-
1.发明授权Methods and systems for enforcing network access control in a virtual environment 有权在虚拟环境中执行网络访问控制的方法和系统公开(公告)号:US08281363B1
公开(公告)日:2012-10-02
申请号:US12059725
申请日:2008-03-31
IPC分类号: H04L29/06
CPC分类号: H04L29/08846 , G06F2009/45595 , H04L61/2038
摘要: A computer-implemented method may include receiving a request to access a network. The request may be sent from a virtual machine. The method may also include proxying the request to a network-access-control module, receiving a response from the network-access-control module, and transmitting the response to the virtual machine. Proxying the request to the network-access-control module may include assigning the virtual machine a virtual identifier. Proxying the request may also include creating a temporary interface. The temporary interface may be programmed to receive the response from the network-access-control module and transmit the response to the virtual machine. Various other methods, systems, and computer-readable media are also disclosed herein.
摘要翻译: 计算机实现的方法可以包括接收访问网络的请求。 请求可以从虚拟机发送。 该方法还可以包括向网络访问控制模块代理请求,从网络访问控制模块接收响应,以及将响应发送到虚拟机。 向网络访问控制模块代理请求可以包括为虚拟机分配虚拟标识符。 代理请求还可以包括创建临时接口。 临时接口可以被编程为从网络访问控制模块接收响应并将响应发送到虚拟机。 本文还公开了各种其它方法,系统和计算机可读介质。
-
2.发明授权Secure app ecosystem with key and data exchange according to enterprise information control policy 有权根据企业信息化管理政策,密钥和数据交换安全应用生态系统公开(公告)号:US09286477B2
公开(公告)日:2016-03-15
申请号:US13598248
申请日:2012-08-29
CPC分类号: G06F21/606 , G06F17/30238 , G06F21/604 , H04L63/0428 , H04L63/20
摘要: Multiple apps of an ecosystem on a computer securely exchange encrypted data according to an information control policy of an enterprise, without allowing unauthorized access from outside of the ecosystem. An ecosystem agent creates an ecosystem directory, which contains policy information and identification information concerning each specific app in the ecosystem, including the ecosystem agent. Each ecosystem app generates an asymmetric key pair, the public key of which it shares only with apps in the ecosystem through the directory. The ecosystem agent's private key is used to encrypt the directory. Data is securely communicated between apps in the ecosystem, by encrypting and decrypting messages and data objects with the appropriate ecosystem app keys. Each specific app in the ecosystem complies with enterprise information control policy. Ecosystem apps can read a policy from the directory, and receive policy updates from the enterprise.
摘要翻译: 计算机上生态系统的多个应用程序根据企业的信息控制策略安全地交换加密数据,而不允许从生态系统外面进行未经授权的访问。 生态系统代理创建一个生态系统目录,其中包含有关生态系统中每个特定应用程序(包括生态系统代理)的策略信息和标识信息。 每个生态系统应用程序都会生成一个非对称密钥对,其公钥仅通过目录与生态系统中的应用共享。 生态系统代理的私钥用于加密目录。 通过使用适当的生态系统应用程序密钥加密和解密消息和数据对象,可以在生态系统中的应用程序之间安全地传送数据。 生态系统中的每个具体应用都符合企业信息控制政策。 生态系统应用程序可以从目录中读取策略,并从企业接收策略更新。
-
3.发明授权Enabling selective policy driven seamless user interface presentation between and among a host and a plurality of guests 有权启用选择性策略驱动主机和多个客户端之间和之间的无缝用户界面呈现公开(公告)号:US09075497B1
公开(公告)日:2015-07-07
申请号:US13048668
申请日:2011-03-15
IPC分类号: G06F3/00 , G06F3/0481 , G06F3/01 , G06F1/16
CPC分类号: G06F3/0481 , G06F1/1626 , G06F9/451 , G06F9/45558
摘要: Selective projection of user interface elements between a host and a plurality of guests is provided according to a configurable policy. User interface elements generated by guests and/or the host are captured. It is determined whether to project captured elements into the user interface with which the user is currently interacting, based on the policy. In some cases, it is determined to project a captured element originating from a first user interface into a second user interface with which the user is currently interacting, based on factors such as source, destination, element attributes, element contents and/or element type. Responsive to such a determination, the captured element is projected into the current user interface, thereby presenting the projected element to the user.
摘要翻译: 根据可配置的策略提供主机与多个客户端之间的用户界面元素的选择性投影。 捕获由客人和/或主机生成的用户界面元素。 基于策略确定是否将捕获的元素投射到用户正在与之进行交互的用户界面中。 在一些情况下,基于诸如源,目的地,元素属性,元素内容和/或元素类型的因素,确定将源自第一用户界面的捕获元素投影到用户正在与之进行交互的第二用户界面中 。 响应于这样的确定,捕获的元素被投影到当前用户界面中,从而向用户呈现投影元素。
-
4.发明授权公开(公告)号:US08745742B1
公开(公告)日:2014-06-03
申请号:US12264101
申请日:2008-11-03
CPC分类号: G06F7/00 , G06F17/30 , G06F21/00 , G06F21/568
摘要: A computer-implemented method for processing web content may comprise receiving web content encoded with malicious steganographic code. Before presenting the web content, the method may comprise modifying the web content to create modified content such that information conveyed by the malicious steganographic code is at least partially corrupted in the modified content. Additionally, a functionality of the modified content may be at least substantially similar to a functionality of the web content following modification of the web content to create the modified content. Various other methods, computer-readable media, and systems are also disclosed.
摘要翻译: 用于处理网页内容的计算机实现的方法可以包括接收用恶意隐写代码编码的网络内容。 在呈现网络内容之前,该方法可以包括修改网络内容以创建修改的内容,使得恶意隐身代码传达的信息在修改的内容中至少部分地被破坏。 此外,修改的内容的功能可以至少基本上类似于web内容的修改之后的web内容的功能,以创建修改的内容。 还公开了各种其它方法,计算机可读介质和系统。
-
公开(公告)号:US08353058B1
公开(公告)日:2013-01-08
申请号:US12410166
申请日:2009-03-24
IPC分类号: G08B29/00 , G08B23/00 , G06F12/14 , G06F15/173 , H04L9/00
CPC分类号: G06F21/55 , G06F21/56 , H04L63/1416
摘要: A computer-implemented method for detecting rootkits is disclosed. The computer-implemented method may include sending periodic security communications from a privileged-processor-mode region of a computing device. The computer-implemented method may also include identifying at least one of the periodic security communications. The computer-implemented method may further include determining, based on the periodic security communications, whether the privileged-processor-mode region of the computing device has been compromised. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译: 公开了一种用于检测rootkit的计算机实现方法。 计算机实现的方法可以包括从计算设备的特权处理器模式区域发送周期性安全通信。 计算机实现的方法还可以包括识别周期性安全通信中的至少一个。 计算机实现的方法还可以包括基于周期性安全通信来确定计算设备的特权处理器模式区域是否已被破坏。 还公开了各种其它方法,系统和计算机可读介质。
-
6.发明授权公开(公告)号:US08312547B1
公开(公告)日:2012-11-13
申请号:US12059764
申请日:2008-03-31
IPC分类号: H04L29/06
CPC分类号: G06F21/567
摘要: A computer includes a portable environment including a portable file system located on a removable storage device, the portable environment using virtualization in a host operating system. A path translation module translates a virtualized path of a file in the portable file system to an actual path of the file. The virtualized path is the path in the context of a portable user application running in the portable environment, and the actual path is the path in the context of the host operating system. A malware detection module executing directly under the host operating system determines whether the file contains malware using the actual path of the file and takes remedial actions if malware is detected.
摘要翻译: 计算机包括便携式环境,其包括位于可移动存储设备上的便携式文件系统,所述便携式环境在主机操作系统中使用虚拟化。 路径转换模块将便携式文件系统中的文件的虚拟路径转换为文件的实际路径。 虚拟化路径是在便携式环境中运行的便携式用户应用程序的上下文中的路径,实际路径是主机操作系统上下文中的路径。 在主机操作系统下直接执行的恶意软件检测模块确定该文件是否包含使用该文件的实际路径的恶意软件,并在检测到恶意软件时采取补救措施。
-
7.发明申请TECHNIQUES FOR SECURING A CHECKED-OUT VIRTUAL MACHINE IN A VIRTUAL DESKTOP INFRASTRUCTURE 有权在虚拟桌面基础设施中安全检查虚拟机的技术公开(公告)号:US20120240181A1
公开(公告)日:2012-09-20
申请号:US13049480
申请日:2011-03-16
IPC分类号: G06F21/00
CPC分类号: G06F21/57 , G06F9/452 , G06F9/45558 , G06F21/53
摘要: Techniques for securing checked-out virtual machines in a virtual desktop infrastructure (VDI) are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for securing a checked-out guest virtual machine including receiving a request for checking-out a guest virtual machine hosted by a server network element, wherein checking-out the guest virtual machine comprises transferring hosting of the guest virtual machine from the server network element to a client network element. The method for securing a checked-out guest virtual machines may also include configuring a security module for the guest virtual machine in order to secure the guest virtual machine and providing the security module to the guest virtual machine when the guest virtual machine is checked-out.
摘要翻译: 公开了在虚拟桌面基础设施(VDI)中确保检出的虚拟机的技术。 在一个特定的示例性实施例中,这些技术可以被实现为用于保护被检出的客户虚拟机的方法,包括接收由服务器网络元件托管的访客虚拟机的检出请求,其中,检出来宾虚拟机 包括将来宾虚拟机的主机从服务器网络元件传送到客户端网络元件。 用于保护签出来宾虚拟机的方法还可以包括:为访客虚拟机配置安全模块,以便在访客虚拟机被检出时保护访客虚拟机并将该安全模块提供给客体虚拟机 。
-
8.发明授权Systems and methods for determining whether to perform a computing operation that is optimized for a specific storage-device-technology type 有权用于确定是否执行针对特定存储设备技术类型而优化的计算操作的系统和方法公开(公告)号:US08140804B1
公开(公告)日:2012-03-20
申请号:US12337132
申请日:2008-12-17
CPC分类号: G06F3/0653 , G06F3/0605 , G06F3/0634 , G06F3/0679
摘要: A computer-implemented method for determining whether to perform a computing operation that is optimized for a specific storage-device-technology type may comprise: 1) performing at least one proximate read operation by accessing a control location on a storage device and then accessing a test location on the storage device that is logically proximate to the control location, 2) performing at least one remote read operation by accessing a test location on the storage device that is logically remote from the control location, 3) determining, by comparing a length of time to access the proximate test location with a length of time to access the remote test location, a technology type of the storage device, and then 4) determining, based on the technology type of the storage device, whether to perform the computing operation. Corresponding systems and computer-readable media are also disclosed.
摘要翻译: 用于确定是否执行针对特定存储设备技术类型优化的计算操作的计算机实现的方法可以包括:1)通过访问存储设备上的控制位置并且然后访问 在逻辑上靠近控制位置的存储设备上的测试位置,2)通过访问逻辑上远离控制位置的存储设备上的测试位置来执行至少一个远程读取操作,3)通过比较长度 的时间以访问远程测试位置的时间长度,存储设备的技术类型,然后4)基于存储设备的技术类型来确定是否执行计算操作 。 还公开了相应的系统和计算机可读介质。
-
公开(公告)号:US08104083B1
公开(公告)日:2012-01-24
申请号:US12059622
申请日:2008-03-31
CPC分类号: G06F21/53 , G06F9/4401 , G06F9/45558 , G06F21/56 , G06F2009/45579
摘要: A method includes creating a first virtual machine comprising a remote file system. The method further includes causing all input/output from a second virtual machine to be redirected to the remote file system, the first virtual machine and the second virtual machine being on a single physical computer. The file system is securely protected from any malicious code executing on the second virtual machine by the hardware enforced partitioning between the first virtual machine and the second virtual machine.
摘要翻译: 一种方法包括创建包括远程文件系统的第一虚拟机。 该方法还包括使得来自第二虚拟机的所有输入/输出被重定向到远程文件系统,第一虚拟机和第二虚拟机位于单个物理计算机上。 通过在第一虚拟机和第二虚拟机之间的硬件强制分区,文件系统被安全地保护免受在第二虚拟机上执行的任何恶意代码。
-
公开(公告)号:US07472418B1
公开(公告)日:2008-12-30
申请号:US10643564
申请日:2003-08-18
CPC分类号: G06F21/566 , G06F21/56 , H04L63/1425
摘要: Inbound and outbound traffic on a computer system are intercepted and compared to determine if the presence of malicious code is indicated. Outbound traffic that is sufficiently similar to recently received inbound traffic is indicative of the presence of malicious code. In some embodiments, if the presence of malicious code is indicated, the user, as well as other individuals or systems, are notified of the detection. In some embodiments, if desired, protective actions are initiated to hinder or block the propagation of the malicious code from the host computer system to other computer systems, as well as to remove or inactivate the malicious code on the host computer system.
摘要翻译: 拦截和比较计算机系统上的入站和出站流量,以确定是否显示恶意代码的存在。 与最近收到的入站流量非常相似的出站流量表示存在恶意代码。 在一些实施例中,如果指示恶意代码的存在,则向用户以及其他个人或系统通知该检测。 在一些实施例中,如果需要,启动保护动作以阻止或阻止恶意代码从主计算机系统传播到其他计算机系统,以及移除或停用主机计算机系统上的恶意代码。
-
-
-
-
-
-
-
-
-
搜索结果
167 条记录 (耗时 0.044 秒)
