Systems and methods for replacing sensitive information stored within non-secure environments with secure references to the same
    1.
    发明授权
    Systems and methods for replacing sensitive information stored within non-secure environments with secure references to the same 有权
    用于替换存储在非安全环境中的敏感信息的安全引用的系统和方法

    公开(公告)号:US09003542B1

    公开(公告)日:2015-04-07

    申请号:US12966307

    申请日:2010-12-13

    摘要: A computer-implemented method for replacing sensitive information stored within non-secure environments with secure references to the same may include (1) identifying sensitive information stored within a non-secure environment on a computing device, (2) removing the sensitive information from the non-secure environment, (3) storing the sensitive information within a secure environment, (4) replacing the sensitive information originally stored within the non-secure environment with a reference that identifies the sensitive information stored within the secure environment, (5) identifying a request to access at least a portion of the sensitive information identified in the reference, (6) determining that at least a portion of the request satisfies a data-loss-prevention policy, and then (7) providing access to at least a portion of the sensitive information via the secure environment. Various other systems, methods, and computer-readable media are also disclosed.

    摘要翻译: 用于以安全参考的方式替换存储在非安全环境中的敏感信息的计算机实现的方法可以包括(1)识别存储在计算设备上的非安全环境中的敏感信息,(2)从 (3)将敏感信息存储在安全环境中,(4)用存储在安全环境中的敏感信息的引用替代最初存储在非安全环境中的敏感信息,(5)识别 访问参考中标识的敏感信息的至少一部分的请求,(6)确定请求的至少一部分满足数据丢失防止策略,然后(7)提供对至少一部分的访问 的敏感信息通过安全的环境。 还公开了各种其它系统,方法和计算机可读介质。

    Per user and per process layer visibility
    2.
    发明授权
    Per user and per process layer visibility 有权
    每个用户和每个进程层的可见性

    公开(公告)号:US08688641B1

    公开(公告)日:2014-04-01

    申请号:US12058927

    申请日:2008-03-31

    CPC分类号: G06F17/30126

    摘要: A method is proposed. The method includes receiving a file operation request from a process and performing a census of instances of a file applicable to the file operation request to populate a data structure. The data structure including a listing of the instances of the file applicable to the file operation request. The data structure also includes characteristics for a first instance from among the instances of the file applicable to the file operation request, and characteristics for a second instance of a selected file from among the instances of the file applicable to the file operation request. The method also includes eliminating the first instance from among the instances of the file applicable to the file operation request on the basis of a rule associated with properties from a record for the process, and the characteristics for the first instance.

    摘要翻译: 提出了一种方法。 该方法包括从进程接收文件操作请求并执行适用于文件操作请求的文件的实例的普查以填充数据结构。 数据结构包括适用于文件操作请求的文件实例的列表。 数据结构还包括适用于文件操作请求的文件的实例中的第一实例的特性,以及可应用于文件操作请求的文件的实例之间的所选文件的第二实例的特性。 该方法还包括基于与来自用于进程的记录的属性相关联的规则以及第一实例的特征,从适用于文件操作请求的文件的实例中删除第一实例。

    Filtering I/O communication of guest OS by inserting filter layer between hypervisor and VM and between hypervisor and devices
    3.
    发明授权
    Filtering I/O communication of guest OS by inserting filter layer between hypervisor and VM and between hypervisor and devices 有权
    通过在虚拟机管理程序和VM之间以及虚拟机管理程序和设备之间插入过滤器层来过滤访客操作系统的I / O通信

    公开(公告)号:US08490086B1

    公开(公告)日:2013-07-16

    申请号:US12495420

    申请日:2009-06-30

    IPC分类号: G06F9/455 G06F11/00

    摘要: A computer-implemented method for filtering input/output communications of guest operating systems may include: 1) identifying a guest operating system running in a virtual machine, 2) creating an input/output filtering layer that resides outside the guest operating system, 3) intercepting, at the input/output filtering layer, an input/output communication involving the guest operating system, and then 4) performing a filtering operation on the input/output communication. Various other methods, systems, and computer-readable media are also disclosed.

    摘要翻译: 用于过滤客户操作系统的输入/输出通信的计算机实现的方法可以包括:1)识别在虚拟机中运行的客户操作系统,2)创建驻留在客户操作系统之外的输入/输出过滤层,3) 在输入/输出过滤层处拦截涉及客户操作系统的输入/输出通信,然后4)对输入/输出通信进行滤波操作。 还公开了各种其它方法,系统和计算机可读介质。

    Methods and systems for computing device remediation
    4.
    发明授权
    Methods and systems for computing device remediation 有权
    用于计算设备修复的方法和系统

    公开(公告)号:US08353044B1

    公开(公告)日:2013-01-08

    申请号:US12147744

    申请日:2008-06-27

    IPC分类号: H04L29/06

    摘要: A computer-implemented method for remediation of a computing device attempting to access a network. The method may include detecting that the computing device is attempting to access the network. The method may also include determining that the computing device does not comply with a network-access-control policy of the network. The method may include using a virtualization layer to bring the computing device into compliance with the network-access-control policy. The method may include permitting the computing device to access the network after the computing device is brought into compliance with the network-access-control policy. Various other methods, systems, and computer-readable media are also disclosed.

    摘要翻译: 用于修复试图访问网络的计算设备的计算机实现的方法。 该方法可以包括检测计算设备正试图访问网络。 该方法还可以包括确定计算设备不符合网络的网络访问控制策略。 该方法可以包括使用虚拟化层来使计算设备符合网络访问控制策略。 该方法可以包括允许计算设备在计算设备符合网络访问控制策略之后访问网络。 还公开了各种其它方法,系统和计算机可读介质。

    Methods and systems for creating snapshots of virtualized applications
    5.
    发明授权
    Methods and systems for creating snapshots of virtualized applications 有权
    用于创建虚拟化应用程序快照的方法和系统

    公开(公告)号:US08112392B1

    公开(公告)日:2012-02-07

    申请号:US12371116

    申请日:2009-02-13

    IPC分类号: G06F7/00

    CPC分类号: G06F17/30233 G06F9/45558

    摘要: A method may include identifying a virtualized application that has a read-only virtualization sublayer and a read-write virtualization sublayer. The read-only virtualization sublayer may represent a base state of the virtualized application and the read-write virtualization sublayer may be configured to store changes to the base state of the virtualized application. The method may also include determining a first difference between the read-only virtualization sublayer and the read-write virtualization sublayer at a first point in time and using the first difference between the read-only virtualization sublayer and the read-write virtualization sublayer to create a first snapshot that represents a state of the virtualized application at the first point in time. Various other methods, systems, and computer-readable media are also disclosed.

    摘要翻译: 一种方法可以包括识别具有只读虚拟化子层和读写虚拟化子层的虚拟化应用。 只读虚拟化子层可以表示虚拟应用的基本状态,并且读写虚拟化子层可以被配置为存储对虚拟应用的基本状态的改变。 该方法还可以包括在第一时间点确定只读虚拟化子层和读写虚拟化子层之间的第一差异,并使用只读虚拟化子层和读写虚拟化子层之间的第一个差异来创建 表示第一时间点的虚拟化应用程序状态的第一个快照。 还公开了各种其它方法,系统和计算机可读介质。

    DYNAMIC INSERTION AND REMOVAL OF VIRTUAL SOFTWARE SUB-LAYERS
    6.
    发明申请
    DYNAMIC INSERTION AND REMOVAL OF VIRTUAL SOFTWARE SUB-LAYERS 有权
    动态插入和删除虚拟软件子层

    公开(公告)号:US20110145806A1

    公开(公告)日:2011-06-16

    申请号:US12058782

    申请日:2008-03-31

    申请人: Randall R. Cook

    发明人: Randall R. Cook

    IPC分类号: G06F9/44

    摘要: The disclosure is directed to dynamic insertion and removal of virtual software sub-layers. In one example, a virtual layer associated with a software application is virtually installed and activated in a computing device. A virtual sub-layer associated with a component of the software application is dynamically inserted in the virtual layer. The virtual layer remains active during the dynamic insertion of the virtual sub-layer. In certain embodiments, a process is executed from the virtual layer, a determination is made as to whether the process launched before or after the insertion of the virtual sub-layer, and the inserted virtual sub-layer is selectively made visible or invisible to the process based on the determination.

    摘要翻译: 本公开旨在动态插入和移除虚拟软件子层。 在一个示例中,与计算设备虚拟地安装并激活与软件应用相关联的虚拟层。 与软件应用的组件相关联的虚拟子层被动态地插入到虚拟层中。 虚拟层在动态插入虚拟子层期间保持活动状态。 在某些实施例中,从虚拟层执行处理,确定在虚拟子层的插入之前或之后启动的进程以及插入的虚拟子层是否被选择性地使其可见或不可见 过程基于确定。

    Distributed application virtualization
    8.
    发明授权
    Distributed application virtualization 有权
    分布式应用程序虚拟化

    公开(公告)号:US09100246B1

    公开(公告)日:2015-08-04

    申请号:US12142549

    申请日:2008-06-19

    摘要: Distributed application virtualization provides for the distribution, configuration and control of multiple application components, layered file systems, and configuration settings that may be applied on top of an operating system of each system configured to work in conjunction with other systems within a single distributed virtualization layer. A distributed software virtualization manager or service handles communication between systems within each distributed virtual layer. One distributed virtualization operation activates components, selected based on user-defined parameters, on systems across the network belonging to a selected distributed virtual application layer. Other virtualization operations, whether local and/or distributed, include capturing file system and configuration activity associated with the detected event and storing data representative of the captured file system and configuration activity to a virtual layer, such as a local or distributed application layer.

    摘要翻译: 分布式应用程序虚拟化提供了可分配,配置和控制多个应用程序组件,分层文件系统和配置设置,这些配置设置可以应用于配置为与单个分布式虚拟化层内的其他系统配合工作的每个系统的操作系统之上 。 分布式软件虚拟化管理器或服务处理每个分布式虚拟层内的系统之间的通信。 一个分布式虚拟化操作在属于所选分布式虚拟应用层的网络上的系统上激活基于用户定义的参数选择的组件。 本地和/或分发的其他虚拟化操作包括捕获与检测到的事件相关联的文件系统和配置活动,并将表示所捕获的文件系统和配置活动的数据存储到诸如本地或分布式应用层的虚拟层。

    Use of external information about a file to determine virtualization
    9.
    发明授权
    Use of external information about a file to determine virtualization 有权
    使用关于文件的外部信息来确定虚拟化

    公开(公告)号:US08639734B1

    公开(公告)日:2014-01-28

    申请号:US12059973

    申请日:2008-03-31

    申请人: Randall R. Cook

    发明人: Randall R. Cook

    IPC分类号: G06F12/10

    CPC分类号: G06F17/30115

    摘要: An apparatus or method in which information external to a file is used to select a directory within a file system where the file is to be stored. In one embodiment of the method a first request is received to create a first file in a file system, wherein the first request comprises a first file system path. First information is also received that describes data contained in a first data object. A first redirect file system path component is selected from a plurality of redirect file system path components in response to receiving the first information. The first file system path is then modified by adding the first redirect file system path component to the first file system path.

    摘要翻译: 使用文件外部的信息来选择要存储文件的文件系统内的目录的装置或方法。 在该方法的一个实施例中,接收到第一请求以在文件系统中创建第一文件,其中第一请求包括第一文件系统路径。 还收到描述包含在第一数据对象中的数据的第一信息。 响应于接收到第一信息,从多个重定向文件系统路径组件中选择第一重定向文件系统路径组件。 然后通过将第一个重定向文件系统路径组件添加到第一个文件系统路径来修改第一个文件系统路径。

    Methods and systems for defragmenting virtual machine prefetch data on physical storage
    10.
    发明授权
    Methods and systems for defragmenting virtual machine prefetch data on physical storage 有权
    在物理存储上对虚拟机预取数据进行碎片整理的方法和系统

    公开(公告)号:US08332570B1

    公开(公告)日:2012-12-11

    申请号:US12242734

    申请日:2008-09-30

    IPC分类号: G06F12/02 G06F9/455

    摘要: A computer-implemented method for defragmenting virtual machine prefetch data. The method may include obtaining prefetch information associated with prefetch data of a virtual machine. The method may also include defragmenting, based on the prefetch information, the prefetch data on physical storage. The prefetch information may include a starting location and length of the prefetch data on a virtual disk. The prefetch information may include a geometry specification of the virtual disk. Defragmenting on physical storage may include placing the prefetch data contiguously on physical storage, placing the prefetch data in a fast-access segment of physical storage, and/or ordering the prefetch data according to the order in which it is accessed at system or application startup.

    摘要翻译: 用于对虚拟机预取数据进行碎片整理的计算机实现的方法。 该方法可以包括获得与虚拟机的预取数据相关联的预取信息。 该方法还可以包括基于预取信息对物理存储器上的预取数据进行碎片整理。 预取信息可以包括虚拟磁盘上的预取数据的起始位置和长度。 预取信息可以包括虚拟磁盘的几何规格。 物理存储上的碎片整理可能包括将预取数据连续地放置在物理存储上,将预取数据放置在物理存储的快速访问段中,和/或根据系统或应用程序启动时访问顺序对预取数据进行排序 。