会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 5. 发明授权
    • Integrity protection in data processing systems
    • 数据处理系统中的完整性保护
    • US08689007B2
    • 2014-04-01
    • US12054860
    • 2008-03-25
    • Matthias SchunterAxel TannerBernhard Jansen
    • Matthias SchunterAxel TannerBernhard Jansen
    • G06F21/00
    • G06F12/145G06F12/1491G06F21/64G06F21/79
    • A method for protecting the integrity of a set of memory pages to be accessed by an operating system of a data processing system, includes running the operating system in a virtual machine (VM) of the data processing system; verifying the integrity of the set of memory pages on loading of pages in the set to a memory of the data processing system for access by the operating system; in response to verification of the integrity, designating the set of memory pages as trusted pages and, in a page table to be used by the operating system during the access, marking non-trusted pages as paged; and in response to a subsequent page fault interrupt for a non-trusted page, remapping the set of pages to a region of the data processing system memory which is inaccessible to the virtual machine.
    • 一种用于保护由数据处理系统的操作系统访问的一组存储器页面的完整性的方法,包括在所述数据处理系统的虚拟机(VM)中运行所述操作系统; 验证所述集合中的页面的集合在所述数据处理系统的存储器中的操作系统的存取的完整性; 响应于完整性的验证,将存储器页面集合指定为可信页面,并且在操作系统在访问期间使用的页表中将不可信页面标记为分页; 并且响应于不可信页面的后续页面错误中断,将该组页面重新映射到数据处理系统存储器的该虚拟机不可访问的区域。
    • 6. 发明授权
    • Integrity protection in data processing systems
    • 数据处理系统中的完整性保护
    • US08276201B2
    • 2012-09-25
    • US12020612
    • 2008-01-28
    • Matthias SchunterAxel TannerBernhard Jansen
    • Matthias SchunterAxel TannerBernhard Jansen
    • G06F21/00
    • G06F12/145G06F12/1491G06F21/64G06F21/79
    • A method for protecting the integrity of a set of memory pages to be accessed by an operating system of a data processing system, includes running the operating system in a virtual machine (VM) of the data processing system; verifying the integrity of the set of memory pages on loading of pages in the set to a memory of the data processing system for access by the operating system; in response to verification of the integrity, designating the set of memory pages as trusted pages and, in a page table to be used by the operating system during the access, marking non-trusted pages as paged; and in response to a subsequent page fault interrupt for a non-trusted page, remapping the set of pages to a region of the data processing system memory which is inaccessible to the virtual machine.
    • 一种用于保护由数据处理系统的操作系统访问的一组存储器页面的完整性的方法,包括在所述数据处理系统的虚拟机(VM)中运行所述操作系统; 验证所述集合中的页面的集合在所述数据处理系统的存储器中的操作系统的存取的完整性; 响应于完整性的验证,将存储器页面集合指定为可信页面,并且在操作系统在访问期间使用的页表中将不可信页面标记为分页; 并且响应于不可信页面的后续页面错误中断,将该组页面重新映射到数据处理系统存储器的该虚拟机不可访问的区域。
    • 7. 发明申请
    • INTEGRITY PROTECTION IN DATA PROCESSING SYSTEMS
    • 数据处理系统的完整性保护
    • US20080235534A1
    • 2008-09-25
    • US12054860
    • 2008-03-25
    • Matthias SchunterAxel TannerBernhard Jansen
    • Matthias SchunterAxel TannerBernhard Jansen
    • G06F12/08G06F11/08
    • G06F12/145G06F12/1491G06F21/64G06F21/79
    • A method for protecting the integrity of a set of memory pages to be accessed by an operating system of a data processing system, includes running the operating system in a virtual machine (VM) of the data processing system; verifying the integrity of the set of memory pages on loading of pages in the set to a memory of the data processing system for access by the operating system; in response to verification of the integrity, designating the set of memory pages as trusted pages and, in a page table to be used by the operating system during the access, marking non-trusted pages as paged; and in response to a subsequent page fault interrupt for a non-trusted page, remapping the set of pages to a region of the data processing system memory which is inaccessible to the virtual machine.
    • 一种用于保护由数据处理系统的操作系统访问的一组存储器页面的完整性的方法,包括在所述数据处理系统的虚拟机(VM)中运行所述操作系统; 验证所述集合中的页面的集合在所述数据处理系统的存储器中的操作系统的存取的完整性; 响应于完整性的验证,将存储器页面集合指定为可信页面,并且在操作系统在访问期间使用的页表中将不可信页面标记为分页; 并且响应于不可信页面的后续页面错误中断,将该组页面重新映射到数据处理系统存储器的该虚拟机不可访问的区域。
    • 10. 发明申请
    • FIREWALL FOR CONTROLLING CONNECTIONS BETWEEN A CLIENT MACHINE AND A NETWORK
    • 防火墙用于控制客户机与网络之间的连接
    • US20080289028A1
    • 2008-11-20
    • US12121689
    • 2008-05-15
    • Bernhard JansenAxel Tanner
    • Bernhard JansenAxel Tanner
    • G06F21/00
    • H04L63/0281G06F13/24G06F21/305H04L63/1441
    • A firewall system adapted for location outside the client machine, preferably in the same data processing device as the client machine but outside a virtual machine containing the client machine. Control logic of the firewall system receives incoming and outgoing connections from the network and client machine respectively. In response to a connection request initiating a connection between respective endpoints in the network and client machine, the control logic performs a security assessment comprising obtaining from at least one of the network and client machine information indicative of the security state of the endpoint therein, and allows or inhibits the connection in dependence on the result of the security assessment. The security assessment may be performed in accordance with a security policy of the system, and different security assessments may be performed for different connection requests in accordance with the security policy.
    • 防火墙系统适于位于客户机外部,优选地在与客户机相同的数据处理设备中,但在包含客户端机器的虚拟机之外。 防火墙系统的控制逻辑分别从网络和客户机接收传入和传出的连接。 响应于发起网络中的相应端点和客户机之间的连接的连接请求,控制逻辑执行安全性评估,包括从网络和客户机中的至少一个获取指示其中的端点的安全状态的信息,以及 根据安全评估的结果允许或禁止连接。 可以根据系统的安全策略执行安全评估,并且可以根据安全策略对不同的连接请求执行不同的安全评估。