专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明授权

US08312547B1 Anti-malware scanning in a portable application virtualized environment 有权
标题翻译：在可移植应用程序虚拟化环境中的反恶意软件扫描
公开(公告)号：US08312547B1
公开(公告)日：2012-11-13
申请号：US12059764
申请日：2008-03-31
申请人： William E. Sobel , Bruce McCorkendale
发明人： William E. Sobel , Bruce McCorkendale
IPC分类号： H04L29/06
CPC分类号： G06F21/567
摘要： A computer includes a portable environment including a portable file system located on a removable storage device, the portable environment using virtualization in a host operating system. A path translation module translates a virtualized path of a file in the portable file system to an actual path of the file. The virtualized path is the path in the context of a portable user application running in the portable environment, and the actual path is the path in the context of the host operating system. A malware detection module executing directly under the host operating system determines whether the file contains malware using the actual path of the file and takes remedial actions if malware is detected.
摘要翻译：计算机包括便携式环境，其包括位于可移动存储设备上的便携式文件系统，所述便携式环境在主机操作系统中使用虚拟化。路径转换模块将便携式文件系统中的文件的虚拟路径转换为文件的实际路径。虚拟化路径是在便携式环境中运行的便携式用户应用程序的上下文中的路径，实际路径是主机操作系统上下文中的路径。在主机操作系统下直接执行的恶意软件检测模块确定该文件是否包含使用该文件的实际路径的恶意软件，并在检测到恶意软件时采取补救措施。

12. 发明申请

US20120240181A1 TECHNIQUES FOR SECURING A CHECKED-OUT VIRTUAL MACHINE IN A VIRTUAL DESKTOP INFRASTRUCTURE 有权
标题翻译：在虚拟桌面基础设施中安全检查虚拟机的技术
公开(公告)号：US20120240181A1
公开(公告)日：2012-09-20
申请号：US13049480
申请日：2011-03-16
申请人： Bruce McCorkendale , William E. Sobel , Matthew R. Barnes
发明人： Bruce McCorkendale , William E. Sobel , Matthew R. Barnes
IPC分类号： G06F21/00
CPC分类号： G06F21/57 , G06F9/452 , G06F9/45558 , G06F21/53
摘要： Techniques for securing checked-out virtual machines in a virtual desktop infrastructure (VDI) are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for securing a checked-out guest virtual machine including receiving a request for checking-out a guest virtual machine hosted by a server network element, wherein checking-out the guest virtual machine comprises transferring hosting of the guest virtual machine from the server network element to a client network element. The method for securing a checked-out guest virtual machines may also include configuring a security module for the guest virtual machine in order to secure the guest virtual machine and providing the security module to the guest virtual machine when the guest virtual machine is checked-out.
摘要翻译：公开了在虚拟桌面基础设施（VDI）中确保检出的虚拟机的技术。在一个特定的示例性实施例中，这些技术可以被实现为用于保护被检出的客户虚拟机的方法，包括接收由服务器网络元件托管的访客虚拟机的检出请求，其中，检出来宾虚拟机包括将来宾虚拟机的主机从服务器网络元件传送到客户端网络元件。用于保护签出来宾虚拟机的方法还可以包括：为访客虚拟机配置安全模块，以便在访客虚拟机被检出时保护访客虚拟机并将该安全模块提供给客体虚拟机。

13. 发明授权

US08140804B1 Systems and methods for determining whether to perform a computing operation that is optimized for a specific storage-device-technology type 有权
标题翻译：用于确定是否执行针对特定存储设备技术类型而优化的计算操作的系统和方法
公开(公告)号：US08140804B1
公开(公告)日：2012-03-20
申请号：US12337132
申请日：2008-12-17
申请人： William E. Sobel , Bruce McCorkendale
发明人： William E. Sobel , Bruce McCorkendale
IPC分类号： G06F3/00 , G06F12/00
CPC分类号： G06F3/0653 , G06F3/0605 , G06F3/0634 , G06F3/0679
摘要： A computer-implemented method for determining whether to perform a computing operation that is optimized for a specific storage-device-technology type may comprise: 1) performing at least one proximate read operation by accessing a control location on a storage device and then accessing a test location on the storage device that is logically proximate to the control location, 2) performing at least one remote read operation by accessing a test location on the storage device that is logically remote from the control location, 3) determining, by comparing a length of time to access the proximate test location with a length of time to access the remote test location, a technology type of the storage device, and then 4) determining, based on the technology type of the storage device, whether to perform the computing operation. Corresponding systems and computer-readable media are also disclosed.
摘要翻译：用于确定是否执行针对特定存储设备技术类型优化的计算操作的计算机实现的方法可以包括：1）通过访问存储设备上的控制位置并且然后访问在逻辑上靠近控制位置的存储设备上的测试位置，2）通过访问逻辑上远离控制位置的存储设备上的测试位置来执行至少一个远程读取操作，3）通过比较长度的时间以访问远程测试位置的时间长度，存储设备的技术类型，然后4）基于存储设备的技术类型来确定是否执行计算操作。还公开了相应的系统和计算机可读介质。

14. 发明授权

US08104083B1 Virtual machine file system content protection system and method 有权
标题翻译：虚拟机文件系统内容保护系统及方法
公开(公告)号：US08104083B1
公开(公告)日：2012-01-24
申请号：US12059622
申请日：2008-03-31
申请人： William E. Sobel , Bruce McCorkendale , Paul Agbabian
发明人： William E. Sobel , Bruce McCorkendale , Paul Agbabian
IPC分类号： G06F7/04 , G06F12/14 , G06F12/00 , G06F13/00
CPC分类号： G06F21/53 , G06F9/4401 , G06F9/45558 , G06F21/56 , G06F2009/45579
摘要： A method includes creating a first virtual machine comprising a remote file system. The method further includes causing all input/output from a second virtual machine to be redirected to the remote file system, the first virtual machine and the second virtual machine being on a single physical computer. The file system is securely protected from any malicious code executing on the second virtual machine by the hardware enforced partitioning between the first virtual machine and the second virtual machine.
摘要翻译：一种方法包括创建包括远程文件系统的第一虚拟机。该方法还包括使得来自第二虚拟机的所有输入/输出被重定向到远程文件系统，第一虚拟机和第二虚拟机位于单个物理计算机上。通过在第一虚拟机和第二虚拟机之间的硬件强制分区，文件系统被安全地保护免受在第二虚拟机上执行的任何恶意代码。

15. 发明授权

US07472418B1 Detection and blocking of malicious code 有权
标题翻译：检测和阻止恶意代码
公开(公告)号：US07472418B1
公开(公告)日：2008-12-30
申请号：US10643564
申请日：2003-08-18
申请人： Bruce McCorkendale , William E. Sobel
发明人： Bruce McCorkendale , William E. Sobel
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G06F15/18 , G08B23/00
CPC分类号： G06F21/566 , G06F21/56 , H04L63/1425
摘要： Inbound and outbound traffic on a computer system are intercepted and compared to determine if the presence of malicious code is indicated. Outbound traffic that is sufficiently similar to recently received inbound traffic is indicative of the presence of malicious code. In some embodiments, if the presence of malicious code is indicated, the user, as well as other individuals or systems, are notified of the detection. In some embodiments, if desired, protective actions are initiated to hinder or block the propagation of the malicious code from the host computer system to other computer systems, as well as to remove or inactivate the malicious code on the host computer system.
摘要翻译：拦截和比较计算机系统上的入站和出站流量，以确定是否显示恶意代码的存在。与最近收到的入站流量非常相似的出站流量表示存在恶意代码。在一些实施例中，如果指示恶意代码的存在，则向用户以及其他个人或系统通知该检测。在一些实施例中，如果需要，启动保护动作以阻止或阻止恶意代码从主计算机系统传播到其他计算机系统，以及移除或停用主机计算机系统上的恶意代码。

16. 发明授权

US09450960B1 Virtual machine file system restriction system and method 有权
标题翻译：虚拟机文件系统限制系统及方法
公开(公告)号：US09450960B1
公开(公告)日：2016-09-20
申请号：US12265157
申请日：2008-11-05
申请人： Bruce McCorkendale , William E. Sobel
发明人： Bruce McCorkendale , William E. Sobel
IPC分类号： H04L29/06
CPC分类号： H04L63/10 , G06F21/53 , G06F21/568 , G06F21/6218 , H04L63/102 , H04L63/1416
摘要： A method includes creating a virtual machine including a remote file system, a file system service, and a security application. Access to the remote file system is restricted with the security application upon an unknown malicious code outbreak. The more that is known about the threat, the more precise are the restrictions placed upon the file system thus reducing the impact on users of the file system to an absolute minimum.
摘要翻译：一种方法包括创建包括远程文件系统，文件系统服务和安全应用程序的虚拟机。在未知的恶意代码爆发时，访问远程文件系统受到安全应用程序的限制。对威胁的了解越多，对文件系统的限制越准确，从而将对文件系统的用户的影响降到绝对最小。

17. 发明授权

US08578006B2 Enabling selective policy driven propagation of configuration elements between and among a host and a plurality of guests 有权
标题翻译：启用主机和多个客户端之间的配置元素的选择性策略驱动的传播
公开(公告)号：US08578006B2
公开(公告)日：2013-11-05
申请号：US13074850
申请日：2011-03-29
申请人： William E. Sobel , Bruce McCorkendale
发明人： William E. Sobel , Bruce McCorkendale
IPC分类号： G06F15/173
CPC分类号： G06F9/44505
摘要： Configuration elements are selectively propagated between a host and multiple guests, based on a policy. Configuration elements of the host and guests are monitored. Changes made to monitored configuration elements are detected. It is determined whether to propagate changed configuration elements between operating system environments based on the policy. It can be determined to propagate changed configuration element(s) from a source to one or more destinations in response to factors such as the identity and/or classification of the source, or the type, attribute(s), content and/or identity of the changed configuration element(s). The creation of new guests is detected. In response, at least one configuration element from at least one source is automatically propagated to a newly created guest.
摘要翻译：基于策略，配置元素在主机和多个客户端之间选择性地传播。监控主机和客户端的配置元素。检测到对受监视的配置元素进行的更改。根据策略确定是否在操作系统环境之间传播已更改的配置元素。响应于诸如源的身份和/或分类或类型，属性，内容和/或身份的因素，可以确定将更改的配置元素从源传播到一个或多个目的地的更改的配置元素。检测到新客人的创建。作为响应，来自至少一个源的至少一个配置元素被自动传播到新创建的访客。

18. 发明授权

US08434073B1 Systems and methods for preventing exploitation of byte sequences that violate compiler-generated alignment 有权
标题翻译：防止使用违反编译器生成的对齐方式的字节序列的系统和方法
公开(公告)号：US08434073B1
公开(公告)日：2013-04-30
申请号：US12263739
申请日：2008-11-03
申请人： Sourabh Satish , Bruce McCorkendale , William E. Sobel
发明人： Sourabh Satish , Bruce McCorkendale , William E. Sobel
IPC分类号： G06F9/44 , G06F9/45 , G06F9/445 , G06F12/00 , G06F12/14
CPC分类号： G06F21/54
摘要： An exemplary method for preventing exploitation of byte sequences that violate compiler-generated instruction alignment may comprise: 1) identifying instantiation of a process, 2) identifying an address space associated with the process, 3) identifying, within the address space associated with the process, at least one control-transfer instruction, 4) determining that at least one byte preceding the control-transfer instruction is capable of resulting in an out-of-alignment instruction, and then 5) preventing the control-transfer instruction from being executed. In one example, the system may prevent the control-transfer instruction from being executed by inserting a hook in place of the intended instruction that executes the intended instruction and then returns control flow back to the instantiated process. Corresponding systems and computer-readable media are also disclosed.
摘要翻译：用于防止违反编译器生成的指令对准的字节序列的示例性方法可以包括：1）识别过程的实例化，2）识别与该过程相关联的地址空间，3）在与该过程相关联的地址空间内识别，至少一个控制传输指令，4）确定控制传输指令之前的至少一个字节能够导致不对齐指令，然后5）防止执行控制传输指令。在一个示例中，系统可以通过插入钩来代替执行预期指令的预期指令来防止控制传输指令被执行，然后将控制流程返回到实例化的进程。还公开了相应的系统和计算机可读介质。

19. 发明授权

US08281363B1 Methods and systems for enforcing network access control in a virtual environment 有权
标题翻译：在虚拟环境中执行网络访问控制的方法和系统
公开(公告)号：US08281363B1
公开(公告)日：2012-10-02
申请号：US12059725
申请日：2008-03-31
申请人： Brian Hernacki , Bruce McCorkendale , William E. Sobel
发明人： Brian Hernacki , Bruce McCorkendale , William E. Sobel
IPC分类号： H04L29/06
CPC分类号： H04L29/08846 , G06F2009/45595 , H04L61/2038
摘要： A computer-implemented method may include receiving a request to access a network. The request may be sent from a virtual machine. The method may also include proxying the request to a network-access-control module, receiving a response from the network-access-control module, and transmitting the response to the virtual machine. Proxying the request to the network-access-control module may include assigning the virtual machine a virtual identifier. Proxying the request may also include creating a temporary interface. The temporary interface may be programmed to receive the response from the network-access-control module and transmit the response to the virtual machine. Various other methods, systems, and computer-readable media are also disclosed herein.
摘要翻译：计算机实现的方法可以包括接收访问网络的请求。请求可以从虚拟机发送。该方法还可以包括向网络访问控制模块代理请求，从网络访问控制模块接收响应，以及将响应发送到虚拟机。向网络访问控制模块代理请求可以包括为虚拟机分配虚拟标识符。代理请求还可以包括创建临时接口。临时接口可以被编程为从网络访问控制模块接收响应并将响应发送到虚拟机。本文还公开了各种其它方法，系统和计算机可读介质。

20. 发明授权

US08171256B1 Systems and methods for preventing subversion of address space layout randomization (ASLR) 有权
标题翻译：防止地址空间布局随机化（ASLR）颠覆的系统和方法
公开(公告)号：US08171256B1
公开(公告)日：2012-05-01
申请号：US12340968
申请日：2008-12-22
申请人： Sourabh Satish , William E. Sobel , Bruce McCorkendale
发明人： Sourabh Satish , William E. Sobel , Bruce McCorkendale
IPC分类号： G06F12/00 , G06F11/00 , G06F12/14 , G06F12/16
CPC分类号： G06F21/52
摘要： A method for preventing subversion of address space layout randomization (ASLR) in a computing device is described. An unverified module attempting to load into an address space of memory of the computing device is intercepted. Attributes associated with the unverified module are analyzed. A determination is made, based on the analyzed attributes, whether a probability exists that the unverified module will be loaded into a number of address spaces that exceeds a threshold. The unverified module is prevented from loading into the address space if the probability exists that the unverified module will be loaded into a number of address spaces that exceeds the threshold.
摘要翻译：描述了一种用于防止计算设备中的地址空间布局随机化（ASLR）的颠覆的方法。试图加载到计算设备的存储器的地址空间中的未验证的模块被截取。分析与未验证模块相关联的属性。基于分析的属性确定是否存在将未验证的模块加载到超过阈值的多个地址空间的概率。如果未验证的模块将被加载到超过阈值的多个地址空间的概率存在，则未经验证的模块被阻止加载到地址空间中。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式