-
1.发明申请Method and apparatus to protect policy state information during the life-time of virtual machines 有权在虚拟机的使用寿命期间保护策略状态信息的方法和装置公开(公告)号:US20070239979A1
公开(公告)日:2007-10-11
申请号:US11392349
申请日:2006-03-29
申请人: Stefan Berger , Trent Jaeger , Ronald Perez , Reiner Sailer , Enriquillo Valdez
发明人: Stefan Berger , Trent Jaeger , Ronald Perez , Reiner Sailer , Enriquillo Valdez
IPC分类号: G06F15/173
CPC分类号: H04L63/102 , H04L63/12
摘要: A scheme for protecting policy state information during the lifetime of a virtual machine is presented. In order to protect and preserve the policy state information of the virtual machine, a process creates a source policy, a mapping policy, and a binary policy. These polices are all different representations of a security policy. The different policy representations are chained together via cryptographic hashes.
摘要翻译: 提出了一种在虚拟机生命周期内保护策略状态信息的方案。 为了保护和保存虚拟机的策略状态信息,进程创建源策略,映射策略和二进制策略。 这些政策都是安全策略的不同表征。 不同的策略表示通过加密散列链接在一起。
-
2.发明授权Method, system, and program product for remotely attesting to a state of a computer system 有权方法,系统和程序产品,用于远程证明计算机系统的状态公开(公告)号:US09298922B2
公开(公告)日:2016-03-29
申请号:US12170504
申请日:2008-07-10
申请人: Stefan Berger , Kenneth Goldman , Trenton R. Jaeger , Ronald Perez , Reiner Sailer , Enriquillo Valdez
发明人: Stefan Berger , Kenneth Goldman , Trenton R. Jaeger , Ronald Perez , Reiner Sailer , Enriquillo Valdez
CPC分类号: G06F21/57 , H04L9/3271 , H04L63/0428 , H04L63/06 , H04L63/0823 , H04L63/0853 , H04L63/1433 , H04L63/164 , H04L63/166 , H04L2209/127
摘要: A method, system, and program product for remotely attesting to a state of computing system is provided. Specifically, the present invention allows a remote system to establish trust in the properties of the computer system. The properties to be trusted are expanded from the usual system software layers and related configuration files to novel types of data such as static data specific to the computer system, dynamic data determined at system startup, or dynamic data created as the computer system runs applications.
摘要翻译: 提供了一种用于远程验证计算系统状态的方法,系统和程序产品。 具体地,本发明允许远程系统建立对计算机系统的属性的信任。 要被信任的属性从通常的系统软件层和相关的配置文件扩展到新的类型的数据,例如计算机系统特有的静态数据,在系统启动时确定的动态数据,或者作为计算机系统运行应用程序创建的动态数据。
-
3.发明授权Method and apparatus to protect policy state information during the life-time of virtual machines 有权在虚拟机的使用寿命期间保护策略状态信息的方法和装置公开(公告)号:US07856653B2
公开(公告)日:2010-12-21
申请号:US11392349
申请日:2006-03-29
IPC分类号: G06F17/00
CPC分类号: H04L63/102 , H04L63/12
摘要: A scheme for protecting policy state information during the lifetime of a virtual machine is presented. In order to protect and preserve the policy state information of the virtual machine, a process creates a source policy, a mapping policy, and a binary policy. These policies are all different representations of a security policy. The different policy representations are chained together via cryptographic hashes.
摘要翻译: 提出了一种在虚拟机生命周期内保护策略状态信息的方案。 为了保护和保存虚拟机的策略状态信息,进程创建源策略,映射策略和二进制策略。 这些策略都是安全策略的不同表示形式。 不同的策略表示通过加密散列链接在一起。
-
4.发明申请METHOD, SYSTEM, AND PROGRAM PRODUCT FOR REMOTELY ATTESTING TO A STATE OF A COMPUTER SYSTEM 审中-公开方法,系统和程序产品,用于远程执行计算机系统状态公开(公告)号:US20080270603A1
公开(公告)日:2008-10-30
申请号:US12170504
申请日:2008-07-10
申请人: Stefan Berger , Kenneth Goldman , Trenton R. Jaeger , Ronald Perez , Reiner Sailer , Enriquillo Valdez
发明人: Stefan Berger , Kenneth Goldman , Trenton R. Jaeger , Ronald Perez , Reiner Sailer , Enriquillo Valdez
CPC分类号: G06F21/57 , H04L9/3271 , H04L63/0428 , H04L63/06 , H04L63/0823 , H04L63/0853 , H04L63/1433 , H04L63/164 , H04L63/166 , H04L2209/127
摘要: A method, system, and program product for remotely attesting to a state of computing system is provided. Specifically, the present invention allows a remote system to establish trust in the properties of the computer system. The properties to be trusted are expanded from the usual system software layers and related configuration files to novel types of data such as static data specific to the computer system, dynamic data determined at system startup, or dynamic data created as the computer system runs applications.
摘要翻译: 提供了一种用于远程验证计算系统状态的方法,系统和程序产品。 具体地,本发明允许远程系统建立对计算机系统的属性的信任。 要被信任的属性从通常的系统软件层和相关的配置文件扩展到新的类型的数据,例如计算机系统特有的静态数据,在系统启动时确定的动态数据,或者作为计算机系统运行应用程序创建的动态数据。
-
5.发明申请公开(公告)号:US20080046752A1
公开(公告)日:2008-02-21
申请号:US11463563
申请日:2006-08-09
申请人: Stefan Berger , Kenneth Goldman , Trenton R. Jaeger , Ronald Perez , Reiner Sailer , Enriquillo Valdez
发明人: Stefan Berger , Kenneth Goldman , Trenton R. Jaeger , Ronald Perez , Reiner Sailer , Enriquillo Valdez
IPC分类号: H04K1/00
CPC分类号: G06F21/57 , H04L9/3271 , H04L63/0428 , H04L63/06 , H04L63/0823 , H04L63/0853 , H04L63/1433 , H04L63/164 , H04L63/166 , H04L2209/127
摘要: A method, system, and program product for remotely attesting to a state of computing system is provided. Specifically, the present invention allows a remote system to establish trust in the properties of the computer system. The properties to be trusted are expanded from the usual system software layers and related configuration files to novel types of data such as static data specific to the computer system, dynamic data determined at system startup, or dynamic data created as the computer system runs applications.
-
公开(公告)号:US08839345B2
公开(公告)日:2014-09-16
申请号:US12049629
申请日:2008-03-17
CPC分类号: G06F21/629 , G06F21/53 , G06F21/55 , G06F21/552 , G06F21/577 , G06F21/604 , H04L63/102 , H04L63/1408 , H04L63/20 , H04L67/00 , H04L67/10 , H04W12/08
摘要: Techniques for mapping at least one physical system and at least one virtual system into at least two separate execution environments are provided. The techniques include discovering an implicitly enforced security policy in an environment comprising at least one physical system and at least one virtual system, using the discovered policy to create an enforceable isolation policy, and using the isolation policy to map the at least one physical system and at least one virtual system into at least two separate execution environments. Techniques are also provided for generating a database of one or more isolation policies.
摘要翻译: 提供了用于将至少一个物理系统和至少一个虚拟系统映射到至少两个单独的执行环境中的技术。 所述技术包括在包括至少一个物理系统和至少一个虚拟系统的环境中发现隐含强制执行的安全策略,使用所发现的策略来创建可强制执行的隔离策略,以及使用所述隔离策略来映射所述至少一个物理系统和 至少一个虚拟系统进入至少两个独立的执行环境。 还提供了用于生成一个或多个隔离策略的数据库的技术。
-
公开(公告)号:US20090235324A1
公开(公告)日:2009-09-17
申请号:US12049629
申请日:2008-03-17
IPC分类号: G06F17/00
CPC分类号: G06F21/629 , G06F21/53 , G06F21/55 , G06F21/552 , G06F21/577 , G06F21/604 , H04L63/102 , H04L63/1408 , H04L63/20 , H04L67/00 , H04L67/10 , H04W12/08
摘要: Techniques for mapping at least one physical system and at least one virtual system into at least two separate execution environments are provided. The techniques include discovering an implicitly enforced security policy in an environment comprising at least one physical system and at least one virtual system, using the discovered policy to create an enforceable isolation policy, and using the isolation policy to map the at least one physical system and at least one virtual system into at least two separate execution environments. Techniques are also provided for generating a database of one or more isolation policies.
摘要翻译: 提供了用于将至少一个物理系统和至少一个虚拟系统映射到至少两个单独的执行环境中的技术。 所述技术包括在包括至少一个物理系统和至少一个虚拟系统的环境中发现隐含强制执行的安全策略,使用所发现的策略来创建可强制执行的隔离策略,以及使用所述隔离策略来映射所述至少一个物理系统和 至少一个虚拟系统进入至少两个独立的执行环境。 还提供了用于生成一个或多个隔离策略的数据库的技术。
-
-
-
-
-
-
搜索结果
7 条记录 (耗时 0.023 秒)
