initiating virtual machine; the initial virtual machine's corresponding virtual network; and a destination virtual machine. Next, a policy corresponding to sending data from the first virtual machine to the second virtual machine is selected. The policy includes one or more logical references to the virtual network and does not include a physical reference to a physical entity located on a physical network. In turn, a physical path translation corresponding to the selected policy is identified and sent to the requestor.

    摘要翻译: 根据本公开的一个实施例,提供了一种方法,其中策略服务器从请求者接收对策略的请求。 策略服务器识别启动虚拟机; 初始虚拟机的对应虚拟网络; 和目标虚拟机。 接下来,选择对应于从第一虚拟机向第二虚拟机发送数据的策略。 策略包括对虚拟网络的一个或多个逻辑引用,并且不包括对位于物理网络上的物理实体的物理引用。 反过来,识别对应于所选策略的物理路径转换并将其发送到请求者。

    Method and apparatus for range encoding in TCAM
    4.
    发明授权
    Method and apparatus for range encoding in TCAM 有权
    TCAM范围编码方法及装置

    公开(公告)号:US08468296B1

    公开(公告)日:2013-06-18

    申请号:US12714788

    申请日:2010-03-01

    申请人: Rami Cohen

    发明人: Rami Cohen

    IPC分类号: G06F12/00

    CPC分类号: G11C15/00

    摘要: Aspects of the disclosure provide a method for encoding ranges in a ternary content addressable memory (TCAM). The method includes determining first positive ranges and first negative ranges corresponding to a first encoding range to be encoded in the TCAM. The first encoding range is in association with a first action. The first positive ranges include the first encoding range. The first negative ranges exclude the first encoding range. At least a first positive range and a first negative range are overlapping. Further, the method includes encoding the first positive ranges in first TCAM entries, and encoding the first negative ranges in second TCAM entries. At least one of the second TCAM entries has a higher priority than one of the first TCAM entries. Then, the method includes associating the first TCAM entries to the first action, and associating the second TCAM entries to a reject action.

    摘要翻译: 本公开的方面提供了一种用于对三进制内容可寻址存储器(TCAM)中的范围进行编码的方法。 该方法包括确定与要在TCAM中编码的第一编码范围相对应的第一正范围和第一负范围。 第一编码范围与第一动作相关联。 第一正范围包括第一编码范围。 第一个负范围排除第一编码范围。 至少第一正范围和第一负范围重叠。 此外,该方法包括对第一TCAM条目中的第一正范围进行编码,以及对第二TCAM条目中的第一负范围进行编码。 第二TCAM条目中的至少一个具有比第一TCAM条目之一更高的优先级。 然后,该方法包括将第一TCAM条目与第一动作相关联,以及将第二TCAM条目与拒绝动作相关联。

    Detecting machines compromised with malware
    5.
    发明授权
    Detecting machines compromised with malware 有权
    检测机器受到恶意软件的攻击

    公开(公告)号:US08464341B2

    公开(公告)日:2013-06-11

    申请号:US12177355

    申请日:2008-07-22

    申请人: Rami Cohen

    发明人: Rami Cohen

    IPC分类号: G06F11/00

    CPC分类号: H04L63/145 G06F21/552 H04L51/12 H04L63/1491

    摘要: A computer system can be configured to identify when it has been infected with or otherwise compromised by malware, such as viruses, worms, etc. In one implementation, a computer system receives and installs one or more decoy contacts in a contact store and further installs one or more malware reporting modules that effectively filter outgoing messages. For example, a malware reporting module can redirect messages with a decoy contact address to an alternate inbox associated with the decoy contact. The same malware reporting module, or another module in the system, can also generate one or more reports indicating the presence of malware, either due to detection of the decoy contact address, or due to identifying messages in the decoy contact inbox. The host computer system that sent the message to the decoy contact can then be flagged as infected with malware.

    摘要翻译: 计算机系统可以被配置为识别何时被恶意软件(例如病毒,蠕虫等)感染或以其他方式受到威胁。在一个实现中,计算机系统在联系人存储中接收并安装一个或多个诱饵触点并进一步安装 一个或多个恶意软件报告模块有效地过滤外发消息。 例如,恶意软件报告模块可以将具有诱饵联系人地址的消息重定向到与诱饵联系人相关联的备用收件箱。 相同的恶意软件报告模块或系统中的另一个模块还可以生成一个或多个报告,指示恶意软件的存在,这是由于检测到诱饵联系人地址,或者由于识别诱饵联系人收件箱中的消息。 然后可以将发送消息的主机系统标记为恶意软件。

    Distributed Dynamic Virtual Machine Configuration Service
    6.
    发明申请
    Distributed Dynamic Virtual Machine Configuration Service 有权
    分布式动态虚拟机配置服务

    公开(公告)号:US20130142079A1

    公开(公告)日:2013-06-06

    申请号:US13309041

    申请日:2011-12-01

    申请人: Katherine Barabash Rami Cohen Anna Levin

    发明人: Katherine Barabash Rami Cohen Anna Levin

    IPC分类号: H04L12/28

    CPC分类号: H04L41/0809 G06F9/4411 G06F9/45558 G06F2009/45562 G06F2009/4557 G06F2009/45575 G06F2009/45595 H04L41/082 H04L41/12 H04L61/2015

    摘要: An approach is provided in which a local module receives a discovery message from a virtual network endpoint that is devoid of a corresponding virtual IP address. The local module sends one or more unicast network configuration messages to a dynamic configuration service and, in turn, the local module receives one or more unicast network configuration responses from the dynamic configuration service. One of the unicast network configuration responses includes one or more network configuration parameters. The local module configures the virtual network endpoint according to one or more of the network configuration parameters.

    摘要翻译: 提供了一种方法,其中本地模块从没有相应虚拟IP地址的虚拟网络端点接收发现消息。 本地模块向动态配置服务发送一个或多个单播网络配置消息,本地模块又从动态配置服务接收一个或多个单播网络配置响应。 单播网络配置响应之一包括一个或多个网络配置参数。 本地模块根据一个或多个网络配置参数配置虚拟网络端点。

    Defining And Managing Virtual Networks In Multi-Tenant Virtualized Data Centers
    7.
    发明申请
    Defining And Managing Virtual Networks In Multi-Tenant Virtualized Data Centers 审中-公开
    在多租户虚拟化数据中心中定义和管理虚拟网络

    公开(公告)号:US20130091261A1

    公开(公告)日:2013-04-11

    申请号:US13253338

    申请日:2011-10-05

    申请人: Katherine Barabash Rami Cohen Vinit Jain Renato J. Recio Benny Rochwerger

    发明人: Katherine Barabash Rami Cohen Vinit Jain Renato J. Recio Benny Rochwerger

    IPC分类号: G06F15/173

    CPC分类号: H04L41/5096 H04L63/20

    摘要: An approach is provided in which a computer system selects a virtual domain from multiple virtual domains, which are each overlayed onto a physical network and are independent of physical topology constraints of the physical network. The computer system selects, from the selected virtual domain, a first virtual group that includes one or more first virtual network endpoints. Next, the computer system selects, from the selected virtual domain, a second virtual group that includes one or more second virtual network endpoints. In turn, the computer system creates a logical link policy that includes one or more actions corresponding to sending data between the first virtual group and the second virtual group.

    摘要翻译: 提供了一种方法,其中计算机系统从多个虚拟域中选择虚拟域,每个虚拟域各自覆盖在物理网络上,并且与物理网络的物理拓扑约束无关。 计算机系统从所选择的虚拟域中选择包括一个或多个第一虚拟网络端点的第一虚拟组。 接下来,计算机系统从所选择的虚拟域中选择包括一个或多个第二虚拟网络端点的第二虚拟组。 反过来,计算机系统创建逻辑链路策略,该逻辑链路策略包括与在第一虚拟组和第二虚拟组之间发送数据相对应的一个或多个动作。

    Distributed Policy Service
    8.
    发明申请
    Distributed Policy Service 有权
    分布式政策服务

    公开(公告)号:US20120290703A1

    公开(公告)日:2012-11-15

    申请号:US13556769

    申请日:2012-07-24

    申请人: Katherine Barabash Rami Cohen Vinit Jain Renato J. Recio Benny Rochwerger

    发明人: Katherine Barabash Rami Cohen Vinit Jain Renato J. Recio Benny Rochwerger

    IPC分类号: G06F15/173

    CPC分类号: H04L41/0893 H04L63/20

    摘要: According to one embodiment of the present disclosure, an approach is provided in which a policy server receives a request for a policy from a requestor. The policy server identifies an initiating virtual machine; the initial virtual machine's corresponding virtual network; and a destination virtual machine. Next, a policy corresponding to sending data from the first virtual machine to the second virtual machine is selected. The policy includes one or more logical references to the virtual network and does not include a physical reference to a physical entity located on a physical network. In turn, a physical path translation corresponding to the selected policy is identified and sent to the requestor.

    摘要翻译: 根据本公开的一个实施例,提供了一种方法,其中策略服务器从请求者接收对策略的请求。 策略服务器识别启动虚拟机; 初始虚拟机的对应虚拟网络; 和目标虚拟机。 接下来,选择对应于从第一虚拟机向第二虚拟机发送数据的策略。 策略包括对虚拟网络的一个或多个逻辑引用,并且不包括对位于物理网络上的物理实体的物理引用。 反过来,识别对应于所选策略的物理路径转换并将其发送到请求者。

    Distributed Policy Service
    9.
    发明申请
    Distributed Policy Service 审中-公开

    公开(公告)号:US20120290695A1

    公开(公告)日:2012-11-15

    申请号:US13107434

    申请日:2011-05-13

    申请人: Katherine Barabash Rami Cohen Vinit Jain Renato J. Recio Benny Rochwerger

    发明人: Katherine Barabash Rami Cohen Vinit Jain Renato J. Recio Benny Rochwerger

    IPC分类号: G06F15/16

    CPC分类号: H04L41/0893 H04L63/20

    摘要: According to one embodiment of the present disclosure, an approach is provided in which a policy server receives a request for a policy from a requestor. The policy server identifies an initiating virtual machine; the initial virtual machine's corresponding virtual network; and a destination virtual machine. Next, a policy corresponding to sending data from the first virtual machine to the second virtual machine is selected. The policy includes one or more logical references to the virtual network and does not include a physical reference to a physical entity located on a physical network. In turn, a physical path translation corresponding to the selected policy is identified and sent to the requestor.