-
公开(公告)号:US08839422B2
公开(公告)日:2014-09-16
申请号:US12827203
申请日:2010-06-30
申请人: Anup K Ghosh , Sushil Jajodia , Yih Huang , Jiang Wang
发明人: Anup K Ghosh , Sushil Jajodia , Yih Huang , Jiang Wang
CPC分类号: G06F21/53 , G06F9/54 , G06F21/56 , G06F21/568 , G06F2209/541 , G06F2221/034 , H04L63/1408 , H04L63/1483
摘要: An embodiment for providing a secure virtual browsing environment includes creating a virtual browsing environment with a virtualized operating system sharing an operating system kernel of a supporting operating system and executing the browser application within the virtual browsing environment. Another embodiment includes receiving a website selection within a browser application, determining if the website selection corresponds to a secure bookmark, and creating a second virtual browsing environment and executing the browser application within the second virtual browsing environment to access the website selection when the website selection corresponds to a website specified as a secure bookmark. Yet another embodiment includes monitoring operation of the operating system within the at least one virtual browsing environment, determining when the operation of the operating system includes potential malicious activity, and terminating the virtual browsing environment when the operation includes potential malicious activity.
摘要翻译: 用于提供安全虚拟浏览环境的实施例包括利用共享支持操作系统的操作系统内核并在虚拟浏览环境中执行浏览器应用的虚拟操作系统创建虚拟浏览环境。 另一个实施例包括在浏览器应用程序内接收网站选择,确定网站选择是否对应于安全书签,以及创建第二虚拟浏览环境并在第二虚拟浏览环境中执行浏览器应用程序以在网站选择时访问网站选择 对应于指定为安全书签的网站。 另一个实施例包括在至少一个虚拟浏览环境中监视操作系统的操作,确定操作系统的操作何时包括潜在的恶意活动,以及当操作包括潜在的恶意活动时终止虚拟浏览环境。
-
公开(公告)号:US08856782B2
公开(公告)日:2014-10-07
申请号:US12037412
申请日:2008-02-26
申请人: Anup K Ghosh , Sushil Jajodia , Yih Huang , Jiang Wang
发明人: Anup K Ghosh , Sushil Jajodia , Yih Huang , Jiang Wang
CPC分类号: G06F9/45533 , G06F9/45558 , G06F21/53 , G06F2009/45562 , G06F2009/45575
摘要: An on-demand disposable virtual work system that includes: a virtual machine monitor to host virtual machines, a virtual machine pool manager, a host operating system, a host program permissions list, and a request handler module. The virtual machine pool manager manages virtual machine resources. The host operating system interfaces with a user and virtual machines created with an image of a reference operating system. The host program permissions list may be a black list and/or a white list used to indicate allowable programs. The request handler module allows execution of the program if the program is allowable. If the program is not allowable, the host request handler module: denies program execution and urges a virtual machine specified by the virtual machine pool manager to execute the program. The virtual machine is terminated when the program closes.
摘要翻译: 一种按需一次性虚拟工作系统,其包括:虚拟机监视器以托管虚拟机,虚拟机池管理器,主机操作系统,主机程序许可列表和请求处理程序模块。 虚拟机池管理器管理虚拟机资源。 主机操作系统与用户以及使用参考操作系统映像创建的虚拟机进行接口。 主机程序许可列表可以是用于指示允许的程序的黑名单和/或白名单。 如果程序是允许的,请求处理程序模块允许执行程序。 如果程序不允许,主机请求处理程序模块:拒绝程序执行,并且敦促由虚拟机池管理器指定的虚拟机执行该程序。 虚拟机在程序关闭时终止。
-
公开(公告)号:US20090125902A1
公开(公告)日:2009-05-14
申请号:US12037412
申请日:2008-02-26
申请人: Anup K. Ghosh , Sushil Jajodia , Yih Huang , Jiang Wang
发明人: Anup K. Ghosh , Sushil Jajodia , Yih Huang , Jiang Wang
IPC分类号: G06F9/455
CPC分类号: G06F9/45533 , G06F9/45558 , G06F21/53 , G06F2009/45562 , G06F2009/45575
摘要: An on-demand disposable virtual work system that includes: a virtual machine monitor to host virtual machines, a virtual machine pool manager, a host operating system, a host program permissions list, and a request handler module. The virtual machine pool manager manages virtual machine resources. The host operating system interfaces with a user and virtual machines created with an image of a reference operating system. The host program permissions list may be a black list and/or a white list used to indicate allowable programs. The request handler module allows execution of the program if the program is allowable. If the program is not allowable, the host request handler module: denies program execution and urges a virtual machine specified by the virtual machine pool manager to execute the program. The virtual machine is terminated when the program closes.
摘要翻译: 一种按需一次性虚拟工作系统,其包括:虚拟机监视器以托管虚拟机,虚拟机池管理器,主机操作系统,主机程序许可列表和请求处理程序模块。 虚拟机池管理器管理虚拟机资源。 主机操作系统与用户以及使用参考操作系统映像创建的虚拟机进行接口。 主机程序许可列表可以是用于指示允许的程序的黑名单和/或白名单。 如果程序是允许的,请求处理程序模块允许执行程序。 如果程序不允许,主机请求处理程序模块:拒绝程序执行,并且敦促由虚拟机池管理器指定的虚拟机执行该程序。 虚拟机在程序关闭时终止。
-
公开(公告)号:US20110167492A1
公开(公告)日:2011-07-07
申请号:US12827203
申请日:2010-06-30
申请人: Anup K. Ghosh , Sushil Jajodia , Yih Huang , Jiang Wang
发明人: Anup K. Ghosh , Sushil Jajodia , Yih Huang , Jiang Wang
CPC分类号: G06F21/53 , G06F9/54 , G06F21/56 , G06F21/568 , G06F2209/541 , G06F2221/034 , H04L63/1408 , H04L63/1483
摘要: An embodiment for providing a secure virtual browsing environment includes creating a virtual browsing environment with a virtualized operating system sharing an operating system kernel of a supporting operating system and executing the browser application within the virtual browsing environment. Another embodiment includes receiving a website selection within a browser application, determining if the website selection corresponds to a secure bookmark, and creating a second virtual browsing environment and executing the browser application within the second virtual browsing environment to access the website selection when the website selection corresponds to a website specified as a secure bookmark. Yet another embodiment includes monitoring operation of the operating system within the at least one virtual browsing environment, determining when the operation of the operating system includes potential malicious activity, and terminating the virtual browsing environment when the operation includes potential malicious activity.
摘要翻译: 用于提供安全虚拟浏览环境的实施例包括利用共享支持操作系统的操作系统内核并在虚拟浏览环境中执行浏览器应用的虚拟操作系统创建虚拟浏览环境。 另一个实施例包括在浏览器应用程序内接收网站选择,确定网站选择是否对应于安全书签,以及创建第二虚拟浏览环境并在第二虚拟浏览环境中执行浏览器应用程序以在网站选择时访问网站选择 对应于指定为安全书签的网站。 另一个实施例包括在至少一个虚拟浏览环境中监视操作系统的操作,确定操作系统的操作何时包括潜在的恶意活动,以及当操作包括潜在的恶意活动时终止虚拟浏览环境。
-
公开(公告)号:US08719943B2
公开(公告)日:2014-05-06
申请号:US13466706
申请日:2012-05-08
申请人: Steven E Noel , Sushil Jajodia , Eric B Robertson
发明人: Steven E Noel , Sushil Jajodia , Eric B Robertson
IPC分类号: H04L29/06
CPC分类号: H04L41/12 , H04L63/1425
摘要: Disclosed is a system for correlating intrusion events using attack graph distances. The system includes an attack graph generator, an exploit distance calculator, an intrusion detector, an event report/exploit associator, an event graph creator, an event graph distance calculator, a correlation value calculator, and a coordinated attack analyzer. An attack graph is constructed for exploits and conditions in a network. The exploit distance calculator determines exploit distances for exploit pair(s). The intrusion detector generates event. Events are associated with exploits. Event graph distances are calculated. Correlation values are calculated for event pair(s) using event graph distances. The correlation values are analyzed using a correlation threshold to detect coordinated attacks.
摘要翻译: 公开了一种使用攻击图距离来相关入侵事件的系统。 该系统包括攻击图生成器,利用距离计算器,入侵检测器,事件报告/利用关联器,事件图形创建器,事件图距离计算器,相关值计算器和协调攻击分析器。 为网络中的利用和条件构建攻击图。 利用距离计算器确定漏洞利用距离。 入侵检测器生成事件。 事件与漏洞相关联。 计算事件图距离。 使用事件图距离计算事件对的相关值。 使用相关阈值分析相关值以检测协调的攻击。
-
公开(公告)号:US20100192226A1
公开(公告)日:2010-07-29
申请号:US12758135
申请日:2010-04-12
IPC分类号: G06F11/00
CPC分类号: H04L41/12 , H04L63/1425
摘要: Disclosed is a system for correlating intrusion events using attack graph distances. The system includes an attack graph generator, an exploit distance calculator, an intrusion detector, an event report/exploit associator, an event graph creator, an event graph distance calculator, a correlation value calculator, and a coordinated attack analyzer. An attack graph is constructed for exploits and conditions in a network. The exploit distance calculator determines exploit distances for exploit pair(s). The intrusion detector generates event. Events are associated with exploits. Event graph distances are calculated. Correlation values are calculated for event pair(s) using event graph distances. The correlation values are analyzed using a correlation threshold to detect coordinated attacks.
摘要翻译: 公开了一种使用攻击图距离来相关入侵事件的系统。 该系统包括攻击图生成器,利用距离计算器,入侵检测器,事件报告/利用关联器,事件图形创建器,事件图距离计算器,相关值计算器和协调攻击分析器。 为网络中的利用和条件构建攻击图。 利用距离计算器确定漏洞利用距离。 入侵检测器生成事件。 事件与漏洞相关联。 计算事件图距离。 使用事件图距离计算事件对的相关值。 使用相关阈值分析相关值以检测协调的攻击。
-
公开(公告)号:US20100054481A1
公开(公告)日:2010-03-04
申请号:US12548975
申请日:2009-08-27
申请人: Sushil Jajodia , Witold Litwin , Thomas Schwarz
发明人: Sushil Jajodia , Witold Litwin , Thomas Schwarz
CPC分类号: H04L9/085 , H04L9/0897
摘要: Embodiments of the present invention store application data and associated encryption key(s) on at least k+1 remote servers using LH* addressing. At least k+1 buckets are created on separate remote servers. At least k+1 key shares are generated for each of at least one encryption key. Each encryption key has a unique key number. Each key share is stored in a different key share record. Each of the key share records is stored in a different bucket using LH* addressing. Encrypted application data is generated by encrypting the application data with the encryption key(s). The encrypted application data is stored in encrypted data record(s). Each of the encrypted data records is stored in a different bucket among the buckets using LH* addressing.
摘要翻译: 本发明的实施例使用LH *寻址在至少k + 1个远程服务器上存储应用数据和相关联的加密密钥。 在单独的远程服务器上至少创建k + 1个桶。 为至少一个加密密钥中的每一个产生至少k + 1个密钥份额。 每个加密密钥都有唯一的密钥号码。 每个密钥共享存储在不同的密钥共享记录中。 每个密钥共享记录使用LH *寻址存储在不同的存储桶中。 通过使用加密密钥加密应用数据来生成加密的应用数据。 加密的应用数据被存储在加密的数据记录中。 使用LH *寻址将每个加密的数据记录存储在桶中的不同桶中。
-
公开(公告)号:US07627900B1
公开(公告)日:2009-12-01
申请号:US11371930
申请日:2006-03-10
申请人: Steven E. Noel , Sushil Jajodia
发明人: Steven E. Noel , Sushil Jajodia
CPC分类号: H04L41/12 , H04L63/1425
摘要: Disclosed is framework for aggregating network attack graphs. A network may be represented as a dependency graph. Condition set(s), exploit set(s) and machine set(s) may be generated using information from the dependency graph. Exploit-condition set(s) may be generated using the condition set(s) and the exploit set(s). Machine-exploit set(s) may be generated using the exploit-condition set(s) and machine set(s).
摘要翻译: 披露了用于聚合网络攻击图的框架。 网络可以表示为依赖图。 可以使用来自依赖图的信息来生成条件集合,利用集合和机器集合。 可以使用条件集和漏洞集来生成漏洞利用条件集。 可以使用漏洞利用条件集和机器集来生成机器漏洞集。
-
公开(公告)号:US08566269B2
公开(公告)日:2013-10-22
申请号:US11831914
申请日:2007-07-31
申请人: Sushil Jajodia , Lingyu Wang , Anoop Singhal
发明人: Sushil Jajodia , Lingyu Wang , Anoop Singhal
IPC分类号: G06F21/06 , G06F19/28 , G06F15/163
CPC分类号: H04L63/1441
摘要: An attack graph analysis tool that includes a network configuration information input module, a domain knowledge input module, a network configuration information storage module, a domain knowledge storage module, and a result generation module. The network configuration information input module inputs network configuration information. The domain knowledge input module inputs domain knowledge for the network. The network configuration information storage module stores network configuration information in a network database table. The domain knowledge storage module stores the domain knowledge in an exploit database table. The result generation module generates a result using the network database table and exploit database table. The result may be generated in response to a query to a database management system that has access to the network database table and exploit database table. The network may be reconfigured to decrease the likelihood of future attacks using the attack information learned from the result.
摘要翻译: 一种攻击图分析工具,包括网络配置信息输入模块,域知识输入模块,网络配置信息存储模块,域知识存储模块和结果生成模块。 网络配置信息输入模块输入网络配置信息。 域知识输入模块为网络输入域知识。 网络配置信息存储模块将网络配置信息存储在网络数据库表中。 领域知识存储模块将领域知识存储在漏洞利用数据库表中。 结果生成模块使用网络数据库表生成结果并利用数据库表。 响应于对具有访问网络数据库表并利用数据库表的数据库管理系统的查询,可以生成结果。 可以重新配置网络,以使用从结果中学习的攻击信息来减少未来攻击的可能性。
-
公开(公告)号:US08181252B2
公开(公告)日:2012-05-15
申请号:US12758135
申请日:2010-04-12
申请人: Sushil Jajodia , Steven E Noel , Eric B Robertson
发明人: Sushil Jajodia , Steven E Noel , Eric B Robertson
IPC分类号: H04L29/06
CPC分类号: H04L41/12 , H04L63/1425
摘要: Disclosed is a system for correlating intrusion events using attack graph distances. The system includes an attack graph generator, an exploit distance calculator, an intrusion detector, an event report/exploit associator, an event graph creator, an event graph distance calculator, a correlation value calculator, and a coordinated attack analyzer. An attack graph is constructed for exploits and conditions in a network. The exploit distance calculator determines exploit distances for exploit pair(s). The intrusion detector generates event. Events are associated with exploits. Event graph distances are calculated. Correlation values are calculated for event pair(s) using event graph distances. The correlation values are analyzed using a correlation threshold to detect coordinated attacks.
摘要翻译: 公开了一种使用攻击图距离来相关入侵事件的系统。 该系统包括攻击图生成器,利用距离计算器,入侵检测器,事件报告/利用关联器,事件图形创建器,事件图距离计算器,相关值计算器和协调攻击分析器。 为网络中的利用和条件构建攻击图。 利用距离计算器确定漏洞利用距离。 入侵检测器生成事件。 事件与漏洞相关联。 计算事件图距离。 使用事件图距离计算事件对的相关值。 使用相关阈值分析相关值以检测协调的攻击。
-
-
-
-
-
-
-
-
-
搜索结果
32 条记录 (耗时 0.028 秒)
