专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20200065131A1 Systems and Methods for Auditing a Virtual Machine 审中-公开
公开(公告)号：US20200065131A1
公开(公告)日：2020-02-27
申请号：US16666990
申请日：2019-10-29
申请人： Bitdefender IPR Management Ltd.
发明人： Sandor LUKACS , Andrei V. LUTAS , Ionel C. ANICHITEI
IPC分类号： G06F9/455 , G06F9/50 , G06F11/30 , G06F9/445 , G06F21/10 , G06F21/56 , G06F11/34
摘要： Described systems and methods enable performing software audits remotely and automatically, on a relatively large number of client systems (e.g., a corporate network, a virtual desktop infrastructure system, etc.) An audit engine executes on each client system, in a hardware virtualization configuration wherein the audit engine executes outside an audited virtual machine. When receiving an audit request from an audit server, some embodiments of the audit engine drop an audit agent into the audited virtual machine, and remove the audit agent upon completion of the audit.

2. 发明申请

US20170192810A1 Systems and Methods for Auditing a Virtual Machine 有权
公开(公告)号：US20170192810A1
公开(公告)日：2017-07-06
申请号：US15045979
申请日：2016-02-17
申请人： Bitdefender IPR Management Ltd.
发明人： Sandor LUKACS , Andrei V. LUTAS , Ionel C. ANICHITEI
IPC分类号： G06F9/455 , G06F21/56 , G06F9/445 , G06F21/10
CPC分类号： G06F9/45558 , G06F9/44521 , G06F9/44526 , G06F9/5072 , G06F11/30 , G06F21/105 , G06F21/56 , G06F2009/45591 , G06F2009/45595 , G06F2221/034
摘要： Described systems and methods enable performing software audits remotely and automatically, on a relatively large number of client systems (e.g., a corporate network, a virtual desktop infrastructure system, etc.) An audit engine executes on each client system, in a hardware virtualization configuration wherein the audit engine executes outside an audited virtual machine. When receiving an audit request from an audit server, some embodiments of the audit engine drop an audit agent into the audited virtual machine, and remove the audit agent upon completion of the audit.

3. 发明申请

US20180173555A1 Event Filtering for Virtual Machine Security Applications 审中-公开
公开(公告)号：US20180173555A1
公开(公告)日：2018-06-21
申请号：US15845060
申请日：2017-12-18
申请人： Bitdefender IPR Management Ltd.
发明人： Andrei V. LUTAS
IPC分类号： G06F9/455 , G06F9/54
摘要： Described systems and methods allow protecting a hardware virtualization system from malicious software. Some embodiments use a hybrid event notification/analysis system, wherein a first component executing within a protected virtual machine (VM) registers as a handler for processor exceptions triggered by violations of memory access permissions, and wherein a second component executing outside the respective VM registers as a handler for VM exit events. The first component filters permission violation events according to a set of rules and only notifies the second component about events which are deemed relevant to security. The second component analyzes notified events to detect malicious software.

4. 发明申请

US20170286673A1 Malware-Resistant Application Control in Virtualized Environments 审中-公开
公开(公告)号：US20170286673A1
公开(公告)日：2017-10-05
申请号：US15086490
申请日：2016-03-31
申请人： Bitdefender IPR Management Ltd.
发明人： Sandor LUKACS , Andrei V. LUTAS
IPC分类号： G06F21/55 , G06F9/455 , G06F21/56 , G06F21/51
CPC分类号： G06F21/554 , G06F9/445 , G06F9/45558 , G06F21/51 , G06F2009/45583 , G06F2009/45587 , G06F2221/033
摘要： Described systems and methods enable enforcing application control remotely and automatically, on a relatively large number of client systems (e.g., a corporate network, a virtual desktop infrastructure system, etc.). An application control engine executes outside a virtual machine exposed on a client system, the application control engine configured to enforce application control within the virtual machine according to a set of control policies. When a policy indicates that a specific process is not allowable on the respective client system, the app control engine may prevent execution of the respective process. To assist in data gathering and/or other activities associated with application control, some embodiments temporarily drop a control agent into the controlled virtual machine.

5. 发明申请

US20160210069A1 Systems and Methods For Overriding Memory Access Permissions In A Virtual Machine 审中-公开
标题翻译：用于覆盖虚拟机中的内存访问权限的系统和方法
公开(公告)号：US20160210069A1
公开(公告)日：2016-07-21
申请号：US14601475
申请日：2015-01-21
申请人： Bitdefender IPR Management Ltd.
发明人： Andrei V. LUTAS , Sandor LUKACS
IPC分类号： G06F3/06 , G06F12/10
CPC分类号： G06F3/0622 , G06F3/0637 , G06F3/0664 , G06F3/0673 , G06F9/45558 , G06F2009/45575 , G06F2009/45579
摘要： Described systems and methods allow an instruction that violates memory access permissions within a virtual machine to execute natively (i.e., within the respective virtual machine), when such execution is deemed acceptable by security software executing at the level of the hypervisor. In some embodiments, the processor is endowed with a register having a set of control fields (e.g., control bits) that regulate permission overrides. Control fields may be accessible to software via a VM state object such as the VMCS on Intel® platforms.
摘要翻译：所描述的系统和方法允许违反虚拟机内的存储器访问许可的指令在本机（即，在相应的虚拟机内）中执行，当这种执行被视为在管理程序级别执行的安全软件被认为可接受时。在一些实施例中，处理器被赋予具有调节许可覆盖的一组控制字段（例如，控制位）的寄存器。控制字段可以通过VM状态对象（如英特尔®平台上的VMCS）访问软件。

6. 发明申请

US20160048458A1 Computer Security Systems and Methods Using Hardware-Accelerated Access To Guest Memory From Below The Operating System 审中-公开
标题翻译：计算机安全系统和方法使用从操作系统下面的访客内存的硬件加速访问
公开(公告)号：US20160048458A1
公开(公告)日：2016-02-18
申请号：US14459620
申请日：2014-08-14
申请人： Bitdefender IPR Management Ltd.
发明人： Andrei V. LUTAS , Sandor LUKACS
IPC分类号： G06F12/14 , G06F9/455
CPC分类号： G06F9/45558 , G06F21/53 , G06F2009/45583
摘要： Described systems and methods allow computer security software to access a memory of a host system with improved efficiency. A processor and a memory management unit (MMU) of the host system may be configured to perform memory access operations (read/write) in a target memory context, which may differ from the implicit memory context of the currently executing process. In some embodiments, the instruction set of the processor is extended to include new categories of instructions, which, when called from outside a guest virtual machine (VM) exposed by the host system, instruct the processor of the host system to perform memory access directly in a guest context, e.g., in a memory context of a process executing within the guest VM.
摘要翻译：描述的系统和方法允许计算机安全软件以提高的效率访问主机系统的存储器。主机系统的处理器和存储器管理单元（MMU）可以被配置为在目标存储器上下文中执行存储器访问操作（读/写），其可以与当前执行的进程的隐式存储器上下文不同。在一些实施例中，处理器的指令集被扩展以包括新类别的指令，当从主机系统公开的来宾虚拟机（VM）外部被调用时，指示主机系统的处理器直接执行存储器访问在访客上下文中，例如，在访客VM内执行的进程的内存上下文中。

7. 发明申请

US20140245444A1 Memory Introspection Engine for Integrity Protection of Virtual Machines 有权
标题翻译：内存反思引擎，用于虚拟机的完整性保护
公开(公告)号：US20140245444A1
公开(公告)日：2014-08-28
申请号：US13774720
申请日：2013-02-22
申请人： BITDEFENDER IPR MANAGEMENT LTD.
发明人： Andrei V. LUTAS , Sandor LUKACS , Dan H. LUTAS
IPC分类号： H04L29/06
CPC分类号： H04L63/1441 , G06F9/455 , G06F9/45558 , G06F12/109 , G06F12/1466 , G06F12/1491 , G06F21/53 , G06F21/56 , G06F21/562 , G06F21/566 , G06F21/6227 , G06F2009/45583 , G06F2009/45591
摘要： Described systems and methods allow protecting a computer system from malware, such as viruses and rootkits. In some embodiments, a hypervisor configures a hardware virtualization platform hosting a set of operating systems (OS). A memory introspection engine executing at the processor privilege level of the hypervisor dynamically identifies each OS, and uses an protection priming module to change the way memory is allocated to a target software object by the memory allocation function native to the respective OS. In some embodiments, the change affects only target objects requiring malware protection, and comprises enforcing that memory pages containing data of the target object are reserved exclusively for the respective object. The memory introspection engine then write-protects the respective memory pages.
摘要翻译：描述的系统和方法允许保护计算机系统免受恶意软件，例如病毒和rootkit。在一些实施例中，管理程序配置托管一组操作系统（OS）的硬件虚拟化平台。在管理程序的处理器特权级别下执行的内存反省引擎动态地标识每个OS，并且使用保护启动模块来改变通过相应OS原生的存储器分配功能将存储器分配给目标软件对象的方式。在一些实施例中，该改变仅影响需要恶意软件保护的目标对象，并且包括执行包含目标对象的数据的存储器页面专用于相应对象。内存自省引擎然后对相应的内存页进行写保护。

8. 发明申请

US20170039371A1 Computer Security Systems and Methods Using Asynchronous Introspection Exceptions 有权
标题翻译：使用异步反思异常的计算机安全系统和方法
公开(公告)号：US20170039371A1
公开(公告)日：2017-02-09
申请号：US15209317
申请日：2016-07-13
申请人： Bitdefender IPR Management Ltd.
发明人： Sandor LUKACS , Cristian B. SIRB , Andrei V. LUTAS
IPC分类号： G06F21/56 , G06F3/06
CPC分类号： G06F21/564 , G06F3/0622 , G06F3/0653 , G06F3/0673 , G06F21/53 , G06F21/54 , G06F21/55
摘要： Described systems and methods enable an efficient analysis of security-relevant events, especially in hardware virtualization platforms. In some embodiments, a notification handler detects the occurrence of an event within a virtual machine, and communicates the respective event to security software. The security software then attempts to match the respective event to a collection of behavioral and exception signatures. An exception comprises a set of conditions which, when satisfied by an tuple, indicates that the respective entity is not malicious. In some embodiments, a part of exception matching is performed synchronously (i.e., while execution of the entity that triggered the respective event is suspended), while another part of exception matching is performed asynchronously (i.e., after the triggering entity is allowed to resume execution).
摘要翻译：描述的系统和方法能够有效地分析与安全相关的事件，特别是在硬件虚拟化平台中。在一些实施例中，通知处理程序检测虚拟机内的事件的发生，并将相应事件传送到安全软件。安全软件然后尝试将相应的事件与行为和异常签名的集合相匹配。一个例外包括一组条件，当满足元组时，表示相应的实体不是恶意的。在一些实施例中，异步匹配的一部分被同步执行（即，当触发相应事件的实体的执行被暂停时），而异步匹配的另一部分被异步地执行（即，在触发实体被允许恢复执行之后）。

9. 发明申请

US20150370724A1 Systems And Methods For Dynamically Protecting A Stack From Below The Operating System 有权
标题翻译：用于从操作系统下方动态保护堆栈的系统和方法
公开(公告)号：US20150370724A1
公开(公告)日：2015-12-24
申请号：US14312712
申请日：2014-06-24
申请人： Bitdefender IPR Management Ltd.
发明人： Andrei V. LUTAS
IPC分类号： G06F12/14 , G06F12/10
CPC分类号： G06F12/145 , G06F12/1009 , G06F12/1483 , G06F21/53 , G06F21/554 , G06F2212/1052 , G06F2212/65
摘要： Described systems and methods allow protecting a host system against malware, using hardware virtualization technology. A memory introspection engine executes at the level of a hypervisor, protecting a virtual machine (VM) from exploits targeting the call stack of a thread executing within the respective VM. The introspection engine identifies a virtual memory page reserved for the stack, but not committed to the stack, and intercepts an attempt to write to the respective page. In response to intercepting the write attempt, the memory introspection engine marks the respective page as non-executable, thus protecting the stack against exploits.
摘要翻译：描述的系统和方法允许使用硬件虚拟化技术来保护主机系统免受恶意软件攻击。内存自省引擎在虚拟机管理程序的级别执行，保护虚拟机（VM）免受针对在相应VM内执行的线程的调用堆栈的攻击。内省引擎识别为堆栈保留但未提交给堆栈的虚拟内存页面，并拦截尝试写入相应的页面。响应于拦截写入尝试，内存反省引擎将相应页面标记为不可执行，从而保护堆栈免受漏洞利用。

10. 发明申请

US20150101049A1 Complex Scoring for Malware Detection 有权
标题翻译：恶意软件检测的复杂评分
公开(公告)号：US20150101049A1
公开(公告)日：2015-04-09
申请号：US14046728
申请日：2013-10-04
申请人： Bitdefender IPR Management Ltd.
发明人： Sandor LUKACS , Raul V. TOSA , Paul BOCA , Gheorghe HAJMASAN , Andrei V. LUTAS
IPC分类号： G06F21/56 , H04L29/06
CPC分类号： G06F21/566 , G06F9/45558 , G06F21/554 , G06F2009/45587 , G06F2221/033 , G06F2221/2145 , H04L63/14
摘要： Described systems and methods allow protecting a computer system from malware such as viruses, Trojans, and spyware. For each of a plurality of executable entities (such as processes and threads executing on the computer system), a scoring engine records a plurality of evaluation scores, each score determined according to a distinct evaluation criterion. Every time an entity satisfies an evaluation criterion (e.g, performs an action), the respective score of the entity is updated. Updating a score of an entity may trigger score updates of entities related to the respective entity, even when the related entities are terminated, i.e., no longer active. Related entities include, among others, a parent of the respective entity, and/or an entity injecting code into the respective entity. The scoring engine determines whether an entity is malicious according to the plurality of evaluation scores of the respective entity.
摘要翻译：描述的系统和方法允许保护计算机系统免受诸如病毒，特洛伊木马和间谍软件的恶意软件。对于多个可执行实体（诸如在计算机系统上执行的进程和线程）中的每一个，评分引擎记录多个评估分数，每个分数根据不同的评估标准确定。每当实体满足评估标准（例如执行动作）时，更新实体的相应得分。更新实体的分数可以触发与相应实体相关的实体的得分更新，即使相关实体被终止，即不再有效。相关实体包括各自实体的父母，和/或将代码注入相应实体。评分引擎根据相应实体的多个评价分数确定实体是否是恶意的。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式