AUTOMATED SECURITY CLASSIFICATION AND PROPAGATION OF VIRTUALIZED AND PHYSICAL VIRTUAL MACHINES
    1.
    发明申请
    AUTOMATED SECURITY CLASSIFICATION AND PROPAGATION OF VIRTUALIZED AND PHYSICAL VIRTUAL MACHINES 有权
    虚拟化和物理虚拟机的自动安全分类和传播

    公开(公告)号:US20110138442A1

    公开(公告)日:2011-06-09

    申请号:US12727267

    申请日:2010-03-19

    IPC分类号: G06F21/00

    CPC分类号: G06F21/53 H04L63/20

    摘要: Architecture that provides additional data that can be obtained and employed in security models in order to provide security to services over the service lifecycle. The architecture automatically propagates security classifications throughout the lifecycle of the service, which can include initial deployment, expansion, moving servers, monitoring, and reporting, for example, and further include classification propagation from the workload (computer), classification propagation in the model, classification propagation according to the lineage of the storage location (e.g., virtual hard drive), status propagation in the model and classification based on data stored in the machine.

    摘要翻译: 提供可在安全模型中获取和使用的附加数据的架构,以便在服务生命周期中为服务提供安全性。 该架构在服务的整个生命周期中自动传播安全性分类,其可以包括初始部署,扩展,移动服务器,监视和报告,并且进一步包括来自工作负载(计算机)的分类传播,模型中的分类传播, 根据存储位置(例如,虚拟硬盘驱动器)的沿袭分类传播,模型中的状态传播和基于存储在机器中的数据的分类。

    Automated security classification and propagation of virtualized and physical virtual machines
    2.
    发明授权
    Automated security classification and propagation of virtualized and physical virtual machines 有权
    虚拟化和物理虚拟机的自动安全分类和传播

    公开(公告)号:US08799985B2

    公开(公告)日:2014-08-05

    申请号:US12727267

    申请日:2010-03-19

    IPC分类号: H04L29/06 G06F21/53

    CPC分类号: G06F21/53 H04L63/20

    摘要: Architecture that provides additional data that can be obtained and employed in security models in order to provide security to services over the service lifecycle. The architecture automatically propagates security classifications throughout the lifecycle of the service, which can include initial deployment, expansion, moving servers, monitoring, and reporting, for example, and further include classification propagation from the workload (computer), classification propagation in the model, classification propagation according to the lineage of the storage location (e.g., virtual hard drive), status propagation in the model and classification based on data stored in the machine.

    摘要翻译: 提供可在安全模型中获取和使用的附加数据的架构,以便在服务生命周期中为服务提供安全性。 该架构在服务的整个生命周期中自动传播安全性分类,其可以包括初始部署,扩展,移动服务器,监视和报告,并且还包括来自工作负载(计算机)的分类传播,模型中的分类传播, 根据存储位置(例如,虚拟硬盘驱动器)的沿袭分类传播,模型中的状态传播和基于存储在机器中的数据的分类。

    MODEL BASED SYSTEMS MANAGEMENT IN VIRTUALIZED AND NON-VIRTUALIZED ENVIRONMENTS
    3.
    发明申请
    MODEL BASED SYSTEMS MANAGEMENT IN VIRTUALIZED AND NON-VIRTUALIZED ENVIRONMENTS 有权
    虚拟化和非虚拟化环境中的基于模型的系统管理

    公开(公告)号:US20110138441A1

    公开(公告)日:2011-06-09

    申请号:US12633805

    申请日:2009-12-09

    摘要: Architecture that provides model-based systems management in virtualized and non-virtualized environments. A security component provides security models which define security requirements for services. A management component applies one or more of the security models during the lifecycle of virtual machines and services. The lifecycle can include initial deployment, expansion, moving servers, monitoring, and reporting. The architecture creates a formal description model of how a virtual machine or a service (composition of multiple virtual machines) is secured. The security requirements information can also be fed back to the general management system which uses this information in its own activities such as to guide the placement of workloads on servers can be security related.

    摘要翻译: 在虚拟化和非虚拟化环境中提供基于模型的系统管理的架构。 安全组件提供了定义服务安全性要求的安全模型。 管理组件在虚拟机和服务的生命周期中应用一个或多个安全模型。 生命周期可以包括初始部署,扩展,移动服务器,监控和报告。 该架构创建了如何保护虚拟机或服务(多个虚拟机的组合)的正式描述模型。 安全要求信息也可以反馈给在其自身活动中使用该信息的通用管理系统,以指导服务器上的工作负载的布置可以与安全相关。

    Model based systems management in virtualized and non-virtualized environments
    4.
    发明授权
    Model based systems management in virtualized and non-virtualized environments 有权
    虚拟化和非虚拟化环境中基于模型的系统管理

    公开(公告)号:US08726334B2

    公开(公告)日:2014-05-13

    申请号:US12633805

    申请日:2009-12-09

    IPC分类号: H04L9/00 H04L29/06 G06F21/53

    摘要: Architecture that provides model-based systems management in virtualized and non-virtualized environments. A security component provides security models which define security requirements for services. A management component applies one or more of the security models during the lifecycle of virtual machines and services. The lifecycle can include initial deployment, expansion, moving servers, monitoring, and reporting. The architecture creates a formal description model of how a virtual machine or a service (composition of multiple virtual machines) is secured. The security requirements information can also be fed back to the general management system which uses this information in its own activities such as to guide the placement of workloads on servers can be security related.

    摘要翻译: 在虚拟化和非虚拟化环境中提供基于模型的系统管理的架构。 安全组件提供了定义服务安全性要求的安全模型。 管理组件在虚拟机和服务的生命周期中应用一个或多个安全模型。 生命周期可以包括初始部署,扩展,移动服务器,监控和报告。 该架构创建了如何保护虚拟机或服务(多个虚拟机的组合)的正式描述模型。 安全要求信息也可以反馈给在其自身活动中使用该信息的通用管理系统,以指导服务器上的工作负载的布置可以与安全相关。

    Relations in fuzzing data
    6.
    发明授权
    Relations in fuzzing data 有权
    模糊数据的关系

    公开(公告)号:US08136095B2

    公开(公告)日:2012-03-13

    申请号:US11959469

    申请日:2007-12-19

    IPC分类号: G06F9/44 G06F9/445

    CPC分类号: G06F11/3684

    摘要: A test tool is provided for testing a software component. The tool receives data structured and formatted for processing by the software component. The structured data might conform to a schema defining valid inputs that the software component is able to parse/process. The test tool selects a discrete part of the structured data and fuzzes the selected discrete part. The test tool determines whether there are any parts of the structured data whose validity can be affected by fuzzing of the discrete part of the structured data. The fuzzed discrete part of the structured data is analyzed and a related part of the structured data is updated to be consistent with the fuzzed discrete part. The fuzzing tool passes the structured data with the fuzzed part and the updated part to the software component being tested. The software component is tested by having it process the data.

    摘要翻译: 提供测试工具用于测试软件组件。 该工具接收由软件组件处理的结构化和格式化的数据。 结构化数据可能符合定义有效输入的模式,软件组件能够解析/处理。 测试工具选择结构化数据的离散部分并对所选择的离散部分进行模糊。 测试工具确定是否存在结构化数据的任何部分,其有效性可能受结构化数据的离散部分的模糊影响。 分析结构化数据的模糊离散部分,并将结构化数据的相关部分更新为与模糊离散部分一致。 模糊工具将具有模糊部分和更新部分的结构化数据传递到正在测试的软件组件。 软件组件通过处理数据进行测试。

    Detecting compromised computers by correlating reputation data with web access logs
    7.
    发明授权
    Detecting compromised computers by correlating reputation data with web access logs 有权
    通过将声誉数据与Web访问日志相关联来检测受感染的计算机

    公开(公告)号:US07882542B2

    公开(公告)日:2011-02-01

    申请号:US11824649

    申请日:2007-06-30

    IPC分类号: G06F15/16

    CPC分类号: H04L63/1425 H04L63/308

    摘要: Compromised host computers in an enterprise network environment comprising a plurality of security products called endpoints are detected in an automated manner by an arrangement in which a reputation service provides updates to identify resources including website URIs (Universal Resource Identifiers) and IP addresses (collectively “resources”) whose reputations have changed and represent potential threats or adversaries to the enterprise network. Responsively to the updates, a malware analyzer, which can be configured as a standalone endpoint, or incorporated into an endpoint having anti-virus/malware detection capability, or incorporated into the reputation service, will analyze logs maintained by another endpoint (typically a firewall, router, proxy server, or gateway) to identify, in a retroactive manner over some predetermined time window, those client computers in the environment that had any past communications with a resource that is newly categorized by the reputation service as malicious. Every client computer so identified is likely to be compromised.

    摘要翻译: 在企业网络环境中包含被称为端点的多个安全产品的被破坏的主计算机以自动方式被检测,其中信誉服务提供更新以识别包括网站URI(通用资源标识符)和IP地址(统称为“资源”)的资源 “),其声誉已经改变,代表企业网络的潜在威胁或对手。 响应于更新,可以配置为独立端点或并入具有防病毒/恶意软件检测功能或并入信誉服务的端点的恶意软件分析器将分析由另一个端点(通常为防火墙)维护的日志 ,路由器,代理服务器或网关)以某种预定时间窗口的追溯方式,将与信誉服务新分类的资源的任何过去通信的环境中的那些客户端计算机识别为恶意的。 如此确定的每台客户端计算机都可能受到威胁。

    RELATIONS IN FUZZING DATA
    8.
    发明申请
    RELATIONS IN FUZZING DATA 有权
    相关资料

    公开(公告)号:US20090164478A1

    公开(公告)日:2009-06-25

    申请号:US11959469

    申请日:2007-12-19

    IPC分类号: G06F7/00

    CPC分类号: G06F11/3684

    摘要: A test tool is provided for testing a software component. The tool receives data structured and formatted for processing by the software component. The structured data might conform to a schema defining valid inputs that the software component is able to parse/process. The test tool selects a discrete part of the structured data and fuzzes the selected discrete part. The test tool determines whether there are any parts of the structured data whose validity can be affected by fuzzing of the discrete part of the structured data. The fuzzed discrete part of the structured data is analyzed and a related part of the structured data is updated to be consistent with the fuzzed discrete part. The fuzzing tool passes the structured data with the fuzzed part and the updated part to the software component being tested. The software component is tested by having it process the data.

    摘要翻译: 提供测试工具用于测试软件组件。 该工具接收由软件组件处理的结构化和格式化的数据。 结构化数据可能符合定义有效输入的模式,软件组件能够解析/处理。 测试工具选择结构化数据的离散部分并对所选择的离散部分进行模糊。 测试工具确定是否存在结构化数据的任何部分,其有效性可能受结构化数据的离散部分的模糊影响。 分析结构化数据的模糊离散部分,并将结构化数据的相关部分更新为与模糊离散部分一致。 模糊工具将具有模糊部分和更新部分的结构化数据传递到正在测试的软件组件。 软件组件通过处理数据进行测试。

    Automated identification of firewall malware scanner deficiencies
    9.
    发明申请
    Automated identification of firewall malware scanner deficiencies 审中-公开
    自动识别防火墙恶意软件扫描程序的缺陷

    公开(公告)号:US20080229419A1

    公开(公告)日:2008-09-18

    申请号:US11724705

    申请日:2007-03-16

    IPC分类号: G06F12/14

    摘要: Automated identification of deficiencies in a malware scanner contained in a firewall is provided by correlating incident reports that are generated by desktop protection clients running on hosts in an enterprise that is protected by the firewall. A desktop protection client scans a host for malware incidents, and when detected, analyzes the host's file access log to extract one or more pieces of information about the incident (e.g., identification of a process that placed the infected file on disk, an associated timestamp, file or content type, malware type, hash of such information, or hash of the infected file). The firewall correlates this file access log information with data in its own log to enable the firewall to download the content again and inspect it. If malware is detected, then it is assumed that it was missed when the file first entered the enterprise because the firewall did not have an updated signature. However, if the malware is not detected, then there is a potential deficiency.

    摘要翻译: 通过关联由受防火墙保护的企业中的主机上运行的桌面防护客户端生成的事件报告,可以自动识别防火墙中包含的恶意软件扫描程序中的缺陷。 桌面保护客户端扫描主机以查找恶意软件事件,并在被检测到时分析主机的文件访问日志,以提取有关事件的一条或多条信息(例如,将受感染文件放在磁盘上的进程的标识,相关联的时间戳 ,文件或内容类型,恶意软件类型,此类信息的散列或受感染文件的散列)。 防火墙将该文件访问日志信息与其自己的日志中的数据相关联,以使防火墙能够再次下载内容并进行检查。 如果检测到恶意软件,则假设当文件首次进入企业时,因为防火墙没有更新的签名,所以它被遗漏。 但是,如果没有检测到恶意软件,那么存在潜在的缺陷。