-
公开(公告)号:US09003402B1
公开(公告)日:2015-04-07
申请号:US12969334
申请日:2010-12-15
IPC分类号: G06F9/455
CPC分类号: G06F9/45554 , G06F9/4484 , G06F9/45558 , G06F2009/45587
摘要: A method and apparatus for injecting function calls into a virtual machine whereby a Function Call Injection (FCI) process is employed, through which a Secure Virtual Machine (SVM) is used to trigger desired function call invocations inside a Guest Virtual Machine (GVM) by externally manipulating the GVMs memory and CPU register contents using a security API. Once the triggered function is executed, control is then returned at the originating SVM invocation point. Therefore, the GVM state is manipulated to externally inject function calls, making it possible to create control appliances which do not require an in-GVM agent.
摘要翻译: 一种用于将功能调用注入到虚拟机中的方法和装置,由此使用功能呼叫注入(FCI)过程,通过该方法使用安全虚拟机(SVM)来触发来宾虚拟机(GVM)内的期望的功能呼叫调用,由 使用安全API外部操作GVM内存和CPU寄存器内容。 一旦执行了触发功能,则在始发SVM调用点处返回控制。 因此,GVM状态被操纵以外部注入功能调用,使得可以创建不需要GVM代理的控制设备。
-
2.发明授权公开(公告)号:US09158561B2
公开(公告)日:2015-10-13
申请号:US13588699
申请日:2012-08-17
申请人: Matthew Conover
发明人: Matthew Conover
CPC分类号: G06F9/45558 , G06F8/61 , G06F8/65 , G06F9/44505 , G06F9/455 , G06F9/45533 , G06F2009/4557 , G06F2009/45583
摘要: Systems, methods, and software are described herein for operating a data management system, including executing an attached application and application data on a first virtual machine running a first operating system, separating the attached application and application data from the first virtual machine, and dynamically attaching the application and application data to a second virtual machine running an updated version of the first operating system.
摘要翻译: 本文描述了用于操作数据管理系统的系统,方法和软件,包括在运行第一操作系统的第一虚拟机上执行附加的应用和应用数据,将附加的应用和应用数据与第一虚拟机分离,并且动态地 将应用程序和应用程序数据附加到运行第一操作系统的更新版本的第二虚拟机。
-
3.发明申请公开(公告)号:US20130047160A1
公开(公告)日:2013-02-21
申请号:US13588699
申请日:2012-08-17
申请人: Matthew Conover
发明人: Matthew Conover
IPC分类号: G06F9/455
CPC分类号: G06F9/45558 , G06F8/61 , G06F8/65 , G06F9/44505 , G06F9/455 , G06F9/45533 , G06F2009/4557 , G06F2009/45583
摘要: Systems, methods, and software are described herein for operating a data management system, including executing an attached application and application data on a first virtual machine running a first operating system, separating the attached application and application data from the first virtual machine, and dynamically attaching the application and application data to a second virtual machine running an updated version of the first operating system.
摘要翻译: 这里描述了用于操作数据管理系统的系统,方法和软件,包括在运行第一操作系统的第一虚拟机上执行附加的应用和应用数据,将附加的应用和应用数据与第一虚拟机分离,并且动态地 将应用程序和应用程序数据附加到运行第一操作系统的更新版本的第二虚拟机。
-
公开(公告)号:US07487548B1
公开(公告)日:2009-02-03
申请号:US10829591
申请日:2004-04-21
申请人: Matthew Conover
发明人: Matthew Conover
CPC分类号: G06F21/52 , G06F21/568
摘要: A method includes stalling an attempt to reference an object, and determining whether an attempter that originated the attempt is authorized to access the object. A content-based access control list is used to determine if the attempter is authorized access to the object. This content-based access control list can be customized to protect against malicious code or other threats. Further, attempt information about the attempt can be recorded allowing profiles to be built of what a user or process is doing on a computer system.
摘要翻译: 一种方法包括停止引用对象的尝试,以及确定是否授权发起尝试的attemp是访问该对象的。 使用基于内容的访问控制列表来确定attempter是否被授权访问该对象。 可以定制基于内容的访问控制列表,以防止恶意代码或其他威胁。 此外,可以记录关于尝试的尝试信息,允许简档由用户或进程在计算机系统上正在进行的构建。
-
5.发明授权Systems and methods for recording behavioral information of an unverified component 有权用于记录未验证组件的行为信息的系统和方法公开(公告)号:US08065567B1
公开(公告)日:2011-11-22
申请号:US12397009
申请日:2009-03-03
申请人: Matthew Conover , Tzi-cker Chiueh
发明人: Matthew Conover , Tzi-cker Chiueh
IPC分类号: G06F21/00
CPC分类号: G06F21/566 , G06F21/577
摘要: A computer-implemented method for recording behavioral information of an unverified component is described. Interactions between a first process and an unverified component loaded in the first process are monitored. A fault is detected from the monitored interactions. Information associated with an event is sent to a proxy module loaded in a second process. The execution of the event in the second process is verified. Information associated with the behavior of the unverified component during the execution of the event is recorded.
摘要翻译: 描述用于记录未验证组件的行为信息的计算机实现的方法。 监视第一进程和加载在第一进程中的未验证组件之间的交互。 从监控的交互中检测到故障。 与事件相关联的信息被发送到在第二进程中加载的代理模块。 验证第二个进程中事件的执行。 记录在执行事件期间与未验证组件的行为相关联的信息。
-
6.发明授权Detecting return-to-LIBC buffer overflows via dynamic disassembly of offsets 有权通过动态反汇编来检测返回LIBC缓冲区溢出公开(公告)号:US07552477B1
公开(公告)日:2009-06-23
申请号:US11064712
申请日:2005-02-23
申请人: Sourabh Satish , Matthew Conover
发明人: Sourabh Satish , Matthew Conover
CPC分类号: G06F21/52 , G06F9/545 , G06F2209/542
摘要: A method makes use of the fact that call modules, such as APIS, making calls to a critical operating system (OS) function are typically called by a call instruction while, in contrast, a RLIBC attack typically uses call modules that are jumped to, returned to, or invoked by some means other than a call instruction. The method includes stalling a call to critical OS function and checking to ensure that the call module making the call to the critical OS function was called by a call instruction. If it is determined that the call module making the call to the critical OS function was not called by a call instruction, the method further includes taking protective action to protect a computer system.
摘要翻译: 一种方法利用呼叫模块(例如APIS)调用关键操作系统(OS)功能的事实通常由调用指令调用,而相比之下,RLIBC攻击通常使用跳转到的调用模块, 通过某种方式返回或调用,而不是通话指令。 该方法包括停止对关键OS功能的调用,并检查以确保通过调用指令调用对关键OS功能进行调用的调用模块。 如果确定对呼叫指令进行调用的呼叫模块未被呼叫指令调用,则该方法还包括采取保护措施来保护计算机系统。
-
7.发明授权Return-to-LIBC attack detection using branch trace records system and method 有权使用分支跟踪记录系统和方法进行返回LIBC攻击检测公开(公告)号:US07284276B2
公开(公告)日:2007-10-16
申请号:US10763867
申请日:2004-01-22
申请人: Matthew Conover , Peter Szor
发明人: Matthew Conover , Peter Szor
IPC分类号: H04L9/00
CPC分类号: G06F21/55
摘要: A method includes stalling a call to a critical operating system (OS) function and determining whether branch trace records of the call include a return instruction. Upon a determination that the branch trace records of the call do include a return instruction, the method further includes taking protective action to protect a computer system.
摘要翻译: 一种方法包括停止对关键操作系统(OS)功能的调用,并确定呼叫的分支跟踪记录是否包含返回指令。 在确定呼叫的分支跟踪记录确实包括返回指令时,该方法还包括采取保护动作来保护计算机系统。
-
8.发明申请Return-to-LIBC attack detection using branch trace records system and method 有权使用分支跟踪记录系统和方法进行返回LIBC攻击检测公开(公告)号:US20050166001A1
公开(公告)日:2005-07-28
申请号:US10763867
申请日:2004-01-22
申请人: Matthew Conover , Peter Szor
发明人: Matthew Conover , Peter Szor
CPC分类号: G06F21/55
摘要: A method includes stalling a call to a critical operating system (OS) function and determining whether branch trace records of the call include a return instruction. Upon a determination that the branch trace records of the call do include a return instruction, the method further includes taking protective action to protect a computer system.
摘要翻译: 一种方法包括停止对关键操作系统(OS)功能的调用,并确定呼叫的分支跟踪记录是否包含返回指令。 在确定呼叫的分支跟踪记录确实包括返回指令时,该方法还包括采取保护动作来保护计算机系统。
-
公开(公告)号:US09015706B2
公开(公告)日:2015-04-21
申请号:US12832550
申请日:2010-07-08
CPC分类号: G06F21/577 , G06F9/45537 , G06F2009/45591
摘要: Techniques for inter-virtual machine communication are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for interaction with a guest virtual machine comprising monitoring image loads into electronic memory of a guest virtual machine using a secure virtual machine, identifying a memory structure having a specified format, and performing, using the secure virtual machine, at least one of reading one or more portions of the identified memory structure and setting a value in the identified memory structure.
摘要翻译: 公开了用于虚拟机间通信的技术。 在一个特定的示例性实施例中,这些技术可以被实现为用于与来宾虚拟机进行交互的方法,包括使用安全虚拟机监视图像加载到来宾虚拟机的电子存储器中,识别具有指定格式的存储器结构,以及执行 使用所述安全虚拟机,读取所识别的存储器结构的一个或多个部分中的至少一个并且设置所识别的存储器结构中的值。
-
10.发明授权Systems and methods for providing network access control in virtual environments 有权在虚拟环境中提供网络访问控制的系统和方法公开(公告)号:US08938782B2
公开(公告)日:2015-01-20
申请号:US12724414
申请日:2010-03-15
申请人: Sanjay Sawhney , Matthew Conover , Bruce Montague
发明人: Sanjay Sawhney , Matthew Conover , Bruce Montague
CPC分类号: G06F9/45558 , G06F21/53 , G06F2009/45587
摘要: A computer-implemented method for providing network access control in virtual environments. The method may include: 1) injecting a transient security agent into a virtual machine that is running on a host machine; 2) receiving, from the transient security agent, an indication of whether the virtual machine complies with one or more network access control policies; and 3) controlling network access of the virtual machine based on the indication of whether the virtual machine complies with the one or more network access control policies. Various other methods, systems, and computer-readable media are also disclosed herein.
摘要翻译: 一种用于在虚拟环境中提供网络访问控制的计算机实现的方法。 该方法可以包括:1)将瞬时安全代理注入到在主机上运行的虚拟机; 2)从瞬态安全代理接收虚拟机是否符合一个或多个网络访问控制策略的指示; 以及3)基于虚拟机是否符合一个或多个网络访问控制策略的指示来控制虚拟机的网络访问。 本文还公开了各种其它方法,系统和计算机可读介质。
-
-
-
-
-
-
-
-
-
搜索结果
32 条记录 (耗时 0.02 秒)
