专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08826033B1 Data protection using virtual-machine-specific stable system values 有权
标题翻译：使用虚拟机特定的稳定系统值进行数据保护
公开(公告)号：US08826033B1
公开(公告)日：2014-09-02
申请号：US12644195
申请日：2009-12-22
申请人： Ajay Venkateshan Krishnaprasad , Parasuraman Narasimhan , Robert Polansky , Magnus Nyström
发明人： Ajay Venkateshan Krishnaprasad , Parasuraman Narasimhan , Robert Polansky , Magnus Nyström
IPC分类号： G06F21/22
CPC分类号： G06F21/53 , G06F21/554
摘要： A virtual machine on a physical host computer provides controlled access to protected data by creating and storing a “stored system fingerprint” from stable system values (SSVs) as existing when creating the stored system fingerprint. The SSVs include virtual-machine-specific values that change upon cloning the virtual machine (VM) but do not change upon migration of the VM. Upon a request for access to the protected data, a current system fingerprint is calculated from the SSVs as existing when processing the request, the current system fingerprint is compared to the stored system fingerprint to determine whether there is a predetermined degree of matching, and the requested access to the protected data is permitted only if there is the predetermined degree of matching.
摘要翻译：物理主机上的虚拟机通过在创建存储的系统指纹时，从存在的稳定系统值（SSV）中创建并存储“存储的系统指纹”来提供受保护数据的受控访问。 SSV包括在克隆虚拟机（VM）时进行更改但在迁移VM时不会更改的虚拟机特定值。在请求访问受保护的数据时，当处理请求时，从存在的SSV计算当前系统指纹，将当前系统指纹与存储的系统指纹进行比较，以确定是否存在预定的匹配度，并且仅当存在预定匹配度时才允许对受保护数据的访问。

2. 发明授权

US08479276B1 Malware detection using risk analysis based on file system and network activity 有权
标题翻译：基于文件系统和网络活动的风险分析的恶意软件检测
公开(公告)号：US08479276B1
公开(公告)日：2013-07-02
申请号：US12981072
申请日：2010-12-29
申请人： Alex Vaystikh , Robert Polansky , Samir Dilipkumar Saklikar , Liron Liptz
发明人： Alex Vaystikh , Robert Polansky , Samir Dilipkumar Saklikar , Liron Liptz
IPC分类号： G06F7/04
CPC分类号： G06F21/577
摘要： A virtual machine computing platform uses a security virtual machine (SVM) in operational communications with a risk engine which has access to a database including stored patterns corresponding to patterns of filtered operational data that are expected to be generated during operation of the monitored virtual machine when malware is executing. The stored patterns may have been generated during preceding design and training phases. The SVM is operated to (1) receive raw operational data from a virtual machine monitor, the raw operational data obtained from file system operations and network operations of the monitored virtual machine; (2) apply rule-based filtering to the raw operational data to generate filtered operational data; and (3) in conjunction with the risk engine, perform a mathematical (e.g., Bayesian) analysis based on the filtered operational data and the stored patterns in the database to calculate a likelihood that the malware is executing in the monitored virtual machine. A control action is taken if the likelihood is sufficiently high.
摘要翻译：虚拟机计算平台使用安全虚拟机（SVM）与风险引擎进行操作通信，所述风险引擎可以访问数据库，所述数据库包括对应于预期在所监视的虚拟机的操作期间生成的经过过滤的操作数据的模式的存储模式，恶意软件正在执行。存储的模式可能在以前的设计和训练阶段已经生成。运行SVM以（1）从虚拟机监视器接收原始操作数据，从文件系统操作获得的原始操作数据和被监视虚拟机的网络操作; （2）对原始操作数据应用基于规则的过滤以生成经过滤的操作数据; 和（3）结合风险引擎，基于过滤的操作数据和数据库中存储的模式执行数学（例如，贝叶斯）分析，以计算恶意软件在被监视的虚拟机中执行的可能性。如果可能性足够高，则采取控制措施。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式