摘要:
A system arid method for enabling highly scalable multi-node event distribution networks through the use of summary-based routing, particularly event distribution networks using a content-based publish/subscribe model to distribute information. By allowing event routers to use imprecise summaries of the subscriptions hosted by matcher nodes, an event router can eliminate itself as a bottleneck thus improving overall event distribution network throughput even though the use of imprecise summaries results in some false positive event traffic. False positive event traffic is reduced by using a filter set partitioning that provides for good subscription set locality at each matcher node, while at the same time avoiding overloading any one matcher node. Good subscription set locality is maintained by routing new subscriptions to a matcher node with a subscription summary that best covers the new subscription. Where event space partitioning is desirable, an over-partitioning scheme is described that enables load balancing without repartitioning.
摘要:
A system and method for enabling highly scalable multi-node event distribution networks through the use of summary-based routing, particularly event distribution networks using a content-based publish/subscribe model to distribute information. By allowing event routers to use imprecise summaries of the subscriptions hosted by matcher nodes, an event router can eliminate itself as a bottleneck thus improving overall event distribution network throughput even though the use of imprecise summaries results in some false positive event traffic. False positive event traffic is reduced by using a filter set partitioning that provides for good subscription set locality at each matcher node, while at the same time avoiding overloading any one matcher node. Good subscription set locality is maintained by routing new subscriptions to a matcher node with a subscription summary that best covers the new subscription. Where event space partitioning is desirable, an over-partitioning scheme is described that enables load balancing without repartitioning.
摘要:
In an embodiment of isolation environment-based information access, programs—including operating systems and applications—running on a computing-based device can be isolated in an environment such as a virtual machine. Information including commands and/or data transmitted between the computing-based device and the program(s) being run, as well as information associated with the program(s) and the computing-based device, is accessed without being detected by the program(s). In one implementation, the information includes state information as well as commands and/or data—including sensitive information, such as usernames and passwords. In another implementation, the information can be used to secretly access the program(s).
摘要:
Systems and methods for implementing system management which are based on reviewing of the interactions between one or more programs and the persistent state they tend to represent. The system provides for detection of modifications that occur within a system, verifying whether the modifications are approved or not and generating notifications on detecting unknown modifications.
摘要:
Systems and methods for implementing system management which are based on reviewing of the interactions between one or more programs and the persistent state they tend to represent. The system provides for detection of modifications that occur within a system, verifying whether the modifications are approved or not and generating notifications on detecting unknown modifications.
摘要:
As computer programs grow more complex, extensible, and connected, it becomes increasingly difficult for users to understand what has changed on their machines and what impact those changes have. An embodiment of the invention is described via a software tool, called AskStrider, that answers those questions by correlating volatile process information with persistent-state context information and change history. AskStrider scans a system for active components, matches them against a change log to identify recently updated and hence more interesting state, and searches for context information to help users understand the changes. Several real-world cases are provided to demonstrate the effectiveness of using AskStrider to quickly identify the presence of unwanted software, to determine if a software patch is potentially breaking an application, and to detect lingering components left over from an unclean uninstallation.
摘要:
A technique for identifying dependencies of an application upon a given security context includes monitoring security checks generated by the application. The security checks requiring elevated rights are identified and the state of execution of the application corresponding to the identified security checks may be logged. The security checks requiring elevated rights may be identified by monitoring access checks, monitoring privilege checks, checking user/group identifiers against a list of known identifiers associated with elevated rights, or the like.
摘要:
A method and system for detecting that a software system has been infected by software that attempts to hide properties related to the software system is provided. A detection system identifies that a suspect operating system has been infected by malware by comparing properties related to the suspect operating system as reported by the suspect operating system to properties as reported by another operating system that is assumed to be clean. The detection system compares the reported properties to the actual properties to identify any significant differences. A significant difference, such as the presence of an actual file not reported by the suspect operating system, may indicate that the suspect storage device is infected.
摘要:
A monitoring service is provided that detects spyware or other unwanted software at the time it is installed and/or allows for the spyware's removal. The service monitors “Auto-Start Extensibility Points” (“ASEPs”) to detect spyware installations. ASEPs refer to the configuration points that can be “hooked” to allow programs to be auto-started without explicit user invocation. Such a service is particularly effective because an overwhelming majority of spyware programs infect systems in such a way that they are automatically started upon reboot and the launch of many commonly used applications. The monitoring service can thus lead to the subsequent complete removal of the spyware installation, and does not require a frequent signature-based cleaning. Spyware that is bundled with other software such as freeware or shareware can also be removed.
摘要:
An exemplary method includes providing a typographically erroneous domain name, tracing the domain name where tracing includes entering the domain name as part of a URL and recording one or more subsequent URLs, identifying a domain parking service for the domain name based at least in part on information in one of the recorded URLs, determining client identification information in at least one of the recorded URLs where the client identification information identifies a customer of the domain parking service and blocking one or more domain names based at least in part on the client identification information. Other exemplary technologies are also disclosed.