摘要:
Systems, methods, and software are described herein for operating a data management system, including executing an attached application and application data on a first virtual machine running a first operating system, separating the attached application and application data from the first virtual machine, and dynamically attaching the application and application data to a second virtual machine running an updated version of the first operating system.
摘要:
Systems, methods, and software are described herein for operating a data management system, including executing an attached application and application data on a first virtual machine running a first operating system, separating the attached application and application data from the first virtual machine, and dynamically attaching the application and application data to a second virtual machine running an updated version of the first operating system.
摘要:
A method includes stalling an attempt to reference an object, and determining whether an attempter that originated the attempt is authorized to access the object. A content-based access control list is used to determine if the attempter is authorized access to the object. This content-based access control list can be customized to protect against malicious code or other threats. Further, attempt information about the attempt can be recorded allowing profiles to be built of what a user or process is doing on a computer system.
摘要:
A computer-implemented method for recording behavioral information of an unverified component is described. Interactions between a first process and an unverified component loaded in the first process are monitored. A fault is detected from the monitored interactions. Information associated with an event is sent to a proxy module loaded in a second process. The execution of the event in the second process is verified. Information associated with the behavior of the unverified component during the execution of the event is recorded.
摘要:
A method makes use of the fact that call modules, such as APIS, making calls to a critical operating system (OS) function are typically called by a call instruction while, in contrast, a RLIBC attack typically uses call modules that are jumped to, returned to, or invoked by some means other than a call instruction. The method includes stalling a call to critical OS function and checking to ensure that the call module making the call to the critical OS function was called by a call instruction. If it is determined that the call module making the call to the critical OS function was not called by a call instruction, the method further includes taking protective action to protect a computer system.
摘要:
A method includes stalling a call to a critical operating system (OS) function and determining whether branch trace records of the call include a return instruction. Upon a determination that the branch trace records of the call do include a return instruction, the method further includes taking protective action to protect a computer system.
摘要:
A method includes stalling a call to a critical operating system (OS) function and determining whether branch trace records of the call include a return instruction. Upon a determination that the branch trace records of the call do include a return instruction, the method further includes taking protective action to protect a computer system.
摘要:
Techniques for inter-virtual machine communication are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for interaction with a guest virtual machine comprising monitoring image loads into electronic memory of a guest virtual machine using a secure virtual machine, identifying a memory structure having a specified format, and performing, using the secure virtual machine, at least one of reading one or more portions of the identified memory structure and setting a value in the identified memory structure.
摘要:
A computer-implemented method for providing network access control in virtual environments. The method may include: 1) injecting a transient security agent into a virtual machine that is running on a host machine; 2) receiving, from the transient security agent, an indication of whether the virtual machine complies with one or more network access control policies; and 3) controlling network access of the virtual machine based on the indication of whether the virtual machine complies with the one or more network access control policies. Various other methods, systems, and computer-readable media are also disclosed herein.
摘要:
A computer-implemented method for data loss prevention on mobile computing systems may include (1) identifying a mobile computing system configured to execute only one application at a time as a foreground application, (2) determining that the mobile computing system has begun executing a sensitive application as the foreground application, (3) identifying a first enumeration of screenshots stored on the mobile computing system when the mobile computing system began executing the sensitive application as the foreground application, (4) identifying a second enumeration of screenshots stored on the mobile computing system, (5) determining that at least one new screenshot was taken on the mobile computing system while the sensitive application was the foreground application by detecting a difference between the first enumeration and the second enumeration, and (6) performing a security action upon detecting the difference. Various other methods, systems, and computer-readable media are also disclosed.