-
公开(公告)号:US08544003B1
公开(公告)日:2013-09-24
申请号:US12636414
申请日:2009-12-11
IPC分类号: G06F9/455 , G06F17/00 , G06F9/00 , G06F15/177 , G06F15/00 , G06F15/173
摘要: A method in one example implementation includes receiving a plurality of command messages through a control channel and reconstructing the command messages to determine an intended command for one or more virtual machines on a server device. The command messages include one or more criteria and the intended command corresponds to an operation defined in a policy database. The method also includes determining whether the corresponding operation is permitted by comparing one or more policies associated with the operation to the one or more criteria. The method further includes sending the command messages to the server device if the operation is permitted. In more specific embodiments, the operation may include one of creating, cloning, deleting, starting, stopping, and modifying the one or more virtual machines.
摘要翻译: 一个示例实现中的方法包括通过控制信道接收多个命令消息,并且重建命令消息以确定针对服务器设备上的一个或多个虚拟机的预期命令。 命令消息包括一个或多个标准,并且预期命令对应于在策略数据库中定义的操作。 该方法还包括通过将与操作相关联的一个或多个策略与一个或多个标准进行比较来确定是否允许相应的操作。 该方法还包括如果允许操作则将命令消息发送到服务器设备。 在更具体的实施例中,操作可以包括创建,克隆,删除,启动,停止和修改一个或多个虚拟机之一。
-
公开(公告)号:US20130247033A1
公开(公告)日:2013-09-19
申请号:US12636414
申请日:2009-12-11
IPC分类号: G06F9/455
摘要: A method in one example implementation includes receiving a plurality of command messages through a control channel and reconstructing the command messages to determine an intended command for one or more virtual machines on a server device. The command messages include one or more criteria and the intended command corresponds to an operation defined in a policy database. The method also includes determining whether the corresponding operation is permitted by comparing one or more policies associated with the operation to the one or more criteria. The method further includes sending the command messages to the server device if the operation is permitted. In more specific embodiments, the operation may include one of creating, cloning, deleting, starting, stopping, and modifying the one or more virtual machines.
摘要翻译: 一个示例实现中的方法包括通过控制信道接收多个命令消息,并且重建命令消息以确定针对服务器设备上的一个或多个虚拟机的预期命令。 命令消息包括一个或多个标准,并且预期命令对应于在策略数据库中定义的操作。 该方法还包括通过将与操作相关联的一个或多个策略与一个或多个标准进行比较来确定是否允许相应的操作。 该方法还包括如果允许操作则将命令消息发送到服务器设备。 在更具体的实施例中,操作可以包括创建,克隆,删除,启动,停止和修改一个或多个虚拟机之一。
-
公开(公告)号:US10089093B1
公开(公告)日:2018-10-02
申请号:US13479086
申请日:2012-05-23
摘要: Embodiments of the present invention are directed toward apparatuses, systems and methods of switching operating systems. The present invention includes a multi-OS runtime with virtualization technology, which allows applications developed for different operating systems to execute simultaneously, side-by-side, on the same computing device. The computing device typically includes a host operating system and at least one guest operating system. An application, which is disguised as a host operating system specific application on the host operating system, is configured to be installed and executed within the guest operating system. Host operating system based policies can be set for the application. The application can be launched from the host operating system, the guest operating system or both. The computing device allows for the ability to switch between different operating systems via a soft button, a hard button, or based on a configuration of the computing device, or a combination thereof.
-
公开(公告)号:US10791538B1
公开(公告)日:2020-09-29
申请号:US13543052
申请日:2012-07-06
IPC分类号: H04W68/00
摘要: Embodiments of the present invention are directed to cloud-based data synchronization. Two or more devices associated with an account in a cloud can be synched. The account is configured to manage publishing and subscription relationships between these devices such that a first device is able to publish data to the account in the cloud, and a second device is able to subscribe to the data from the account. In some embodiments, the account is configured to determine whether the second device has proper dependencies for subscribing to the data, and to prevent the second device from subscribing to the data upon determining that the second device does not have proper dependencies. However, in some embodiments, proper dependencies are automatically satisfied by downloading and installing a tool configured to properly process the data (e.g., execute applications) on the second device.
-
公开(公告)号:US08701189B2
公开(公告)日:2014-04-15
申请号:US12322321
申请日:2009-01-29
申请人: Suman Saraf , Sharad Agrawal , Pankaj Kumar
发明人: Suman Saraf , Sharad Agrawal , Pankaj Kumar
IPC分类号: G06F21/00
CPC分类号: G06F21/566
摘要: A method of and system for protecting a computer system against denial-of-service attacks or other exploitation. The method comprises collecting network data and analyzing the network data using statistical and heuristic techniques to identify the source of the exploitation upon receiving an indication of exploitation. Upon identifying the network source, the network data associated with the network is blocked, redirected, or flow controlled. Preferably, the method also includes identifying when the system is being exploited.
摘要翻译: 一种用于保护计算机系统免遭拒绝服务攻击或其他开发的方法和系统。 该方法包括收集网络数据并使用统计和启发式技术分析网络数据,以便在接收到开发指示时识别开发的来源。 在识别网络源时,与网络相关联的网络数据被阻塞,重定向或流量控制。 优选地,该方法还包括识别系统什么时候被利用。
-
公开(公告)号:US20130247181A1
公开(公告)日:2013-09-19
申请号:US12322321
申请日:2009-01-29
申请人: Suman Saraf , Sharad Agrawal , Pankaj Kumar
发明人: Suman Saraf , Sharad Agrawal , Pankaj Kumar
IPC分类号: G06F21/00
CPC分类号: G06F21/566
摘要: A method of and system for protecting a computer system against denial-of-service attacks or other exploitation. The method comprises collecting network data and analyzing the network data using statistical and heuristic techniques to identify the source of the exploitation upon receiving an indication of exploitation. Upon identifying the network source, the network data associated with the network is blocked, redirected, or flow controlled. Preferably, the method also includes identifying when the system is being exploited.
摘要翻译: 一种用于保护计算机系统免遭拒绝服务攻击或其他开发的方法和系统。 该方法包括收集网络数据并使用统计和启发式技术分析网络数据,以便在接收到开发指示时识别开发的来源。 在识别网络源时,与网络相关联的网络数据被阻塞,重定向或流量控制。 优选地,该方法还包括识别系统什么时候被利用。
-
公开(公告)号:US20130246393A1
公开(公告)日:2013-09-19
申请号:US12426859
申请日:2009-04-20
申请人: Suman Saraf , Sharad Agrawal , Vivek Srivastava
发明人: Suman Saraf , Sharad Agrawal , Vivek Srivastava
CPC分类号: G06F17/30238 , H04L67/1097
摘要: Embodiment of the invention provide a reverse name lookup function for providing an absolute path name or file name and absolute path name to the file name parent directory based on a vnode reference, NFS file handle reference, or file identifier reference associated with a computer virtual file system. A method in accordance with the invention comprises populating a table structure with vnodes, names, and absolute path information associated with the vnodes. The table structure and information are sufficient to generate an absolute path name and file name for each vnode. The table structure also includes entries for file identifiers, names, and associated absolute path information associated with the file identifiers. This information is sufficient to generate an absolute path name for each file identifier. The table is populated by hooking virtual file system function calls including the vnode name lookup function and the vnode inactive function. The table is populated with the file identifier entries by hooking the vnode inactive function.
摘要翻译: 基于与计算机虚拟文件相关联的vnode引用,NFS文件句柄引用或文件标识符引用,本发明的实施例提供了用于向文件名父目录提供绝对路径名或文件名和绝对路径名的反向名称查找功能 系统。 根据本发明的方法包括用与vnode相关联的vnodes,名称和绝对路径信息填充表结构。 表结构和信息足以为每个vnode生成绝对路径名和文件名。 表结构还包括与文件标识符相关联的文件标识符,名称和关联的绝对路径信息的条目。 该信息足以为每个文件标识符生成绝对路径名。 通过挂载虚拟文件系统函数调用(包括vnode名称查找函数和vnode无效函数)填充该表。 通过挂接vnode非活动功能,该表填充有文件标识符条目。
-
8.发明授权Method of and system for malicious software detection using critical address space protection 有权使用关键地址空间保护的恶意软件检测方法和系统公开(公告)号:US08515075B1
公开(公告)日:2013-08-20
申请号:US12322220
申请日:2009-01-29
申请人: Suman Saraf , Sharad Agrawal , Pankaj Kumar
发明人: Suman Saraf , Sharad Agrawal , Pankaj Kumar
IPC分类号: G06F21/00
CPC分类号: G06F21/566
摘要: A method of identifying malicious code based on identifying software executing out of writable memory of the computer system. In one embodiment, the identification of the malicious code occurs when the code accesses a predetermined memory address. This address can reside in the address space of an application, a library, or an operating system component. In one embodiment, the access to the predetermined address generates an exception invoking exception handling code. The exception handling code checks the memory attributes of the code that caused the exception and determines whether the code was running in writeable memory.
摘要翻译: 基于识别从计算机系统的可写入存储器执行的软件来识别恶意代码的方法。 在一个实施例中,当代码访问预定的存储器地址时,发生恶意代码的识别。 该地址可以驻留在应用程序,库或操作系统组件的地址空间中。 在一个实施例中,对预定地址的访问生成异常调用异常处理代码。 异常处理代码检查导致异常的代码的内存属性,并确定代码是否在可写内存中运行。
-
公开(公告)号:US08615502B2
公开(公告)日:2013-12-24
申请号:US12426859
申请日:2009-04-20
申请人: Suman Saraf , Sharad Agrawal , Vivek Srivastava
发明人: Suman Saraf , Sharad Agrawal , Vivek Srivastava
IPC分类号: G06F17/30
CPC分类号: G06F17/30238 , H04L67/1097
摘要: Embodiment of the invention provide a reverse name lookup function for providing an absolute path name or file name and absolute path name to the file name parent directory based on a vnode reference, NFS file handle reference, or file identifier reference associated with a computer virtual file system. A method in accordance with the invention comprises populating a table structure with vnodes, names, and absolute path information associated with the vnodes. The table structure and information are sufficient to generate an absolute path name and file name for each vnode. The table structure also includes entries for file identifiers, names, and associated absolute path information associated with the file identifiers. This information is sufficient to generate an absolute path name for each file identifier. The table is populated by hooking virtual file system function calls including the vnode name lookup function and the vnode inactive function. The table is populated with the file identifier entries by hooking the vnode inactive function.
摘要翻译: 基于与计算机虚拟文件相关联的vnode引用,NFS文件句柄引用或文件标识符引用,本发明的实施例提供了用于向文件名父目录提供绝对路径名或文件名和绝对路径名的反向名称查找功能 系统。 根据本发明的方法包括用与vnode相关联的vnodes,名称和绝对路径信息填充表结构。 表结构和信息足以为每个vnode生成绝对路径名和文件名。 表结构还包括与文件标识符相关联的文件标识符,名称和关联的绝对路径信息的条目。 该信息足以为每个文件标识符生成绝对路径名。 通过挂载虚拟文件系统函数调用(包括vnode名称查找函数和vnode无效函数)填充该表。 通过挂接vnode非活动功能,该表填充有文件标识符条目。
-
-
-
-
-
-
-
-
搜索结果
9 条记录 (耗时 0.019 秒)
