公开(公告)号：US20240028720A1

公开(公告)日：2024-01-25

申请号：US17979065

申请日：2022-11-02

Applicant: VMWARE, INC.

Inventor： AMIT ANANDRAM LUNIYA

IPC: G06F21/56 ,  G06F21/57

CPC classification number: G06F21/565 ,  G06F21/57

Abstract: To implement secure block cloning on file systems that support block cloning, a computer security application is executed on a computer system deploying a file system that supports block cloning. The computer security application receives a block cloning command to clone a source file to a target file. Before the computer system executes the block cloning command, the computer security application identifies a trust status associated with the source file. The trust status is identified by looking up a base inventory that stores trust data associated with multiple files stored on the file system. The multiple files include the source file. Based on the trust status associated with the source file, the computer security application determines that the trust status associated with the source file is trustworthy. In response to determining that the source file is trustworthy, the computer security application applies the trust status associated with the source file to the target file.

公开(公告)号：US20230350997A1

公开(公告)日：2023-11-02

申请号：US17839490

申请日：2022-06-14

Applicant: VMWARE, INC.

Inventor： AMIT ANANDRAM LUNIYA ,  Sujay Shrikant Godbole

IPC: G06F21/33 ,  G06F21/62

CPC classification number: G06F21/33 ,  G06F21/6209

Abstract: The disclosure provides an approach for secure offloaded data transfer. Embodiments include receiving, by a security component on a client device, from a storage system connected to the client device, a token associated with a data read request corresponding to a source file on the storage system. Embodiments include determining, by the security component, that the source file is trusted. Embodiments include generating, by the security component, an entry in a trusted token cache based on determining that the source file is trusted, wherein the entry comprises the token. Embodiments include receiving, by the security component, a write request corresponding to a destination file on the storage system, wherein the write request comprises the token or a different token. Embodiments include determining, by the security component, based on the trusted token cache, whether to perform one or more operations related to the write request.