-
1.发明授权公开(公告)号:US08352964B2
公开(公告)日:2013-01-08
申请号:US13052931
申请日:2011-03-21
申请人: Lee Laborczfalvi , Anil Roychoudhry , Andrew Borzycki , Jeffrey Muir , Huai Chin , Richard Mazzaferri , Nicholas Alexander Bissett
发明人: Lee Laborczfalvi , Anil Roychoudhry , Andrew Borzycki , Jeffrey Muir , Huai Chin , Richard Mazzaferri , Nicholas Alexander Bissett
CPC分类号: G06F9/4856 , G06F8/61 , G06F9/45537 , G06F9/468 , G06F9/5011 , G06F9/52 , G06F9/541 , G06F9/545 , G06F17/30067 , G06F21/53 , G06F2209/542 , Y10S707/99931
摘要: A method for moving an executing process from a source isolation scope to a target isolation scope includes the step of determining that the process is in a state suitable for moving. The association of the process changes from a source isolation scope to a target isolation scope. A rule loads in association with the target isolation scope.
摘要翻译: 将执行过程从源隔离范围移动到目标隔离范围的方法包括确定进程处于适于移动的状态的步骤。 从源隔离范围到目标隔离范围的进程更改关联。 与目标隔离范围相关联的规则加载。
-
2.发明授权公开(公告)号:US08132176B2
公开(公告)日:2012-03-06
申请号:US11231317
申请日:2005-09-19
CPC分类号: G06F9/4856 , G06F8/61 , G06F9/45537 , G06F9/468 , G06F9/5011 , G06F9/52 , G06F9/541 , G06F9/545 , G06F17/30067 , G06F21/53 , G06F2209/542 , Y10S707/99931
摘要: In a method for accessing, by application programs, resources provided by an operating system, a process receives a request for a resource and an identifier associated with the resource. It is determined that the requested resource resides inside an application isolation environment. The request for the resource and the identifier associated with the resource is redirected to the application isolation environment. The request for the resource is responded to using an instance of the resource residing inside the application isolation environment.
摘要翻译: 在由应用程序访问由操作系统提供的资源的方法中,过程接收对资源的请求和与资源相关联的标识符。 确定请求的资源驻留在应用程序隔离环境中。 对资源的请求和与资源相关联的标识符被重定向到应用程序隔离环境。 使用驻留在应用程序隔离环境中的资源的实例来响应对资源的请求。
-
公开(公告)号:US08095940B2
公开(公告)日:2012-01-10
申请号:US11231370
申请日:2005-09-19
CPC分类号: G06F9/5027 , G06F9/4488
摘要: In a method for accessing resources provided by an operating system, a request for a resource is received by an application program executing inside an environment. A first identifier associated with the resource is acquired. A registry is consulted, responsive to an association between a first identifier associated with the resource and a second identifier associated with the resource, the association associated with the environment. The resource and an environment on which to launch the resource are identified, responsive to consulting the registry. The second identifier is associated with the resource, with the environment, and with the environment on which to launch the resource. A registry key for the resource is stored in the registry, the registry key comprising the second identifier. The request for the resource is redirected to the identified instance of the resource, responsive to the second identifier. The request for the resource is responded to using the instance of the resource located in the environment on which the resource resides. The requested resource is launched in the identified environment, responsive to the second identifier.
摘要翻译: 在用于访问由操作系统提供的资源的方法中,由环境中执行的应用程序接收对资源的请求。 获取与资源相关联的第一标识符。 咨询注册表,响应于与资源相关联的第一标识符和与资源相关联的第二标识符与环境相关联的关联。 确定资源和启动资源的环境,以响应咨询注册表。 第二个标识符与资源,环境以及启动资源的环境相关联。 资源的注册表项存储在注册表中,注册表项包括第二个标识符。 响应于第二标识符,将资源的请求重定向到所识别的资源实例。 使用位于资源所在的环境中的资源的实例来响应对资源的请求。 响应于第二标识符,在所识别的环境中启动所请求的资源。
-
4.发明授权公开(公告)号:US08042120B2
公开(公告)日:2011-10-18
申请号:US10956723
申请日:2004-10-01
申请人: Lee George Laborczfalvi , Anil Roychoudhry , Andrew Gerard Borzycki , Jeffrey Dale Muir , Huai Chiun Chin , Richard James Mazzaferri , Nicholas Alexander Bissett
发明人: Lee George Laborczfalvi , Anil Roychoudhry , Andrew Gerard Borzycki , Jeffrey Dale Muir , Huai Chiun Chin , Richard James Mazzaferri , Nicholas Alexander Bissett
CPC分类号: G06F9/4856 , G06F8/61 , G06F9/45537 , G06F9/468 , G06F9/5011 , G06F9/52 , G06F9/541 , G06F9/545 , G06F17/30067 , G06F21/53 , G06F2209/542 , Y10S707/99931
摘要: A method for moving an executing process from a source isolation scope to a target isolation scope includes the step of determining that the process is in a state suitable for moving. The association of the process changes from a source isolation scope to a target isolation scope. A rule loads in association with the target isolation scope.
摘要翻译: 将执行过程从源隔离范围移动到目标隔离范围的方法包括确定进程处于适于移动的状态的步骤。 从源隔离范围到目标隔离范围的进程更改关联。 与目标隔离范围相关联的规则加载。
-
5.发明授权Methods and systems for accessing, by application programs, resources provided by an operating system 有权通过应用程序访问由操作系统提供的资源的方法和系统公开(公告)号:US08302101B2
公开(公告)日:2012-10-30
申请号:US11231284
申请日:2005-09-19
CPC分类号: G06F9/4856 , G06F8/61 , G06F9/45537 , G06F9/468 , G06F9/5011 , G06F9/52 , G06F9/541 , G06F9/545 , G06F17/30067 , G06F21/53 , G06F2209/542 , Y10S707/99931
摘要: In a method for accessing, by application programs, resources provided by an operating system, a process receives a request for a resource and an identifier associated with the resource. It is determined that the requested resource resides in a location outside the application isolation environment. The request for the resource and the identifier associated with the resource is redirected to the determined location. The request for the resource is responded to using an instance of the resource residing in the determined location.
摘要翻译: 在由应用程序访问由操作系统提供的资源的方法中,过程接收对资源的请求和与资源相关联的标识符。 确定所请求的资源驻留在应用程序隔离环境之外的位置。 对资源的请求和与资源相关联的标识符被重定向到确定的位置。 使用驻留在确定位置的资源的实例来响应对资源的请求。
-
6.发明申请公开(公告)号:US20110173618A1
公开(公告)日:2011-07-14
申请号:US13052931
申请日:2011-03-21
申请人: Lee George Laborczfalvi , Anil Roychoudhry , Andrew Gerard Borzycki , Jeffrey Dale Muir , Huai Chiun Chin , Richard James Mazzaferri , Nicholas Alexander Bissett
发明人: Lee George Laborczfalvi , Anil Roychoudhry , Andrew Gerard Borzycki , Jeffrey Dale Muir , Huai Chiun Chin , Richard James Mazzaferri , Nicholas Alexander Bissett
IPC分类号: G06F9/50
CPC分类号: G06F9/4856 , G06F8/61 , G06F9/45537 , G06F9/468 , G06F9/5011 , G06F9/52 , G06F9/541 , G06F9/545 , G06F17/30067 , G06F21/53 , G06F2209/542 , Y10S707/99931
摘要: A method for moving an executing process from a source isolation scope to a target isolation scope includes the step of determining that the process is in a state suitable for moving. The association of the process changes from a source isolation scope to a target isolation scope. A rule loads in association with the target isolation scope.
摘要翻译: 将执行过程从源隔离范围移动到目标隔离范围的方法包括确定进程处于适于移动的状态的步骤。 从源隔离范围到目标隔离范围的进程更改关联。 与目标隔离范围相关联的规则加载。
-
7.发明申请SYSTEMS AND METHODS FOR ENHANCING SECURITY BY SELECTIVELY OPENING A LISTENING PORT WHEN AN INCOMING CONNECTION IS EXPECTED 有权系统和方法,通过选择性地打开一个入口端口,当预期进入连接时提高安全性公开(公告)号:US20090106834A1
公开(公告)日:2009-04-23
申请号:US11875256
申请日:2007-10-19
申请人: Andrew Gerard Borzycki , Nicholas Alexander Bissett , Donovan Ross Hackett , Michael John Wookey , Richard Jason Croft , Jeffrey Dale Muir
发明人: Andrew Gerard Borzycki , Nicholas Alexander Bissett , Donovan Ross Hackett , Michael John Wookey , Richard Jason Croft , Jeffrey Dale Muir
IPC分类号: H04L9/32
CPC分类号: H04L63/166 , H04L63/08
摘要: The present solution reduces the attack surface of a server by selectively opening a server port for listening when a client has been authenticated/authorized via another machine or process, and directed to connect to the server in question. When not selectively listening on a port, the server does not listen or open ports for connections or otherwise minimizes the number of open ports. By selectively listening for connections, the server reduces the opportunity for hackers to attack the server process, and improves the security of the server. The ability to selectively listen on a port at specific times may be combined with additional meta information—like ticketing and prior authentication information to help further secure the server. The meta information may identify and ensure that only the correct remote endpoint is allowed to connect via the port. Instead of first listening for connections and then authenticate and authorize the received connection as with typical servers, the present solution first authenticates/authorizes a connection via another machine or process, then listens for an expected and authorized connection.
摘要翻译: 本解决方案通过选择性地打开服务器端口来减少服务器的攻击面,以便在客户端通过另一机器或进程进行身份验证/授权后进行侦听,并指示连接到有问题的服务器。 当没有选择性地监听端口时,服务器不会侦听或打开端口进行连接,否则会最小化打开端口的数量。 通过选择性地监听连接,服务器减少了黑客攻击服务器进程的机会,并提高了服务器的安全性。 在特定时间选择性地侦听端口的能力可以与额外的元信息类似的票据和先前的认证信息组合以帮助进一步保护服务器。 元信息可以标识并确保仅允许通过端口连接正确的远程端点。 而不是首先监听连接,然后与典型的服务器一样认证和授权接收到的连接,本解决方案首先通过另一个机器或进程来认证/授权连接,然后监听预期和授权的连接。
-
8.发明授权Methods and systems for providing access to a computing environment provided by a virtual machine executing in a hypervisor executing in a terminal services session 有权用于提供对在由终端服务会话中执行的管理程序中执行的虚拟机提供的对计算环境的访问的方法和系统公开(公告)号:US08010679B2
公开(公告)日:2011-08-30
申请号:US11563927
申请日:2006-11-28
申请人: Anthony Edward Low , Richard Jason Croft , Richard James Mazzaferri , Paul Adam Ryman , Nicholas Alexander Bissett , Michael Wookey , Donovan Ross Hackett
发明人: Anthony Edward Low , Richard Jason Croft , Richard James Mazzaferri , Paul Adam Ryman , Nicholas Alexander Bissett , Michael Wookey , Donovan Ross Hackett
IPC分类号: G06F15/16
CPC分类号: G09G5/14 , G06F3/1415 , G06F3/1438 , G06F3/1462 , G06F9/45533 , G06F9/485 , G06F9/5027 , G06F9/5055 , G06F9/5077 , G06F9/5088 , G06F9/54 , G06F17/30855 , G06F21/53 , G06F21/6218 , G06F21/629 , G06F2209/541 , G06F2221/2149 , G09G5/006 , G09G2354/00 , G09G2370/16 , G09G2370/22 , H04L29/08846 , H04L63/0227 , H04L63/0428 , H04L63/06 , H04L63/08 , H04L63/10 , H04L63/102 , H04L63/105 , H04L67/02 , H04L67/08 , H04L67/14 , H04L67/141 , H04L67/16 , H04L67/28 , H04L67/2814 , H04L67/2819 , H04L67/2842 , H04L67/303 , H04L69/24
摘要: A method for providing access to a computing environment includes the step of receiving, by a broker machine, a request from a client machine for access to a computing environment, the request including an identification of a user of the client machine. One of a plurality of virtual machines is identified by a session management component, the identified virtual machine providing the requested computing environment. One of a plurality of execution machines is identified, the identified execution machine providing a terminal services session in which a hypervisor executes to provide access to hardware resources required by the identified virtual machine. The hypervisor launches the identified virtual machine. A connection is established between the client machine and the identified virtual machine, via the terminal services session.
摘要翻译: 用于提供对计算环境的访问的方法包括以下步骤:由代理机器接收来自客户端机器的用于访问计算环境的请求,该请求包括客户机器的用户的标识。 多个虚拟机中的一个由会话管理组件识别,所识别的虚拟机提供所请求的计算环境。 识别多个执行机器中的一个,所识别的执行机器提供终端服务会话,其中管理程序执行以提供对所识别的虚拟机所需的硬件资源的访问。 管理程序启动所标识的虚拟机。 通过终端服务会话在客户端机器和所识别的虚拟机之间建立连接。
-
9.发明授权Systems and methods for enhancing security by selectively opening a listening port when an incoming connection is expected 有权当预期进入连接时,通过选择性地打开监听端口来增强安全性的系统和方法公开(公告)号:US08266688B2
公开(公告)日:2012-09-11
申请号:US11875256
申请日:2007-10-19
申请人: Andrew Gerard Borzycki , Nicholas Alexander Bissett , Donovan Ross Hackett , Michael John Wookey , Richard Jason Croft , Jeffrey Dale Muir
发明人: Andrew Gerard Borzycki , Nicholas Alexander Bissett , Donovan Ross Hackett , Michael John Wookey , Richard Jason Croft , Jeffrey Dale Muir
IPC分类号: H04L29/06
CPC分类号: H04L63/166 , H04L63/08
摘要: The present solution reduces the attack surface of a server by selectively opening a server port for listening when a client has been authenticated/authorized via another machine or process, and directed to connect to the server in question. When not selectively listening on a port, the server does not listen or open ports for connections or otherwise minimizes the number of open ports. By selectively listening for connections, the server reduces the opportunity for hackers to attack the server process, and improves the security of the server. The ability to selectively listen on a port at specific times may be combined with additional meta information—like ticketing and prior authentication information to help further secure the server. The meta information may identify and ensure that only the correct remote endpoint is allowed to connect via the port. Instead of first listening for connections and then authenticate and authorize the received connection as with typical servers, the present solution first authenticates/authorizes a connection via another machine or process, then listens for an expected and authorized connection.
摘要翻译: 本解决方案通过选择性地打开服务器端口来减少服务器的攻击面,以便在客户端通过另一机器或进程进行身份验证/授权后进行侦听,并指示连接到有问题的服务器。 当没有选择性地监听端口时,服务器不会侦听或打开端口进行连接,否则会最小化打开端口的数量。 通过选择性地监听连接,服务器减少了黑客攻击服务器进程的机会,并提高了服务器的安全性。 在特定时间选择性地侦听端口的能力可以与额外的元信息类似的票据和先前的认证信息组合以帮助进一步保护服务器。 元信息可以标识并确保仅允许通过端口连接正确的远程端点。 而不是首先监听连接,然后与典型的服务器一样认证和授权接收到的连接,本解决方案首先通过另一个机器或进程来认证/授权连接,然后监听预期和授权的连接。
-
-
-
-
-
-
-
-
搜索结果
9 条记录 (耗时 0.049 秒)
