CN102741853A - 用于利用虚拟机包裹应用来防止数据丢失的系统和方法 - Google Patents

用于利用虚拟机包裹应用来防止数据丢失的系统和方法 Download PDF

Info

Publication number
CN102741853A
CN102741853A CN2010800510856A CN201080051085A CN102741853A CN 102741853 A CN102741853 A CN 102741853A CN 2010800510856 A CN2010800510856 A CN 2010800510856A CN 201080051085 A CN201080051085 A CN 201080051085A CN 102741853 A CN102741853 A CN 102741853A
Authority
CN
China
Prior art keywords
data
virtual machine
application
selected standard
strategy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2010800510856A
Other languages
English (en)
Other versions
CN102741853B (zh
Inventor
索纳丽·阿伽沃尔
李·科德尔·劳森·塔尔布坦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
McAfee LLC
Original Assignee
McAfee LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by McAfee LLC filed Critical McAfee LLC
Publication of CN102741853A publication Critical patent/CN102741853A/zh
Application granted granted Critical
Publication of CN102741853B publication Critical patent/CN102741853B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6281Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/128Restricting unauthorised execution of programs involving web programs, i.e. using technology especially used in internet, generally interacting with a web browser, e.g. hypertext markup language [HTML], applets, java
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

一个示例性实现方式中的方法包括选择至少一个标准以用于控制从虚拟机内的数据传送。至少一个应用被包括在该虚拟机内,该虚拟机包括策略模块。所选标准对应于与该策略模块相关联的至少一个策略。该方法还包括评估该策略的所选标准以许可对于从该虚拟机内传送数据的尝试。在更具体的实施例中,该策略可包括多个所选标准,其中有许可传送数据到第一应用的第一所选标准和禁止传送数据到第二应用的第二所选标准。在另一具体实施例中,该方法可包括通过管理模块更新该策略模块以修改所选标准。

Description

用于利用虚拟机包裹应用来防止数据丢失的系统和方法
技术领域
本公开概括来说涉及安全性的领域,更具体而言涉及在虚拟环境中防止数据丢失。
背景技术
网络安全性的领域在当今的社会中已变得越来越重要了。尤其,有效地保护计算机、系统和存在于这样的计算机和系统上的数据的能力对于组件制造商、系统设计者和网络运营者成为了严重障碍。由于持续发展的安全性威胁,使得此障碍更加困难了。虚拟化是一种软件技术,其允许一完整的操作系统在隔离的虚拟环境(通常称为虚拟机)上运行,在该处平台的物理特性和行为被再现。虚拟化还可支持在虚拟机内执行单个应用。虚拟机可代表配备有虚拟硬件(处理器、存储器、盘、网络接口等等)的隔离虚拟环境(位于主机操作系统(OS)上面或者仅仅在硬件上运行)。通常,虚拟机由虚拟化产品来管理。虚拟机监视器(VMM)通常是管理来自访客OS的硬件请求(例如,模拟来自真实硬件的应答)的虚拟化软件层。超级监督者(hypervisor)通常是允许多个操作系统同时在主机计算机上运行的计算机软件/硬件平台虚拟化软件。应用代表了虚拟环境中的独特挑战,因为它们可很容易被操纵以便感染给定的计算机系统。安全性专业人员和网络管理员应当考虑这些问题以便保护计算机和系统抵御新兴的安全性威胁。
附图说明
为了提供对本公开及其特征和优点的更完整理解,参考以下结合附图来理解的描述,附图中相似的标号表示相似的部件,其中:
图1是根据一个实施例的用于利用虚拟机包裹应用(virtual machinewrapped application)来防止数据丢失的系统的简化框图;
图2是用于利用虚拟机包裹应用来防止数据丢失的系统的示例性实施例的简化框图;
图3是示出根据一个实施例的与该系统相关联的一系列示例性步骤的简化流程图;并且
图4是示出根据另一实施例的与该系统相关联的一系列示例性步骤的简化流程图。
具体实施方式
概述
一个示例性实现方式中的方法包括选择至少一个标准以用于控制从虚拟机内的数据传送。至少一个应用被包括在该虚拟机内并且虚拟机包括策略模块。所选标准对应于与该策略模块相关联的至少一个策略。该方法还包括评估该策略的所选标准以许可对于从该虚拟机内传送数据的尝试。在更具体的实施例中,该策略包括多个所选标准,其中包括许可传送数据到第一其他应用的第一所选标准和禁止传送数据到第二其他应用的第二所选标准。在其他更具体的实施例中,如果多个用户之一的客户端设备正从受保护的网络环境内请求访问该应用,则所选标准许可传送数据到该客户端设备。在另一更具体的实施例中,该方法包括通过管理模块更新该策略模块以修改所选标准。
示例件实施例
图1是用于利用虚拟机包裹应用在虚拟环境中保护数据抵御意外和故意的泄漏的系统10的简化框图。系统10可包括多个虚拟机12、14、24和26,以及操作系统30。系统10还可包括虚拟机监视器16,该虚拟机监视器16包括存储器元件18、策略管理模块20和处理器22。存储器元件18可包含主镜像38,该主镜像38带有与在系统10内使用的软件的最新近版本相对应的存储条目。虚拟机12、14、24和26中的每一个分别包括相关联的防火墙策略模块34a、34b、34c和34d。图1中未示出的有采取存储器管理单元(MMU)、对称多重处理(SMP)元件、物理存储器、以太网、小型计算机系统接口(SCSI)/集成驱动电子电路(IED)元件等等的形式的可适当地耦合到操作系统30和虚拟机监视器16(例如在其逻辑表示下提供)的另外硬件。
在示例性实施例中,系统10把每个应用或应用的套件包裹在虚拟机内以便保护与该应用相关联的数据抵御意外和故意的泄漏。为了例示系统10的技术,理解在给定网络内发生的活动是重要的。以下基本信息可被视为一个基础,基于该基础可以适当地说明本公开。这种信息只是出于说明目的而真诚提供的,因此不应以任何方式被解释为限制本公开的宽广范围及其可能应用。
包括局域网(LAN)、广域网(WAN)、校园区域网(CAN)、内联网和外联网等等的典型网络环境被企业、学校和其他组织用于将多个个人计算机或客户端设备连同允许客户端设备访问与该组织的功能有关的共享数据和应用的服务器链接在一起。此外,这些网络经常被配置为提供从网络中的客户端设备到因特网的因特网连接,以使能访问万维网以及可能的其他网络。这些组织维护的数据通常包括各种类型和程度的机密数据,其中诸如工资记录和法律文档之类的数据经常要求很高程度的保护,而诸如客户销售之类的数据可要求较低程度的保护。网络管理员通常配置其网络以允许特定的人(或者人的群组)访问特定的应用,这取决于与这些应用相关联的机密数据的类型和程度。例如,在人力资源部门内工作的人将可能拥有对与人力资源部门相关联的数据和应用的访问权限,而没有对与法律部门相关联的数据和应用的访问权限。此类安全性通常是在操作系统级应用的。
单是操作系统级的安全性是有缺陷的,因为其依赖于个体适当地控制数据和应用以避免机密数据的意外和故意误用。当多个应用在操作系统上运行时,可利用操作系统剪贴板、文件系统等等(例如,利用拷贝和粘贴功能、保存、移动、发送到、导入和导出型功能等等)在这些应用之间共享数据。从而,访问法律部门数据的授权用户可能错误地(或者故意地)与另一用户共享机密的法律文件或数据,而该另一用户未被授权访问这样的信息。这例如可通过在法律应用和另一应用之间使用拷贝和粘贴功能以把机密数据存储在组织中的未授权用户能够访问的不受保护的存储器空间中来实现。在另一示例中,用户可从法律应用向未授权用户用电子邮件发送一消息,该消息包含被拷贝到该消息中或作为附件包括的机密数据。此外,临时文件也可有泄漏机密数据的危险,因为它们通常在操作系统内是可用的。如果一应用在所有临时文件被删除之前终止,则这些剩余的临时文件可被精明的用户或者被恶意的第三方软件所访问。临时文件可包含来自被授权用户运行的应用的机密数据,或者下载的其他信息,例如用户的银行账户的详情。这种临时文件有暴露的危险,因为它们经常未被保护。
当授权用户从未受保护或不那么安全的环境访问其组织的网络时,也可发生数据泄漏问题。例如,用户经常把其膝上型计算机带回家或者以其他方式带到公司环境之外并且远程地登录到其组织的网络。这种网络通常具有防火墙,防火墙是被配置为控制发送到/发送自该网络的计算机流量的一个或一组设备。防火墙通常被设计为阻止未经授权的访问,而基于一组规则和其他标准来许可经授权的通信。即使有了适当的防火墙保护,在例如授权用户从不那么安全的(远程)位置访问网络并且开始取回机密数据的情况下,数据泄漏也可发生。机密数据可从受防火墙保护的网络行经诸如电话线、线缆调制解调器、光缆、卫星、微波、路由器、网关、交换机等等之类的各种通信路径和联网设备去到用户的计算机。此外,用户的计算机在远程访问组织的网络时可不再被防火墙保护,从而将用户的计算机暴露于各种形式的恶意软件,这可将机密数据置于危险之中。
如图1概略示出的用于防止数据丢失的系统可解决这些问题中的许多。根据一个示例性实现方式,提供了一种应用以将网络中使用的每个应用或应用套件封装或包裹在虚拟机内。去往和来自每个虚拟机的访问可受相关联的防火墙(即安全性)策略或任何其他适当的安全性保护措施的控制。可能由相关联的防火墙策略定义的机密数据可被包含在虚拟机包裹应用内,以使得拷贝和粘贴缓冲器和临时文件将不能通过虚拟机下层的操作系统来访问。此外,虚拟机包裹在操作系统上面提供了额外的一层安全性,这可防止对存储机密数据的存储器的直接访问。可评估相关联的防火墙策略来判定虚拟机包裹应用是否被允许共享数据(例如,利用拷贝和粘贴缓冲器、保存、移动、发送到和导入/导出型功能、电子邮件等等)。例如,第一虚拟机包裹应用可被允许与第二虚拟机包裹应用共享机密数据,但不被允许与第三虚拟机包裹应用和可能不具有虚拟机包裹的第四应用共享机密数据。从而,系统10可在每个应用或应用套件周围提供聚焦的、特定的安全性,以控制由用户和其他虚拟机进行的访问。这种系统可允许在主操作系统上运行或在诸如末端用户的客户端设备之类的特定设备的操作系统上运行的任何应用被包裹在虚拟机内。另外,系统10可自动生成并维护或者网络管理员可配置并维护表示软件的特定版本(例如最新近版本)的主镜像38,从而使得每个虚拟机包裹应用可根据需要被更新。
一般地,虚拟机可被实现为运行完整的操作系统及其相关联的应用(系统虚拟机),或者运行单个应用或应用套件(进程虚拟机)。虚拟机可实现为类型1,即在主机操作系统下面、直接在硬件上运行,或者实现为类型2,即在主机操作系统上面运行。系统虚拟机和进程虚拟机都可具有某种类型的虚拟化软件,该虚拟化软件管理虚拟机和任何访客操作系统。如本说明书中这里所使用的,术语“虚拟机监视器”意欲包括超级监督者,或者其他能够操作以管理一个或多个虚拟机并且允许期望的策略管理的其他软件或对象,如下所详述。
注意,在计算中,与仅包含数据的文件不同,可执行(文件)可使得计算机根据编码的指令来执行所指示的任务。包含对于解释器或虚拟机的指令的文件可被认为是“可执行文件”或“二进制文件”,与程序源代码形成对比。(如本说明书中这里所使用的)更一般的术语“对象”意欲包括被试图调用、发起或以其他方式执行的任何这种可执行文件、二进制文件、内核模块等等。
转到图1的基础设施,虚拟机监视器16可被实现为管理多个应用,这多个应用各自由虚拟机12、14、24和26单独包裹。在一种示例性实现方式中,虚拟机监视器16可被认为是在主操作系统30上面运行的虚拟化软件,并且多个虚拟机12、14、24和26也在现有操作系统30上面运行。然而,基于特定的环境或者根据特定的用户需求,虚拟机监视器16可被实现为超级监督者以仅仅在硬件上运行,并且每个虚拟机12、14、24和26运行其自己的操作系统。虚拟机监视器16可以是服务器、防火墙的一部分或者更一般地说是计算机的一部分。此外,以下内容是在本公开的宽广教导内的:包括策略管理模块20和主镜像38的虚拟机监视器16可位于网络的中央库(例如IT总部)中,供网络管理员直接访问以配置和维护系统。在图1中所示的一个示例性实施例中,有包裹在虚拟机12中的人力资源应用28、包裹在虚拟机14中的客户销售应用32、包括在虚拟机24中的具有多个应用的应用套件40以及包裹在虚拟机26中的
Figure BPA00001549676100061
应用44。应用套件40例如可包括诸如
Figure BPA00001549676100062
Word、
Figure BPA00001549676100064
之类的捆绑的软件应用。
在此示例性实施例中,诸如网络管理员之类的具有适当权力的用户被提供以用于管理虚拟机12、14、24和26和相关联的防火墙策略模块34a、34b、34c和34d的完整设置的接口。此管理可包括虚拟机监视器和虚拟机的配置、虚拟机的创建、删除、修改、关闭、更新和启动,等等。该接口可允许网络管理员最初配置和维护包括与网络内的应用的特定版本相对应的条目的主镜像38。或者,系统10可自动生成和更新主镜像38。通过策略管理模块20,网络管理员可为要通过各个防火墙策略模块34a、34b、34c和34d应用到每个虚拟机12、14、24和26的策略选择期望的特定标准。可依据例如以下因素来调整这些策略以为数据符合特定的期望安全性:通过虚拟机包裹应用可访问的数据的机密性、试图访问数据的特定用户、特定的职位、特定的部门类型、特定的信息时间戳、数据访问请求发源的特定位置、数据访问请求发源的特定日和特定的当日时间、特别配置的许可,等等。一旦虚拟机12、14、24和26被配置以相关联的防火墙策略模块34a、34b、34c和34d,这些虚拟机就可被部署到授权用户可以访问的目标计算机,例如末端用户的客户端设备、服务器或者任何其他被配置为容宿虚拟机包裹应用的设备。策略管理模块20还被配置为允许网络管理员根据需要维护虚拟机12、14、24和26以及更新或改变防火墙策略模块34a、34b、34c和34d上的安全性策略。
与系统10相关联的第一级安全性可涉及认证。认证判定用户是否被授权访问网络并且判定在网络内用户被允许访问哪些特定应用或数据。虽然认证通常是在操作系统级应用的,但认证过程的至少一部分也可通过防火墙策略模块34a、34b、34c和34d来应用。一旦授权用户被准予访问虚拟机12、14、24或26内的应用,相关联的防火墙策略模块34a、34b、34c或34d就可限制该用户在该应用内能够做什么。在一个示例性实施例中,可以向用于人力资源虚拟机12的防火墙策略模块34a应用策略,防止授权用户把诸如员工薪酬数据之类的机密数据从人力资源虚拟机12传送(例如拷贝、粘贴、移动、发送、导出、用电子邮件发送等等)到另一应用或用户,例如应用套件虚拟机24。或者,如果用户具有更高批准级别的授权,则策略可被调整以允许带有数据跟踪的数据传送。在此情形中,当用户被允许从人力资源应用虚拟机12传送机密数据到另一应用或用户时,所传送的机密数据可被记录在存储器元件中存储的数据日志中。如本说明书中这里所使用的,术语“传送”意欲涵盖与拷贝、剪切、粘贴、保存、移动、发送、导入、导出、用电子邮件发送或以其他方式操作数据相关联的任何操作。
在防火墙策略模块34a、34b、34c和34d内可使用的另一种形式的策略包括与用户从其请求访问特定应用的环境有关的策略。例如,如果用户在其物理上位于网络的安全环境内时从客户端设备(例如膝上型计算机等等)请求访问人力资源虚拟机12,则防火墙策略模块34a可执行检查以判定用户是否在安全环境内并且相应地允许访问。然而,如果用户在办公室外,例如在通勤列车上,并且因此在网络的安全环境之外,那么因为人力资源虚拟机12内的信息的机密性,防火墙策略模块34a的策略可被配置为禁止用户访问虚拟机12内的人力资源应用。从而,当用户在不那么安全的环境中时,协议可防止用户可能泄漏数据。本公开的范围意图涵盖特定的组织为了控制从其网络内的其一个或多个应用的数据泄漏而所想要的任何类型或组合的防火墙策略。这种策略包括但不限于:限制特定应用之间的数据移动的策略、依据用户的环境限制应用访问的策略、依据请求访问的当日时间或特定日限制应用访问的策略、以及限制从特定应用到特定个体或个体群组的数据移动的策略。
转到图2,图2是示出根据本公开的利用虚拟机包裹应用的数据丢失防止系统50的一种实现方式的简化框图。在此示例性实现方式中,诸如公司或其他企业实体之类的组织的网络设有机器60,机器60逻辑地连接到可以是组织的网络基础设施的一部分的邮件服务器56、中央知识产权存储库54以及中央人力资源系统52。应当注意,术语“机器”可与术语“计算机”互换。机器60包括共同操作环境72(例如操作系统)中的应用。这些应用包括邮件客户端64,该邮件客户端64连接到邮件服务器56,用于发送和接收不与在虚拟环境内保护的数据或应用相关联或链接的电子邮件通信。机器60还包括虚拟机66,用于访问中央知识产权存储库54。虚拟机66包括防火墙策略模块68和邮件客户端70,用于从虚拟机66发送和接收电子邮件。安全邮件代理58把虚拟机66中的邮件客户端70连接到网络上的邮件服务器56。机器60还可配置有USB驱动器62。
在图2中所示的实现方式中,机器60可由作为组织的研究负责人的用户操作。系统50可要求认证用户被授权使用机器60来访问网络内的各种资源。这种认证可由操作系统执行,其中唯一的用户ID和口令被确证。一旦用户被适当地认证,他/她就可被允许访问组织内的某些资源。例如,作为研究负责人,用户可被允许访问中央知识产权存储库54,但不被允许中央人力资源系统52,如图2中将机器60连接到中央人力资源系统52的虚线所例示的。在替换实施例中,用户可被允许仅针对特定的机密数据访问中央人力资源系统52,所述特定的机密数据例如是与向该用户负责的研究部门中的员工相对应的数据。允许或阻止对特定资源或应用的访问可通过操作系统使用上述认证机制来实现。然而,配置系统以在特定的虚拟机包裹应用的相关联的防火墙策略模块内执行对访问该虚拟机包裹应用的认证,是在本公开的宽广教导内的。具体而言,可以向防火墙策略模块应用具有所选标准的策略,该所选标准被评估以判定用户是否被允许访问特定的虚拟机包裹应用。如果被授权,则用户可通过虚拟机66访问中央知识产权存储库54。与虚拟机66相关联的防火墙策略模块68可被配置有具有所选标准的策略以控制从中央知识产权存储库54的数据传送。例如,所选标准可允许用户访问中央知识产权存储库54内的机密数据,但不允许数据被拷贝和粘贴、移动、导出、以电子邮件发送或以其他方式传送到另一应用。在用户被给予对中央人力资源系统52的有限访问权限的上述替换实施例中,与防火墙策略模块68相关联的策略中的所选标准可以只允许与特定员工有关的机密数据被该用户访问。所选标准可允许或不允许用户将可访问的数据传送到其他应用。如这里前文所述,所选标准可被配置为允许到某些应用的数据传送并且禁止到其他应用的数据传送,这是在本公开的宽广教导内的。
在图2中所示的特定的示例性实现方式中,用户被允许从虚拟机66内访问电子邮件。在此情形中,从虚拟机66发送的任何电子邮件在被发送到邮件服务器56之前被传送到安全邮件代理58。在安全邮件代理58中,电子邮件被就该特定应用所保护的任何机密数据加以审查。从而,防火墙策略模块68的所选标准可被应用到该电子邮件的内容、附件和路由。保持一日志以用于记录与被允许从安全邮件代理58发送的数据相对应的条目,从而允许组织跟踪在组织中的应用和用户之间共享的特定数据,这也是在本公开的宽广教导内的。最后,USB驱动器62是机器60的共同操作环境72可访问的,其中防火墙策略模块68可包括具有防止虚拟机66与USB端口通信的所选标准的策略。这防止了用户把受保护的数据拷贝到USB驱动器62上的闪存盘,而且其还保护了虚拟机包裹应用以免与通过USB驱动器62引入到机器60的任何软件应用通信。利用相关联的防火墙策略模块对个体应用的这种虚拟化对于保护数据抵御通过USB驱动器62引入到机器60的受感染软件尤其有用。虚拟机66的用户因此可被限制到虚拟机包裹应用内的特定任务以便降低弄乱或危害机密数据的能力。
转到图3,图3是示出与数据丢失防止系统的一种实现方式相关联的数个示例性步骤的简化流程图100。该流程可开始于步骤110,在该步骤中接收对访问受限数据的请求。在步骤120,应答关于是否允许对访问受限数据的请求的查询。如果不授权对访问受限数据的请求,则流程移动到步骤122,在该步骤中拒绝请求。如果授权对访问受限数据的请求,则流程移动到步骤124,在该步骤中进行关于中央库是否可用于主镜像检查的查询。如果中央库不可用,则流程移动到步骤126,在该步骤中访问将依据策略的标准,其中标准是网络管理员预先选择的。例如,如果数据是高度机密的,则所选标准可要求虚拟机被禁止操作,直到中央库可用于主镜像检查为止。然而,如果数据具有较低程度的机密性,那么即使中央库没有检查主镜像,所选标准也可允许虚拟机访问。如果在步骤124中中央库可用于主镜像检查,则流程移动到步骤130,在该步骤中进行关于客户端是否具有经认可的(即新近版本的)虚拟机的查询。此检查是通过搜索主镜像38以判定包括但不限于应用、虚拟机和防火墙策略模块在内的软件是否是新近的来执行的。如果客户端没有经认可的虚拟机,则流程转到步骤140,在该步骤中虚拟机被下载或更新以包含正确的软件并且流程转回到步骤130中的查询。如果在步骤130中查询到客户端有经认可的虚拟机,则流程转到步骤150以允许访问虚拟机。在步骤124处中央库不可用于主镜像检查、但所选标准却允许访问受限数据的情形中,那么下次中央库在对访问受限数据的请求期间可用于主镜像检查时,虚拟机包裹应用如果不是新近的则将在步骤140被更新。根据本公开中的教导,如上所详述的,依据与虚拟机相关联的特定防火墙策略模块的策略中的所选标准可在虚拟机内限制用户传送数据的能力。
可在各种位置(例如中央库或IT总部)提供用于配置和维护虚拟机包裹应用和相关联的防火墙策略模块的软件。在其他实施例中,可从web服务器接收或下载此软件(例如,在为单独的网络、设备、虚拟机、服务器等等购买个体末端用户许可证的情境中),以便提供这个利用虚拟机包裹应用来防止数据丢失的系统。一旦最初已配置了虚拟机包裹应用和相关联的防火墙策略模块,则也可在各种位置(例如在防火墙策略模块34a、34b、34c和34d内)提供用于控制从网络中的虚拟机包裹应用内的数据传送的软件。在一种示例性实现方式中,此软件存在于试图要保护以抵御安全性攻击(或者要保护以抵御对数据的不想要的或未经授权的操纵)的计算机中。在更详细的配置中,此软件具体存在于虚拟机的安全性层中并且提供了虚拟机与下层的操作系统之间以及虚拟机与系统内的其他虚拟机之间的接口,这些其他虚拟机也可包括图1所示的组件(或以其他方式与这些组件相接口)。
在其他示例中,数据丢失防止软件可涉及专有元件(例如作为网络安全性认证方案的一部分),该专有元件可在这些标识出的元件中(或在其附近)提供,或者在任何其他设备、服务器、网络用具、控制台、防火墙、交换机、信息技术(IT)设备等等中提供,或者作为补充方案(例如结合防火墙)提供,或者配设在网络中的某个地方。如本说明书中这里使用的,术语“计算机”意欲涵盖可操作来在安全性环境中影响或处理电子信息的这些可能的元件(VMM、超级监督者、Xen设备、虚拟机或其他设备、网络用具、路由器、交换机、网关、处理器、服务器、负载均衡器、防火墙或任何其他适当的设备、机器、组件、元件或对象)。此外,此计算机可包括促进其操作的任何适当的硬件、软件、组件、模块、接口或对象。这可包括允许对数据的有效保护的适当算法和通信协议。此外,可按任何适当的方式来整合数据丢失防止系统。根据类似的设计替换,图1和2的任何图示的模块和组件可按各种可能的配置组合,所有这些配置都显然在本说明书的宽广范围内。
在某些示例性实现方式中,这里概述的数据丢失防止系统可以通过编码在一个或多个有形介质中的逻辑(例如,在专用集成电路(ASIC)中提供的嵌入式逻辑、数字信号处理器(DSP)指令、要被处理器或其他类似的机器执行的软件(可能包括目标代码和源代码)等等)来实现。在这些实例之中的一些中,存储器元件(如图1所示的)可存储用于这里描述的操作的数据。这包括该存储器元件能够存储可被执行来实现本说明书中描述的活动的软件、逻辑、代码或处理器指令。处理器可执行与实现这里在本说明书中详述的操作的数据相关联的任何类型的指令。在一个示例中,处理器(如图1所示)可以将一个元素或物品(例如,数据)从一个状态或事物变换到另一状态或事物。在另一示例中,可以利用固定逻辑或可编程逻辑(例如,由处理器执行的软件/计算机指令)来实现这里概述的活动,并且这里标识的元件可以是某种类型的可编程处理器、可编程数字逻辑(例如,现场可编程门阵列(FPGA)、可擦除可编程只读存储器(EPROM)、电可擦除可编程ROM(EEPROM))或包括数字逻辑、软件、代码、电子指令或其任何适当组合的ASIC。
任何这些元件(例如计算机、服务器、网络用具、防火墙、虚拟机监视器、任何其他类型的虚拟元件等等)都可包括用于存储在实现这里概述的数据丢失防止系统操作时使用的信息的存储器元件。此外,这些设备中的每一个可包括能够执行软件或算法以执行如本说明书中所述的数据丢失防止活动的处理器。这些设备还可基于特定的需求在适当时在任何适当的存储器元件(随机访问存储器(RAM)、ROM、EPROM、EEPROM、ASIC等等)、软件、硬件或者任何其他适当的组件、设备、元件或对象中保存信息。这里论述的任何存储器项目(例如,数据日志、主镜像等等)都应当被解释为涵盖在宽泛术语“存储器元件”内。类似地,本说明书中描述的任何可能的处理元件、模块和机器都应当被解释为涵盖在宽泛术语“处理器”内。计算机、网络用具、虚拟元件等等中的每一个也可包括用于在安全环境中接收、传送和/或以其他方式传输数据或信息的适当接口。
图4是示出与其中应用是浏览器的数据丢失防止系统的另一实现方式相关联的数个示例性步骤的简化流程图200。在此特定示例中,在线机构要求试图访问该在线机构的用户使用由虚拟机包裹的浏览器。流程可开始于步骤210,在该步骤中用户联络在线机构,例如在线银行。在步骤220,进行关于该用户是否在使用虚拟机浏览器的查询。如果正在使用虚拟机浏览器,则流程转到步骤240。然而,如果判定用户没有在使用虚拟机浏览器,则流程转到步骤230,在该步骤中虚拟机浏览器被下载到用户,然后流程转到240。在步骤240中,进行查询以判定虚拟机浏览器是否是新近的。如果其是新近的,则流程转到步骤260。然而,如果虚拟机浏览器不是新近的,则流程转到步骤250,在该步骤中虚拟机浏览器被更新或下载以最新近的组件。然后流程转到步骤260。在步骤260中,执行自完好性检查并且如果用户没有通过,则该会话结束。然而,如果在步骤260中用户通过了自完好性检查,那么流程转到步骤270,并且用户被允许通过经更新的虚拟机包裹浏览器连接到该在线银行。
注意,对于这里提供的示例,可以按两个、三个、四个或更多个网络元件来描述交互。然而,仅仅是为了清晰和示例的目的才这样做的。在某些情况下,通过仅提及有限数目的组件或网络元件来描述给定的一组流程的一个或多个功能,可能会容易。应当明白,图1和2的系统(及其教导)很容易缩放。系统10可容适很大数目的组件,以及更复杂或精致的布置和配置。从而,所提供的示例不应当限制系统10的范围或禁止可能将系统10的宽泛教导应用到许多其他体系结构。
也重要的是要注意,参考前述附图描述的步骤只例示了可被系统10执行或在系统10内执行的可能场景中的一些。这些步骤中的一些在适当时可被删除或去除,或者这些步骤可以被相当大幅地修改或改变,而不脱离本公开的范围。此外,这些操作的定时可以被相当大幅地更改,而仍实现本公开中教导的结果。前述的操作流程是为了示例和论述的目的而提供的。系统10提供了很大的灵活性,因为可以提供任何适当的布置、时间顺序、配置和定时机制,而不脱离所论述的构思的教导。

Claims (20)

1.一种方法,包括:
选择至少一个标准以用于控制从虚拟机内的数据传送,其中至少一个应用被包括在所述虚拟机内,并且所述虚拟机包括策略模块,并且所选标准对应于与所述策略模块相关联的至少一个策略;以及
评估所述策略的所选标准以许可对于从所述虚拟机内传送所述数据的尝试。
2.如权利要求1所述的方法,还包括:
通过管理模块更新所述策略模块以修改所述所选标准。
3.如权利要求1所述的方法,还包括:
维护与所述应用的新近版本相对应的主镜像;
将所述应用与所述主镜像相比较以判定所述应用是否是新近的;以及
如果判定不是新近的则更新所述应用。
4.如权利要求1所述的方法,其中,所述应用是应用套件的一部分。
5.如权利要求1所述的方法,其中,所述策略包括多个所选标准,其中有许可对于传送所述数据到第一其他应用的尝试的第一所选标准和禁止对于传送所述数据到第二其他应用的尝试的第二所选标准。
6.如权利要求1所述的方法,其中,如果多个用户之一的客户端设备正从受保护的网络环境内请求访问所述应用,则所述所选标准许可传送所述数据到所述客户端设备,并且如果所述客户端设备正从未受保护的网络环境请求访问所述应用,则所述所选标准禁止传送所述数据到所述客户端设备。
7.如权利要求1所述的方法,还包括:
创建日志以用于记录与从所述虚拟机传送的数据相对应的条目。
8.如权利要求1所述的方法,还包括:
如果所述策略的所选标准禁止传送所述数据,则创建受保护缓冲器以用于在所述虚拟机内操纵所述数据,其中所述受保护缓冲器不能被所述虚拟机外的应用访问。
9.如权利要求1所述的方法,还包括:
访问所述虚拟机内的邮件客户端;
从所述虚拟机内的邮件客户端发送电子邮件消息到安全邮件代理;
评估所述电子邮件消息的预期接收者是否被授权接收来自所述虚拟机内的所述应用的数据;以及
如果所述预期接收者未被授权接收该数据,则从所述电子邮件消息中提取与所述应用相关联的任何数据。
10.一种编码在一个或多个有形介质中的逻辑,该逻辑包括供执行的代码并且在被处理器执行时可操作来执行包括以下操作在内的操作:
选择至少一个标准以用于控制从虚拟机内的数据传送,其中至少一个应用被包括在所述虚拟机内,并且所述虚拟机包括策略模块,并且所选标准对应于与所述策略模块相关联的至少一个策略;以及
评估所述策略的所选标准以许可对于从所述虚拟机内传送所述数据的尝试。
11.如权利要求10所述的逻辑,所述处理器可操作来执行还包括以下操作在内的操作:
通过管理模块更新所述策略模块以修改所述所选标准。
12.如权利要求10所述的逻辑,所述处理器可操作来执行还包括以下操作在内的操作:
维护与所述应用的新近版本相对应的主镜像;
将所述应用与所述主镜像相比较以判定所述应用是否是新近的;以及
如果判定不是新近的则更新所述应用。
13.如权利要求10所述的逻辑,其中,所述策略包括多个所选标准,其中有许可对于传送所述数据到第一其他应用的尝试的第一所选标准和禁止对于传送所述数据到第二其他应用的尝试的第二所选标准。
14.如权利要求10所述的逻辑,其中,如果多个用户之一的客户端设备正从受保护的网络环境内请求访问所述应用,则所述所选标准许可传送所述数据到所述客户端设备,并且如果所述客户端设备正从未受保护的网络环境请求访问所述应用,则所述所选标准禁止传送所述数据到所述客户端设备。
15.如权利要求10所述的逻辑,所述处理器可操作来执行还包括以下操作在内的操作:
如果所述策略的所选标准禁止传送所述数据,则创建受保护缓冲器以用于在所述虚拟机内操纵所述数据,其中所述受保护缓冲器不能被所述虚拟机外的应用访问。
16.一种装置,包括:
在系统中可操作的至少一个应用;以及
可操作来执行与所述应用相关联的指令的处理器,所述指令包括:
选择至少一个标准以用于控制从虚拟机内的数据传送,其中所述一个应用被包括在所述虚拟机内,并且所述虚拟机包括策略模块,并且所选标准对应于与所述策略模块相关联的至少一个策略;以及
评估所述策略的所选标准以许可对于从所述虚拟机内传送所述数据的尝试。
17.如权利要求16所述的装置,其中,所述策略包括多个所选标准,其中有许可对于传送所述数据到第一其他应用的尝试的第一所选标准和禁止对于传送所述数据到第二其他应用的尝试的第二所选标准。
18.如权利要求16所述的装置,其中,如果多个用户之一的客户端设备正从受保护的网络环境内请求访问所述应用,则所述所选标准许可传送所述数据到所述客户端设备,并且如果所述客户端设备正从未受保护的网络环境请求访问所述应用,则所述所选标准禁止传送所述数据到所述客户端设备。
19.如权利要求16所述的装置,其中,所述处理器可操作来执行还包括以下指令在内的指令:
如果所述策略的所选标准禁止传送所述数据,则创建受保护缓冲器以用于在所述虚拟机内操纵所述数据,其中所述受保护缓冲器不能被所述虚拟机外的应用访问。
20.如权利要求16所述的装置,其中,所述处理器可操作来执行还包括以下指令在内的指令:
访问所述虚拟机内的邮件客户端;
从所述虚拟机内的邮件客户端发送电子邮件消息到安全邮件代理;
评估所述电子邮件消息的预期接收者是否被授权接收来自所述虚拟机内的所述应用的数据;以及
如果所述预期接收者未被授权接收该数据,则从所述电子邮件消息中提取与所述应用相关联的任何数据。
CN201080051085.6A 2009-11-10 2010-11-04 用于利用虚拟机包裹应用来防止数据丢失的系统和方法 Active CN102741853B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US12/615,521 US9552497B2 (en) 2009-11-10 2009-11-10 System and method for preventing data loss using virtual machine wrapped applications
US12/615,521 2009-11-10
PCT/US2010/055520 WO2011059877A1 (en) 2009-11-10 2010-11-04 System and method for preventing data loss using virtual machine wrapped applications

Publications (2)

Publication Number Publication Date
CN102741853A true CN102741853A (zh) 2012-10-17
CN102741853B CN102741853B (zh) 2015-12-09

Family

ID=43530372

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201080051085.6A Active CN102741853B (zh) 2009-11-10 2010-11-04 用于利用虚拟机包裹应用来防止数据丢失的系统和方法

Country Status (4)

Country Link
US (2) US9552497B2 (zh)
EP (1) EP2499598B1 (zh)
CN (1) CN102741853B (zh)
WO (1) WO2011059877A1 (zh)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104956376A (zh) * 2013-02-19 2015-09-30 赛门铁克公司 虚拟化环境中应用和设备控制的方法和技术
CN105608379A (zh) * 2015-10-23 2016-05-25 浪潮(北京)电子信息产业有限公司 虚拟化环境下虚拟主机的加固系统和加固方法
CN107980123A (zh) * 2015-06-27 2018-05-01 迈克菲有限责任公司 敏感数据的保护
CN108733452A (zh) * 2018-04-16 2018-11-02 南京维拓科技股份有限公司 基于web的云计算资源管理系统

Families Citing this family (203)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7840968B1 (en) 2003-12-17 2010-11-23 Mcafee, Inc. Method and system for containment of usage of language interfaces
US7856661B1 (en) 2005-07-14 2010-12-21 Mcafee, Inc. Classification of software on networked systems
US7757269B1 (en) 2006-02-02 2010-07-13 Mcafee, Inc. Enforcing alignment of approved changes and deployed changes in the software change life-cycle
US7895573B1 (en) 2006-03-27 2011-02-22 Mcafee, Inc. Execution environment file inventory
US8555404B1 (en) 2006-05-18 2013-10-08 Mcafee, Inc. Connectivity-based authorization
US9424154B2 (en) 2007-01-10 2016-08-23 Mcafee, Inc. Method of and system for computer system state checks
US8332929B1 (en) 2007-01-10 2012-12-11 Mcafee, Inc. Method and apparatus for process enforced configuration management
US9569330B2 (en) 2007-06-22 2017-02-14 Red Hat, Inc. Performing dependency analysis on nodes of a business application service group
US9678803B2 (en) 2007-06-22 2017-06-13 Red Hat, Inc. Migration of network entities to a cloud infrastructure
US9727440B2 (en) * 2007-06-22 2017-08-08 Red Hat, Inc. Automatic simulation of virtual machine performance
US9588821B2 (en) 2007-06-22 2017-03-07 Red Hat, Inc. Automatic determination of required resource allocation of virtual machines
US9354960B2 (en) 2010-12-27 2016-05-31 Red Hat, Inc. Assigning virtual machines to business application service groups based on ranking of the virtual machines
US7991910B2 (en) 2008-11-17 2011-08-02 Amazon Technologies, Inc. Updating routing information based on client location
US8028090B2 (en) 2008-11-17 2011-09-27 Amazon Technologies, Inc. Request routing utilizing client location information
US8515075B1 (en) 2008-01-31 2013-08-20 Mcafee, Inc. Method of and system for malicious software detection using critical address space protection
US8447831B1 (en) 2008-03-31 2013-05-21 Amazon Technologies, Inc. Incentive driven content delivery
US8601090B1 (en) 2008-03-31 2013-12-03 Amazon Technologies, Inc. Network resource identification
US8156243B2 (en) 2008-03-31 2012-04-10 Amazon Technologies, Inc. Request routing
US7970820B1 (en) 2008-03-31 2011-06-28 Amazon Technologies, Inc. Locality based content distribution
US7962597B2 (en) 2008-03-31 2011-06-14 Amazon Technologies, Inc. Request routing based on class
US8606996B2 (en) 2008-03-31 2013-12-10 Amazon Technologies, Inc. Cache optimization
US8321568B2 (en) 2008-03-31 2012-11-27 Amazon Technologies, Inc. Content management
US8533293B1 (en) 2008-03-31 2013-09-10 Amazon Technologies, Inc. Client side cache management
US9912740B2 (en) 2008-06-30 2018-03-06 Amazon Technologies, Inc. Latency measurement in resource requests
US7925782B2 (en) 2008-06-30 2011-04-12 Amazon Technologies, Inc. Request routing using network computing components
US9407681B1 (en) 2010-09-28 2016-08-02 Amazon Technologies, Inc. Latency measurement in resource requests
US8732309B1 (en) 2008-11-17 2014-05-20 Amazon Technologies, Inc. Request routing utilizing cost information
US8073940B1 (en) 2008-11-17 2011-12-06 Amazon Technologies, Inc. Managing content delivery network service providers
US8060616B1 (en) 2008-11-17 2011-11-15 Amazon Technologies, Inc. Managing CDN registration by a storage provider
US8122098B1 (en) 2008-11-17 2012-02-21 Amazon Technologies, Inc. Managing content delivery network service providers by a content broker
US8521880B1 (en) 2008-11-17 2013-08-27 Amazon Technologies, Inc. Managing content delivery network service providers
US8065417B1 (en) 2008-11-17 2011-11-22 Amazon Technologies, Inc. Service provider registration by a content broker
US8521851B1 (en) 2009-03-27 2013-08-27 Amazon Technologies, Inc. DNS query processing using resource identifiers specifying an application broker
US8756341B1 (en) 2009-03-27 2014-06-17 Amazon Technologies, Inc. Request routing utilizing popularity information
US8688837B1 (en) 2009-03-27 2014-04-01 Amazon Technologies, Inc. Dynamically translating resource identifiers for request routing using popularity information
US8412823B1 (en) 2009-03-27 2013-04-02 Amazon Technologies, Inc. Managing tracking information entries in resource cache components
US8782236B1 (en) 2009-06-16 2014-07-15 Amazon Technologies, Inc. Managing resources using resource expiration data
US8381284B2 (en) 2009-08-21 2013-02-19 Mcafee, Inc. System and method for enforcing security policies in a virtual environment
US8397073B1 (en) 2009-09-04 2013-03-12 Amazon Technologies, Inc. Managing secure content in a content delivery network
US8433771B1 (en) 2009-10-02 2013-04-30 Amazon Technologies, Inc. Distribution network with forward resource propagation
US9552497B2 (en) 2009-11-10 2017-01-24 Mcafee, Inc. System and method for preventing data loss using virtual machine wrapped applications
US9129052B2 (en) * 2009-12-03 2015-09-08 International Business Machines Corporation Metering resource usage in a cloud computing environment
US9684785B2 (en) * 2009-12-17 2017-06-20 Red Hat, Inc. Providing multiple isolated execution environments for securely accessing untrusted content
US9495338B1 (en) 2010-01-28 2016-11-15 Amazon Technologies, Inc. Content distribution network
US8756597B2 (en) * 2010-02-05 2014-06-17 Novell, Inc. Extending functionality of legacy services in computing system environment
US9355282B2 (en) * 2010-03-24 2016-05-31 Red Hat, Inc. Using multiple display servers to protect data
US9558051B1 (en) * 2010-05-28 2017-01-31 Bormium, Inc. Inter-process communication router within a virtualized environment
US8572677B2 (en) * 2010-07-14 2013-10-29 William G. Bartholomay Devices, systems, and methods for enabling reconfiguration of services supported by a network of devices
US8010992B1 (en) * 2010-07-14 2011-08-30 Domanicom Corp. Devices, systems, and methods for providing increased security when multiplexing one or more services at a customer premises
US20120021770A1 (en) 2010-07-21 2012-01-26 Naqvi Shamim A System and method for control and management of resources for consumers of information
US9232046B2 (en) * 2010-07-21 2016-01-05 Tksn Holdings, Llc System and method for controlling mobile services using sensor information
US9210528B2 (en) 2010-07-21 2015-12-08 Tksn Holdings, Llc System and method for control and management of resources for consumers of information
US8925101B2 (en) 2010-07-28 2014-12-30 Mcafee, Inc. System and method for local protection against malicious software
US8938800B2 (en) 2010-07-28 2015-01-20 Mcafee, Inc. System and method for network level protection against malicious software
US8549003B1 (en) 2010-09-12 2013-10-01 Mcafee, Inc. System and method for clustering host inventories
US8416709B1 (en) * 2010-09-28 2013-04-09 Amazon Technologies, Inc. Network data transmission analysis management
US8938526B1 (en) 2010-09-28 2015-01-20 Amazon Technologies, Inc. Request routing management based on network components
US8819283B2 (en) 2010-09-28 2014-08-26 Amazon Technologies, Inc. Request routing in a networked environment
US8924528B1 (en) 2010-09-28 2014-12-30 Amazon Technologies, Inc. Latency measurement in resource requests
US9712484B1 (en) 2010-09-28 2017-07-18 Amazon Technologies, Inc. Managing request routing information utilizing client identifiers
US8555383B1 (en) 2010-09-28 2013-10-08 Amazon Technologies, Inc. Network data transmission auditing
US9003035B1 (en) 2010-09-28 2015-04-07 Amazon Technologies, Inc. Point of presence management in request routing
US8577992B1 (en) 2010-09-28 2013-11-05 Amazon Technologies, Inc. Request routing management based on network components
US10958501B1 (en) 2010-09-28 2021-03-23 Amazon Technologies, Inc. Request routing information based on client IP groupings
US10097398B1 (en) 2010-09-28 2018-10-09 Amazon Technologies, Inc. Point of presence management in request routing
US8468247B1 (en) 2010-09-28 2013-06-18 Amazon Technologies, Inc. Point of presence management in request routing
US8565108B1 (en) * 2010-09-28 2013-10-22 Amazon Technologies, Inc. Network data transmission analysis
US8930513B1 (en) 2010-09-28 2015-01-06 Amazon Technologies, Inc. Latency measurement in resource requests
US8452874B2 (en) 2010-11-22 2013-05-28 Amazon Technologies, Inc. Request routing processing
US9391949B1 (en) 2010-12-03 2016-07-12 Amazon Technologies, Inc. Request routing processing
US8849857B2 (en) * 2010-12-17 2014-09-30 International Business Machines Corporation Techniques for performing data loss prevention
US8931037B2 (en) * 2010-12-27 2015-01-06 Microsoft Corporation Policy-based access to virtualized applications
US9075993B2 (en) 2011-01-24 2015-07-07 Mcafee, Inc. System and method for selectively grouping and managing program files
CN103270494B (zh) * 2011-01-25 2016-12-14 日本电气株式会社 安全策略强制系统和安全策略强制方法
US9027151B2 (en) 2011-02-17 2015-05-05 Red Hat, Inc. Inhibiting denial-of-service attacks using group controls
US9112830B2 (en) 2011-02-23 2015-08-18 Mcafee, Inc. System and method for interlocking a host and a gateway
US10467042B1 (en) 2011-04-27 2019-11-05 Amazon Technologies, Inc. Optimized deployment based upon customer locality
US8516241B2 (en) * 2011-07-12 2013-08-20 Cisco Technology, Inc. Zone-based firewall policy model for a virtualized data center
US9749291B2 (en) 2011-07-15 2017-08-29 International Business Machines Corporation Securing applications on public facing systems
US9594881B2 (en) 2011-09-09 2017-03-14 Mcafee, Inc. System and method for passive threat detection using virtual memory inspection
US8694738B2 (en) 2011-10-11 2014-04-08 Mcafee, Inc. System and method for critical address space protection in a hypervisor environment
US8973144B2 (en) 2011-10-13 2015-03-03 Mcafee, Inc. System and method for kernel rootkit protection in a hypervisor environment
US9069586B2 (en) 2011-10-13 2015-06-30 Mcafee, Inc. System and method for kernel rootkit protection in a hypervisor environment
US8713668B2 (en) 2011-10-17 2014-04-29 Mcafee, Inc. System and method for redirected firewall discovery in a network environment
US8800024B2 (en) 2011-10-17 2014-08-05 Mcafee, Inc. System and method for host-initiated firewall discovery in a network environment
US8904009B1 (en) 2012-02-10 2014-12-02 Amazon Technologies, Inc. Dynamic content delivery
US10021179B1 (en) 2012-02-21 2018-07-10 Amazon Technologies, Inc. Local resource delivery network
US9083743B1 (en) 2012-03-21 2015-07-14 Amazon Technologies, Inc. Managing request routing information utilizing performance information
US10623408B1 (en) 2012-04-02 2020-04-14 Amazon Technologies, Inc. Context sensitive object management
US8739272B1 (en) 2012-04-02 2014-05-27 Mcafee, Inc. System and method for interlocking a host and a gateway
US10084818B1 (en) 2012-06-07 2018-09-25 Amazon Technologies, Inc. Flexibly configurable data modification services
US9286491B2 (en) 2012-06-07 2016-03-15 Amazon Technologies, Inc. Virtual service provider zones
US10075471B2 (en) 2012-06-07 2018-09-11 Amazon Technologies, Inc. Data loss prevention techniques
US9154551B1 (en) 2012-06-11 2015-10-06 Amazon Technologies, Inc. Processing DNS queries to identify pre-processing information
US9230096B2 (en) * 2012-07-02 2016-01-05 Symantec Corporation System and method for data loss prevention in a virtualized environment
US8972971B2 (en) 2012-08-09 2015-03-03 International Business Machines Corporation Image instance mapping
US9525659B1 (en) 2012-09-04 2016-12-20 Amazon Technologies, Inc. Request routing utilizing point of presence load information
US9323577B2 (en) 2012-09-20 2016-04-26 Amazon Technologies, Inc. Automated profiling of resource usage
US9135048B2 (en) 2012-09-20 2015-09-15 Amazon Technologies, Inc. Automated profiling of resource usage
US10205698B1 (en) 2012-12-19 2019-02-12 Amazon Technologies, Inc. Source-dependent address resolution
US8973146B2 (en) 2012-12-27 2015-03-03 Mcafee, Inc. Herd based scan avoidance system in a network environment
US9294391B1 (en) 2013-06-04 2016-03-22 Amazon Technologies, Inc. Managing network computing components utilizing request routing
US9208310B2 (en) * 2013-06-26 2015-12-08 Cognizant Technology Solutions India Pvt. Ltd. System and method for securely managing enterprise related applications and data on portable communication devices
US9965310B2 (en) 2013-08-28 2018-05-08 Empire Technology Development Llc Virtual machine exit analyzer
US8943569B1 (en) 2013-10-01 2015-01-27 Myth Innovations, Inc. Wireless server access control system and method
US10033693B2 (en) 2013-10-01 2018-07-24 Nicira, Inc. Distributed identity-based firewalls
CN105580023B (zh) 2013-10-24 2019-08-16 迈克菲股份有限公司 网络环境中的代理辅助的恶意应用阻止
US9258324B2 (en) 2013-11-26 2016-02-09 At&T Intellectual Property I, L.P. Methods, systems, and computer program products for protecting a communication network against internet enabled cyber attacks through use of screen replication from controlled internet access points
US9215214B2 (en) 2014-02-20 2015-12-15 Nicira, Inc. Provisioning firewall rules on a firewall enforcing device
US9503427B2 (en) 2014-03-31 2016-11-22 Nicira, Inc. Method and apparatus for integrating a service virtual machine
US9215210B2 (en) 2014-03-31 2015-12-15 Nicira, Inc. Migrating firewall connection state for a firewall service virtual machine
US9906494B2 (en) 2014-03-31 2018-02-27 Nicira, Inc. Configuring interactions with a firewall service virtual machine
US9959405B2 (en) 2014-05-28 2018-05-01 Apple Inc. Sandboxing third party components
US9825913B2 (en) 2014-06-04 2017-11-21 Nicira, Inc. Use of stateless marking to speed up stateful firewall rule processing
US9729512B2 (en) 2014-06-04 2017-08-08 Nicira, Inc. Use of stateless marking to speed up stateful firewall rule processing
US10390289B2 (en) 2014-07-11 2019-08-20 Sensoriant, Inc. Systems and methods for mediating representations allowing control of devices located in an environment having broadcasting devices
US20160012453A1 (en) 2014-07-11 2016-01-14 Shamim A. Naqvi System and Method for Inferring the Intent of a User While Receiving Signals On a Mobile Communication Device From a Broadcasting Device
US9300693B1 (en) * 2014-09-24 2016-03-29 Symantec Corporation Systems and methods for preventing data loss over virtualized networks
US9591018B1 (en) * 2014-11-20 2017-03-07 Amazon Technologies, Inc. Aggregation of network traffic source behavior data across network-based endpoints
US9692727B2 (en) 2014-12-02 2017-06-27 Nicira, Inc. Context-aware distributed firewall
US10097448B1 (en) 2014-12-18 2018-10-09 Amazon Technologies, Inc. Routing mode and point-of-presence selection service
US10033627B1 (en) 2014-12-18 2018-07-24 Amazon Technologies, Inc. Routing mode and point-of-presence selection service
US10091096B1 (en) 2014-12-18 2018-10-02 Amazon Technologies, Inc. Routing mode and point-of-presence selection service
US10606626B2 (en) 2014-12-29 2020-03-31 Nicira, Inc. Introspection method and apparatus for network access filtering
US9779240B2 (en) * 2015-01-30 2017-10-03 Vmware, Inc. System and method for hypervisor-based security
US10225326B1 (en) 2015-03-23 2019-03-05 Amazon Technologies, Inc. Point of presence based data uploading
US9819567B1 (en) 2015-03-30 2017-11-14 Amazon Technologies, Inc. Traffic surge management for points of presence
US9887932B1 (en) 2015-03-30 2018-02-06 Amazon Technologies, Inc. Traffic surge management for points of presence
US9887931B1 (en) 2015-03-30 2018-02-06 Amazon Technologies, Inc. Traffic surge management for points of presence
US9805218B2 (en) * 2015-03-31 2017-10-31 Symantec Corporation Technique for data loss prevention through clipboard operations
US9832141B1 (en) 2015-05-13 2017-11-28 Amazon Technologies, Inc. Routing based request correlation
US10616179B1 (en) 2015-06-25 2020-04-07 Amazon Technologies, Inc. Selective routing of domain name system (DNS) requests
US9755903B2 (en) 2015-06-30 2017-09-05 Nicira, Inc. Replicating firewall policy across multiple data centers
US10277713B2 (en) * 2015-07-14 2019-04-30 Cisco Technology, Inc. Role-based access to shared resources
US10097566B1 (en) 2015-07-31 2018-10-09 Amazon Technologies, Inc. Identifying targets of network attacks
US9774619B1 (en) 2015-09-24 2017-09-26 Amazon Technologies, Inc. Mitigating network attacks
US9794281B1 (en) 2015-09-24 2017-10-17 Amazon Technologies, Inc. Identifying sources of network attacks
US9742795B1 (en) 2015-09-24 2017-08-22 Amazon Technologies, Inc. Mitigating network attacks
US10324746B2 (en) 2015-11-03 2019-06-18 Nicira, Inc. Extended context delivery for context-based authorization
US10270878B1 (en) 2015-11-10 2019-04-23 Amazon Technologies, Inc. Routing for origin-facing points of presence
US10049051B1 (en) 2015-12-11 2018-08-14 Amazon Technologies, Inc. Reserved cache space in content delivery networks
US10257307B1 (en) 2015-12-11 2019-04-09 Amazon Technologies, Inc. Reserved cache space in content delivery networks
US10348639B2 (en) 2015-12-18 2019-07-09 Amazon Technologies, Inc. Use of virtual endpoints to improve data transmission rates
CN108476127B (zh) * 2016-01-19 2022-05-13 瑞典爱立信有限公司 根据dmrs分配隐式推导频率同步
EP3437306B1 (en) * 2016-04-15 2023-11-22 Telefonaktiebolaget LM Ericsson (PUBL) User equipment containers and network slices
US10135727B2 (en) 2016-04-29 2018-11-20 Nicira, Inc. Address grouping for distributed service rules
US10348685B2 (en) 2016-04-29 2019-07-09 Nicira, Inc. Priority allocation for distributed service rules
US11425095B2 (en) 2016-05-01 2022-08-23 Nicira, Inc. Fast ordering of firewall sections and rules
US11171920B2 (en) 2016-05-01 2021-11-09 Nicira, Inc. Publication of firewall configuration
US11838299B2 (en) * 2019-03-25 2023-12-05 Zscaler, Inc. Cloud-based web content processing system providing client threat isolation and data integrity
US10171507B2 (en) * 2016-05-19 2019-01-01 Cisco Technology, Inc. Microsegmentation in heterogeneous software defined networking environments
US10075551B1 (en) 2016-06-06 2018-09-11 Amazon Technologies, Inc. Request management for hierarchical cache
US10162973B2 (en) 2016-06-28 2018-12-25 International Business Machines Corporation Dynamically provisioning virtual machines
US11258761B2 (en) 2016-06-29 2022-02-22 Nicira, Inc. Self-service firewall configuration
US10110694B1 (en) 2016-06-29 2018-10-23 Amazon Technologies, Inc. Adaptive transfer rate for retrieving content from a server
US11082400B2 (en) 2016-06-29 2021-08-03 Nicira, Inc. Firewall configuration versioning
US9992086B1 (en) 2016-08-23 2018-06-05 Amazon Technologies, Inc. External health checking of virtual private cloud network environments
US10033691B1 (en) 2016-08-24 2018-07-24 Amazon Technologies, Inc. Adaptive resolution of domain name requests in virtual private cloud network environments
US9762619B1 (en) 2016-08-30 2017-09-12 Nicira, Inc. Multi-layer policy definition and enforcement framework for network virtualization
US10938837B2 (en) 2016-08-30 2021-03-02 Nicira, Inc. Isolated network stack to manage security for virtual machines
US20190114630A1 (en) 2017-09-29 2019-04-18 Stratus Digital Systems Transient Transaction Server DNS Strategy
CN109792446A (zh) * 2016-10-03 2019-05-21 斯特拉图斯数字系统公司 瞬态交易服务器
US10469513B2 (en) 2016-10-05 2019-11-05 Amazon Technologies, Inc. Encrypted network addresses
US10785311B2 (en) 2016-11-08 2020-09-22 Pearson Education, Inc. Secure cloud-managed content delivery computer ecosystem
US10375111B2 (en) 2016-11-12 2019-08-06 Microsoft Technology Licensing, Llc Anonymous containers
US20180137291A1 (en) * 2016-11-14 2018-05-17 Linkedin Corporation Securing files at rest in remote storage systems
US10193862B2 (en) 2016-11-29 2019-01-29 Vmware, Inc. Security policy analysis based on detecting new network port connections
US10715607B2 (en) 2016-12-06 2020-07-14 Nicira, Inc. Performing context-rich attribute-based services on a host
US11032246B2 (en) 2016-12-22 2021-06-08 Nicira, Inc. Context based firewall services for data message flows for multiple concurrent users on one machine
US10803173B2 (en) 2016-12-22 2020-10-13 Nicira, Inc. Performing context-rich attribute-based process control services on a host
US10805332B2 (en) 2017-07-25 2020-10-13 Nicira, Inc. Context engine model
US10581960B2 (en) 2016-12-22 2020-03-03 Nicira, Inc. Performing context-rich attribute-based load balancing on a host
US10503536B2 (en) 2016-12-22 2019-12-10 Nicira, Inc. Collecting and storing threat level indicators for service rule processing
US10812451B2 (en) 2016-12-22 2020-10-20 Nicira, Inc. Performing appID based firewall services on a host
US10372499B1 (en) 2016-12-27 2019-08-06 Amazon Technologies, Inc. Efficient region selection system for executing request-driven code
US10831549B1 (en) 2016-12-27 2020-11-10 Amazon Technologies, Inc. Multi-region request-driven code execution system
US10699003B2 (en) * 2017-01-23 2020-06-30 Hysolate Ltd. Virtual air-gapped endpoint, and methods thereof
US10938884B1 (en) 2017-01-30 2021-03-02 Amazon Technologies, Inc. Origin server cloaking using virtual private cloud network environments
US10503613B1 (en) 2017-04-21 2019-12-10 Amazon Technologies, Inc. Efficient serving of resources during server unavailability
US11075987B1 (en) 2017-06-12 2021-07-27 Amazon Technologies, Inc. Load estimating content delivery network
US10447648B2 (en) 2017-06-19 2019-10-15 Amazon Technologies, Inc. Assignment of a POP to a DNS resolver based on volume of communications over a link between client devices and the POP
US10742593B1 (en) 2017-09-25 2020-08-11 Amazon Technologies, Inc. Hybrid content request routing system
US10778651B2 (en) 2017-11-15 2020-09-15 Nicira, Inc. Performing context-rich attribute-based encryption on a host
US10802893B2 (en) 2018-01-26 2020-10-13 Nicira, Inc. Performing process control services on endpoint machines
US10862773B2 (en) 2018-01-26 2020-12-08 Nicira, Inc. Performing services on data messages associated with endpoint machines
US10592578B1 (en) 2018-03-07 2020-03-17 Amazon Technologies, Inc. Predictive content push-enabled content delivery network
JP7545895B2 (ja) * 2018-04-11 2024-09-05 コーネル ユニヴァーシティ ソフトウェアコンテナの性能および分離を改善するための方法およびシステム
US11750654B2 (en) * 2018-04-25 2023-09-05 Dell Products, L.P. Integrity assurance of a secured virtual environment
US10862852B1 (en) 2018-11-16 2020-12-08 Amazon Technologies, Inc. Resolution of domain name requests in heterogeneous network environments
US11025747B1 (en) 2018-12-12 2021-06-01 Amazon Technologies, Inc. Content request pattern-based routing system
US11310202B2 (en) 2019-03-13 2022-04-19 Vmware, Inc. Sharing of firewall rules among multiple workloads in a hypervisor
US11803798B2 (en) * 2019-04-18 2023-10-31 Oracle International Corporation System and method for automatic generation of extract, transform, load (ETL) asserts
US11616787B1 (en) * 2019-06-28 2023-03-28 Amazon Technologies, Inc. Mechanism to manage group of resources using virtual resource containers
GB2588161B (en) * 2019-10-10 2021-12-22 Metaswitch Networks Ltd Processing traffic in a virtualised environment
US11539718B2 (en) 2020-01-10 2022-12-27 Vmware, Inc. Efficiently performing intrusion detection
US11704414B2 (en) 2020-04-29 2023-07-18 Jpmorgan Chase Bank, N.A. Systems and methods for managing vulnerability data
US11108728B1 (en) 2020-07-24 2021-08-31 Vmware, Inc. Fast distribution of port identifiers for rule processing
US11875172B2 (en) 2020-09-28 2024-01-16 VMware LLC Bare metal computer for booting copies of VM images on multiple computing devices using a smart NIC
US11841971B2 (en) * 2020-09-29 2023-12-12 Oracle International Corporation Systems and methods for customer data handling
US20230053983A1 (en) * 2021-08-19 2023-02-23 Venn Technology Corporation Security Policy for a Portion of Resources on a Machine
US11995024B2 (en) 2021-12-22 2024-05-28 VMware LLC State sharing between smart NICs
US11899594B2 (en) 2022-06-21 2024-02-13 VMware LLC Maintenance of data message classification cache on smart NIC
US11928062B2 (en) 2022-06-21 2024-03-12 VMware LLC Accelerating data message classification with smart NICs

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006012197A2 (en) * 2004-06-29 2006-02-02 Intel Corporation Method of improving computer security through sandboxing
US20070136579A1 (en) * 2005-12-09 2007-06-14 University Of Washington Web browser operating system
WO2008054997A2 (en) * 2006-10-17 2008-05-08 Manage Iq, Inc. Control and management of virtual systems
CN101399835A (zh) * 2007-09-17 2009-04-01 英特尔公司 用于虚拟系统上动态切换和实时安全性控制的方法和设备

Family Cites Families (232)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4982430A (en) * 1985-04-24 1991-01-01 General Instrument Corporation Bootstrap channel security arrangement for communication network
US4688169A (en) 1985-05-30 1987-08-18 Joshi Bhagirath S Computer software security system
US5155847A (en) 1988-08-03 1992-10-13 Minicom Data Corporation Method and apparatus for updating software at remote locations
US5560008A (en) 1989-05-15 1996-09-24 International Business Machines Corporation Remote authentication and authorization in a distributed data processing system
CA2010591C (en) 1989-10-20 1999-01-26 Phillip M. Adams Kernels, description tables and device drivers
US5222134A (en) * 1990-11-07 1993-06-22 Tau Systems Corporation Secure system for activating personal computer software at remote locations
US5390314A (en) * 1992-10-09 1995-02-14 American Airlines, Inc. Method and apparatus for developing scripts that access mainframe resources that can be executed on various computer systems having different interface languages without modification
US5339261A (en) * 1992-10-22 1994-08-16 Base 10 Systems, Inc. System for operating application software in a safety critical environment
US5584009A (en) * 1993-10-18 1996-12-10 Cyrix Corporation System and method of retiring store data from a write buffer
JP3042341B2 (ja) 1994-11-30 2000-05-15 日本電気株式会社 クラスタ結合型マルチプロセッサシステムにおけるローカル入出力制御方法
US6282712B1 (en) 1995-03-10 2001-08-28 Microsoft Corporation Automatic software installation on heterogeneous networked computer systems
US5699513A (en) 1995-03-31 1997-12-16 Motorola, Inc. Method for secure network access via message intercept
US5787427A (en) 1996-01-03 1998-07-28 International Business Machines Corporation Information handling system, method, and article of manufacture for efficient object security processing by grouping objects sharing common control access policies
US5842017A (en) 1996-01-29 1998-11-24 Digital Equipment Corporation Method and apparatus for forming a translation unit
US5907709A (en) * 1996-02-08 1999-05-25 Inprise Corporation Development system with methods for detecting invalid use and management of resources and memory at runtime
US5907708A (en) * 1996-06-03 1999-05-25 Sun Microsystems, Inc. System and method for facilitating avoidance of an exception of a predetermined type in a digital computer system by providing fix-up code for an instruction in response to detection of an exception condition resulting from execution thereof
US5787177A (en) 1996-08-01 1998-07-28 Harris Corporation Integrated network security access control system
US5926832A (en) 1996-09-26 1999-07-20 Transmeta Corporation Method and apparatus for aliasing memory data in an advanced microprocessor
US7516094B2 (en) * 1996-10-25 2009-04-07 Ipf, Inc. Internet-based system for managing and delivering consumer product information to consumers at web-based retailer store sites on the world wide web (WWW), using consumer product information (CPI) requesting and graphical user interface (GUI) display subsystems, driven by server-side components embodying universal product numbers (UPNs) and driven by UPN/URL links managed by product manufacturer team members and/or their agents
US5991881A (en) 1996-11-08 1999-11-23 Harris Corporation Network surveillance system
US5987611A (en) 1996-12-31 1999-11-16 Zone Labs, Inc. System and methodology for managing internet access on a per application basis for client computers connected to the internet
US6141698A (en) 1997-01-29 2000-10-31 Network Commerce Inc. Method and system for injecting new code into existing application code
US6587877B1 (en) 1997-03-25 2003-07-01 Lucent Technologies Inc. Management of time and expense when communicating between a host and a communication network
US6192475B1 (en) * 1997-03-31 2001-02-20 David R. Wallace System and method for cloaking software
US6167522A (en) 1997-04-01 2000-12-26 Sun Microsystems, Inc. Method and apparatus for providing security for servers executing application programs received via a network
US6356957B2 (en) * 1997-04-03 2002-03-12 Hewlett-Packard Company Method for emulating native object oriented foundation classes on a target object oriented programming system using a template library
US6073142A (en) 1997-06-23 2000-06-06 Park City Group Automated post office based rule analysis of e-mail messages and other data objects for controlled distribution in network environments
US6275938B1 (en) 1997-08-28 2001-08-14 Microsoft Corporation Security enhancement for untrusted executable code
US6192401B1 (en) * 1997-10-21 2001-02-20 Sun Microsystems, Inc. System and method for determining cluster membership in a heterogeneous distributed system
US6393465B2 (en) * 1997-11-25 2002-05-21 Nixmail Corporation Junk electronic mail detector and eliminator
US5987610A (en) 1998-02-12 1999-11-16 Ameritech Corporation Computer virus screening methods and systems
KR100621677B1 (ko) 1998-05-06 2006-09-07 마츠시타 덴끼 산교 가부시키가이샤 디지탈데이터 송수신 시스템 및 그 방법
US6795966B1 (en) 1998-05-15 2004-09-21 Vmware, Inc. Mechanism for restoring, porting, replicating and checkpointing computer systems using state extraction
US6442686B1 (en) 1998-07-02 2002-08-27 Networks Associates Technology, Inc. System and methodology for messaging server-based management and enforcement of crypto policies
US6338149B1 (en) * 1998-07-31 2002-01-08 Westinghouse Electric Company Llc Change monitoring system for a computer system
US6433794B1 (en) * 1998-07-31 2002-08-13 International Business Machines Corporation Method and apparatus for selecting a java virtual machine for use with a browser
US6546425B1 (en) 1998-10-09 2003-04-08 Netmotion Wireless, Inc. Method and apparatus for providing mobile and other intermittent connectivity in a computing environment
JP3753873B2 (ja) 1998-11-11 2006-03-08 株式会社島津製作所 分光光度計
US6969352B2 (en) * 1999-06-22 2005-11-29 Teratech Corporation Ultrasound probe with integrated electronics
US6453468B1 (en) 1999-06-30 2002-09-17 B-Hub, Inc. Methods for improving reliability while upgrading software programs in a clustered computer system
US6567857B1 (en) 1999-07-29 2003-05-20 Sun Microsystems, Inc. Method and apparatus for dynamic proxy insertion in network traffic flow
US6256773B1 (en) 1999-08-31 2001-07-03 Accenture Llp System, method and article of manufacture for configuration management in a development architecture framework
US6990591B1 (en) 1999-11-18 2006-01-24 Secureworks, Inc. Method and system for remotely configuring and monitoring a communication device
US6321267B1 (en) 1999-11-23 2001-11-20 Escom Corporation Method and apparatus for filtering junk email
US6662219B1 (en) 1999-12-15 2003-12-09 Microsoft Corporation System for determining at subgroup of nodes relative weight to represent cluster by obtaining exclusive possession of quorum resource
US6460050B1 (en) 1999-12-22 2002-10-01 Mark Raymond Pace Distributed content identification system
US6769008B1 (en) 2000-01-10 2004-07-27 Sun Microsystems, Inc. Method and apparatus for dynamically altering configurations of clustered computer systems
WO2001069439A1 (en) 2000-03-17 2001-09-20 Filesx Ltd. Accelerating responses to requests made by users to an internet
US6748534B1 (en) 2000-03-31 2004-06-08 Networks Associates, Inc. System and method for partitioned distributed scanning of a large dataset for viruses and other malware
CA2305078A1 (en) 2000-04-12 2001-10-12 Cloakware Corporation Tamper resistant software - mass data encoding
US7325127B2 (en) * 2000-04-25 2008-01-29 Secure Data In Motion, Inc. Security server system
AU2001262958A1 (en) 2000-04-28 2001-11-12 Internet Security Systems, Inc. Method and system for managing computer security information
US6769115B1 (en) 2000-05-01 2004-07-27 Emc Corporation Adaptive interface for a software development environment
US6847993B1 (en) * 2000-05-31 2005-01-25 International Business Machines Corporation Method, system and program products for managing cluster configurations
US6934755B1 (en) 2000-06-02 2005-08-23 Sun Microsystems, Inc. System and method for migrating processes on a network
US6611925B1 (en) 2000-06-13 2003-08-26 Networks Associates Technology, Inc. Single point of entry/origination item scanning within an enterprise or workgroup
US6901519B1 (en) * 2000-06-22 2005-05-31 Infobahn, Inc. E-mail virus protection system and method
US8204999B2 (en) 2000-07-10 2012-06-19 Oracle International Corporation Query string processing
US7093239B1 (en) 2000-07-14 2006-08-15 Internet Security Systems, Inc. Computer immune system and method for detecting unwanted code in a computer system
US7350204B2 (en) * 2000-07-24 2008-03-25 Microsoft Corporation Policies for secure software execution
EP1307988B1 (en) 2000-08-04 2004-04-21 Xtradyne Technologies Aktiengesellschaft Method and system for session based authorization and access control for networked application objects
US7707305B2 (en) 2000-10-17 2010-04-27 Cisco Technology, Inc. Methods and apparatus for protecting against overload conditions on nodes of a distributed network
US7606898B1 (en) 2000-10-24 2009-10-20 Microsoft Corporation System and method for distributed management of shared computers
US7146305B2 (en) * 2000-10-24 2006-12-05 Vcis, Inc. Analytical virtual machine
US6930985B1 (en) 2000-10-26 2005-08-16 Extreme Networks, Inc. Method and apparatus for management of configuration in a network
US6834301B1 (en) 2000-11-08 2004-12-21 Networks Associates Technology, Inc. System and method for configuration, management, and monitoring of a computer network using inheritance
US6766334B1 (en) 2000-11-21 2004-07-20 Microsoft Corporation Project-based configuration management method and apparatus
US20020069367A1 (en) 2000-12-06 2002-06-06 Glen Tindal Network operating system data directory
US6907600B2 (en) 2000-12-27 2005-06-14 Intel Corporation Virtual translation lookaside buffer
JP2002244898A (ja) 2001-02-19 2002-08-30 Hitachi Ltd データベース管理プログラム及びデータベースシステム
US6918110B2 (en) 2001-04-11 2005-07-12 Hewlett-Packard Development Company, L.P. Dynamic instrumentation of an executable program by means of causing a breakpoint at the entry point of a function and providing instrumentation code
US6715050B2 (en) 2001-05-31 2004-03-30 Oracle International Corporation Storage access keys
US6988101B2 (en) * 2001-05-31 2006-01-17 International Business Machines Corporation Method, system, and computer program product for providing an extensible file system for accessing a foreign file system from a local data processing system
US6988124B2 (en) * 2001-06-06 2006-01-17 Microsoft Corporation Locating potentially identical objects across multiple computers based on stochastic partitioning of workload
US7290266B2 (en) 2001-06-14 2007-10-30 Cisco Technology, Inc. Access control by a real-time stateful reference monitor with a state collection training mode and a lockdown mode for detecting predetermined patterns of events indicative of requests for operating system resources resulting in a decision to allow or block activity identified in a sequence of events based on a rule set defining a processing policy
US7065767B2 (en) 2001-06-29 2006-06-20 Intel Corporation Managed hosting server auditing and change tracking
US7069330B1 (en) 2001-07-05 2006-06-27 Mcafee, Inc. Control of interaction between client computer applications and network resources
US20030023736A1 (en) * 2001-07-12 2003-01-30 Kurt Abkemeier Method and system for filtering messages
US20030014667A1 (en) * 2001-07-16 2003-01-16 Andrei Kolichtchak Buffer overflow attack detection and suppression
US6877088B2 (en) * 2001-08-08 2005-04-05 Sun Microsystems, Inc. Methods and apparatus for controlling speculative execution of instructions based on a multiaccess memory condition
US7007302B1 (en) * 2001-08-31 2006-02-28 Mcafee, Inc. Efficient management and blocking of malicious code and hacking attempts in a network environment
US7010796B1 (en) * 2001-09-28 2006-03-07 Emc Corporation Methods and apparatus providing remote operation of an application programming interface
US20030093508A1 (en) * 2001-10-18 2003-05-15 Seiko Epson Corporation System for installing and launching network applications
US7177267B2 (en) * 2001-11-09 2007-02-13 Adc Dsl Systems, Inc. Hardware monitoring and configuration management
US7346781B2 (en) * 2001-12-06 2008-03-18 Mcafee, Inc. Initiating execution of a computer program from an encrypted version of a computer program
US7039949B2 (en) * 2001-12-10 2006-05-02 Brian Ross Cartmell Method and system for blocking unwanted communications
US7159036B2 (en) * 2001-12-10 2007-01-02 Mcafee, Inc. Updating data from a source computer to groups of destination computers
US10033700B2 (en) 2001-12-12 2018-07-24 Intellectual Ventures I Llc Dynamic evaluation of access rights
JP4522705B2 (ja) 2001-12-13 2010-08-11 独立行政法人科学技術振興機構 ソフトウェア安全実行システム
US7398389B2 (en) 2001-12-20 2008-07-08 Coretrace Corporation Kernel-based network security infrastructure
JP3906356B2 (ja) * 2001-12-27 2007-04-18 独立行政法人情報通信研究機構 構文解析方法及び装置
US7743415B2 (en) 2002-01-31 2010-06-22 Riverbed Technology, Inc. Denial of service attacks characterization
US20030167399A1 (en) 2002-03-01 2003-09-04 Yves Audebert Method and system for performing post issuance configuration and data changes to a personal security device using a communications pipe
US6941449B2 (en) 2002-03-04 2005-09-06 Hewlett-Packard Development Company, L.P. Method and apparatus for performing critical tasks using speculative operations
US7600021B2 (en) 2002-04-03 2009-10-06 Microsoft Corporation Delta replication of source files and packages across networked resources
US20070253430A1 (en) 2002-04-23 2007-11-01 Minami John S Gigabit Ethernet Adapter
US7370360B2 (en) * 2002-05-13 2008-05-06 International Business Machines Corporation Computer immune system and method for detecting unwanted code in a P-code or partially compiled native-code program executing within a virtual machine
US20030221190A1 (en) 2002-05-22 2003-11-27 Sun Microsystems, Inc. System and method for performing patch installation on multiple devices
US7823148B2 (en) 2002-05-22 2010-10-26 Oracle America, Inc. System and method for performing patch installation via a graphical user interface
US7024404B1 (en) * 2002-05-28 2006-04-04 The State University Rutgers Retrieval and display of data objects using a cross-group ranking metric
US7512977B2 (en) 2003-06-11 2009-03-31 Symantec Corporation Intrustion protection system utilizing layers
US7823203B2 (en) * 2002-06-17 2010-10-26 At&T Intellectual Property Ii, L.P. Method and device for detecting computer network intrusions
US7139916B2 (en) * 2002-06-28 2006-11-21 Ebay, Inc. Method and system for monitoring user interaction with a computer
US8924484B2 (en) * 2002-07-16 2014-12-30 Sonicwall, Inc. Active e-mail filter with challenge-response
US7522906B2 (en) * 2002-08-09 2009-04-21 Wavelink Corporation Mobile unit configuration management for WLANs
US7624347B2 (en) * 2002-09-17 2009-11-24 At&T Intellectual Property I, L.P. System and method for forwarding full header information in email messages
US7546333B2 (en) 2002-10-23 2009-06-09 Netapp, Inc. Methods and systems for predictive change management for access paths in networks
US7353501B2 (en) * 2002-11-18 2008-04-01 Microsoft Corporation Generic wrapper scheme
US7865931B1 (en) * 2002-11-25 2011-01-04 Accenture Global Services Limited Universal authorization and access control security measure for applications
US20040143749A1 (en) 2003-01-16 2004-07-22 Platformlogic, Inc. Behavior-based host-based intrusion prevention system
US20040167906A1 (en) 2003-02-25 2004-08-26 Smith Randolph C. System consolidation tool and method for patching multiple servers
US7024548B1 (en) * 2003-03-10 2006-04-04 Cisco Technology, Inc. Methods and apparatus for auditing and tracking changes to an existing configuration of a computerized device
US7529754B2 (en) 2003-03-14 2009-05-05 Websense, Inc. System and method of monitoring and controlling application files
WO2004095285A1 (ja) 2003-03-28 2004-11-04 Matsushita Electric Industrial Co.,Ltd. 記録媒体およびこれを用いる記録装置並びに再生装置
US7607010B2 (en) 2003-04-12 2009-10-20 Deep Nines, Inc. System and method for network edge data protection
US20050108516A1 (en) * 2003-04-17 2005-05-19 Robert Balzer By-pass and tampering protection for application wrappers
US20040230963A1 (en) 2003-05-12 2004-11-18 Rothman Michael A. Method for updating firmware in an operating system agnostic manner
DE10324189A1 (de) 2003-05-28 2004-12-16 Robert Bosch Gmbh Verfahren zur Steuerung des Zugriffs auf eine Ressource einer Applikation in einer Datenverarbeitungseinrichtung
US7657599B2 (en) * 2003-05-29 2010-02-02 Mindshare Design, Inc. Systems and methods for automatically updating electronic mail access lists
US20050108562A1 (en) * 2003-06-18 2005-05-19 Khazan Roger I. Technique for detecting executable malicious code using a combination of static and dynamic analyses
US7283517B2 (en) * 2003-07-22 2007-10-16 Innomedia Pte Stand alone multi-media terminal adapter with network address translation and port partitioning
US7886093B1 (en) * 2003-07-31 2011-02-08 Hewlett-Packard Development Company, L.P. Electronic device network supporting compression and decompression in electronic devices
US7464408B1 (en) 2003-08-29 2008-12-09 Solidcore Systems, Inc. Damage containment by translation
US20050065935A1 (en) 2003-09-16 2005-03-24 Chebolu Anil Kumar Client comparison of network content with server-based categorization
US20050114672A1 (en) * 2003-11-20 2005-05-26 Encryptx Corporation Data rights management of digital information in a portable software permission wrapper
US7600219B2 (en) 2003-12-10 2009-10-06 Sap Ag Method and system to monitor software interface updates and assess backward compatibility
US7546594B2 (en) 2003-12-15 2009-06-09 Microsoft Corporation System and method for updating installation components using an installation component delta patch in a networked environment
US20050198303A1 (en) * 2004-01-02 2005-09-08 Robert Knauerhase Dynamic virtual machine service provider allocation
US7272654B1 (en) 2004-03-04 2007-09-18 Sandbox Networks, Inc. Virtualizing network-attached-storage (NAS) with a compact table that stores lossy hashes of file names and parent handles rather than full names
US7783735B1 (en) 2004-03-22 2010-08-24 Mcafee, Inc. Containment of network communication
EP1745342A2 (en) 2004-04-19 2007-01-24 Securewave S.A. On-line centralized and local authorization of executable files
US20060004875A1 (en) * 2004-05-11 2006-01-05 Microsoft Corporation CMDB schema
US7890946B2 (en) 2004-05-11 2011-02-15 Microsoft Corporation Efficient patching
EP1767031B1 (en) 2004-05-24 2009-12-09 Computer Associates Think, Inc. System and method for automatically configuring a mobile device
US7818377B2 (en) 2004-05-24 2010-10-19 Microsoft Corporation Extended message rule architecture
US7506170B2 (en) * 2004-05-28 2009-03-17 Microsoft Corporation Method for secure access to multiple secure networks
US20050273858A1 (en) 2004-06-07 2005-12-08 Erez Zadok Stackable file systems and methods thereof
JP4341517B2 (ja) 2004-06-21 2009-10-07 日本電気株式会社 セキュリティポリシー管理システム、セキュリティポリシー管理方法およびプログラム
US20050289538A1 (en) 2004-06-23 2005-12-29 International Business Machines Corporation Deploying an application software on a virtual deployment target
US7203864B2 (en) * 2004-06-25 2007-04-10 Hewlett-Packard Development Company, L.P. Method and system for clustering computers into peer groups and comparing individual computers to their peers
US20060015501A1 (en) * 2004-07-19 2006-01-19 International Business Machines Corporation System, method and program product to determine a time interval at which to check conditions to permit access to a file
US7937455B2 (en) * 2004-07-28 2011-05-03 Oracle International Corporation Methods and systems for modifying nodes in a cluster environment
US7703090B2 (en) * 2004-08-31 2010-04-20 Microsoft Corporation Patch un-installation
US7506364B2 (en) * 2004-10-01 2009-03-17 Microsoft Corporation Integrated access authorization
US7512939B2 (en) * 2004-10-05 2009-03-31 Neopost Technologies System and method of secure updating of remote device software
US20060080656A1 (en) * 2004-10-12 2006-04-13 Microsoft Corporation Methods and instructions for patch management
US9329905B2 (en) * 2004-10-15 2016-05-03 Emc Corporation Method and apparatus for configuring, monitoring and/or managing resource groups including a virtual machine
US7765538B2 (en) 2004-10-29 2010-07-27 Hewlett-Packard Development Company, L.P. Method and apparatus for determining which program patches to recommend for installation
US20060101277A1 (en) * 2004-11-10 2006-05-11 Meenan Patrick A Detecting and remedying unauthorized computer programs
US7698744B2 (en) * 2004-12-03 2010-04-13 Whitecell Software Inc. Secure system for allowing the execution of authorized computer program code
US8479193B2 (en) * 2004-12-17 2013-07-02 Intel Corporation Method, apparatus and system for enhancing the usability of virtual machines
US7765544B2 (en) * 2004-12-17 2010-07-27 Intel Corporation Method, apparatus and system for improving security in a virtual machine host
US7607170B2 (en) 2004-12-22 2009-10-20 Radware Ltd. Stateful attack protection
US7302558B2 (en) 2005-01-25 2007-11-27 Goldman Sachs & Co. Systems and methods to facilitate the creation and configuration management of computing systems
US8056138B2 (en) 2005-02-26 2011-11-08 International Business Machines Corporation System, method, and service for detecting improper manipulation of an application
US7836504B2 (en) 2005-03-01 2010-11-16 Microsoft Corporation On-access scan of memory for malware
US7685635B2 (en) * 2005-03-11 2010-03-23 Microsoft Corporation Systems and methods for multi-level intercept processing in a virtual machine environment
TW200707417A (en) * 2005-03-18 2007-02-16 Sony Corp Reproducing apparatus, reproducing method, program, program storage medium, data delivery system, data structure, and manufacturing method of recording medium
US7552479B1 (en) 2005-03-22 2009-06-23 Symantec Corporation Detecting shellcode that modifies IAT entries
US7770151B2 (en) 2005-04-07 2010-08-03 International Business Machines Corporation Automatic generation of solution deployment descriptors
US7349931B2 (en) * 2005-04-14 2008-03-25 Webroot Software, Inc. System and method for scanning obfuscated files for pestware
US8590044B2 (en) 2005-04-14 2013-11-19 International Business Machines Corporation Selective virus scanning system and method
US7363463B2 (en) 2005-05-13 2008-04-22 Microsoft Corporation Method and system for caching address translations from multiple address spaces in virtual machines
WO2006137057A2 (en) 2005-06-21 2006-12-28 Onigma Ltd. A method and a system for providing comprehensive protection against leakage of sensitive information assets using host based agents, content- meta-data and rules-based policies
US8839450B2 (en) * 2007-08-02 2014-09-16 Intel Corporation Secure vault service for software components within an execution environment
US7739721B2 (en) * 2005-07-11 2010-06-15 Microsoft Corporation Per-user and system granular audit policy implementation
US7856661B1 (en) * 2005-07-14 2010-12-21 Mcafee, Inc. Classification of software on networked systems
US7895651B2 (en) * 2005-07-29 2011-02-22 Bit 9, Inc. Content tracking in a network security system
US7962616B2 (en) * 2005-08-11 2011-06-14 Micro Focus (Us), Inc. Real-time activity monitoring and reporting
US7340574B2 (en) * 2005-08-30 2008-03-04 Rockwell Automation Technologies, Inc. Method and apparatus for synchronizing an industrial controller with a redundant controller
US8327353B2 (en) * 2005-08-30 2012-12-04 Microsoft Corporation Hierarchical virtualization with a multi-level virtualization mechanism
US20070074199A1 (en) * 2005-09-27 2007-03-29 Sebastian Schoenberg Method and apparatus for delivering microcode updates through virtual machine operations
US8131825B2 (en) * 2005-10-07 2012-03-06 Citrix Systems, Inc. Method and a system for responding locally to requests for file metadata associated with files stored remotely
US7725737B2 (en) * 2005-10-14 2010-05-25 Check Point Software Technologies, Inc. System and methodology providing secure workspace environment
US20070169079A1 (en) 2005-11-08 2007-07-19 Microsoft Corporation Software update management
US7856538B2 (en) * 2005-12-12 2010-12-21 Systex, Inc. Methods, systems and computer readable medium for detecting memory overflow conditions
US20070143851A1 (en) 2005-12-21 2007-06-21 Fiberlink Method and systems for controlling access to computing resources based on known security vulnerabilities
US20070174429A1 (en) 2006-01-24 2007-07-26 Citrix Systems, Inc. Methods and servers for establishing a connection between a client system and a virtual machine hosting a requested computing environment
US7757269B1 (en) 2006-02-02 2010-07-13 Mcafee, Inc. Enforcing alignment of approved changes and deployed changes in the software change life-cycle
WO2007099273A1 (en) * 2006-03-03 2007-09-07 Arm Limited Monitoring values of signals within an integrated circuit
US8621433B2 (en) 2006-03-20 2013-12-31 Microsoft Corporation Managing version information for software components
US7895573B1 (en) * 2006-03-27 2011-02-22 Mcafee, Inc. Execution environment file inventory
US7752233B2 (en) * 2006-03-29 2010-07-06 Massachusetts Institute Of Technology Techniques for clustering a set of objects
US7870387B1 (en) 2006-04-07 2011-01-11 Mcafee, Inc. Program-based authorization
US8015563B2 (en) * 2006-04-14 2011-09-06 Microsoft Corporation Managing virtual machines with system-wide policies
US7966659B1 (en) 2006-04-18 2011-06-21 Rockwell Automation Technologies, Inc. Distributed learn mode for configuring a firewall, security authority, intrusion detection/prevention devices, and the like
US8458673B2 (en) 2006-04-26 2013-06-04 Flexera Software Llc Computer-implemented method and system for binding digital rights management executable code to a software application
US7849502B1 (en) 2006-04-29 2010-12-07 Ironport Systems, Inc. Apparatus for monitoring network traffic
US8291409B2 (en) * 2006-05-22 2012-10-16 Microsoft Corporation Updating virtual machine with patch on host that does not have network access
US7761912B2 (en) * 2006-06-06 2010-07-20 Microsoft Corporation Reputation driven firewall
US7809704B2 (en) 2006-06-15 2010-10-05 Microsoft Corporation Combining spectral and probabilistic clustering
US20070300215A1 (en) 2006-06-26 2007-12-27 Bardsley Jeffrey S Methods, systems, and computer program products for obtaining and utilizing a score indicative of an overall performance effect of a software update on a software host
US8365294B2 (en) * 2006-06-30 2013-01-29 Intel Corporation Hardware platform authentication and multi-platform validation
US8468526B2 (en) * 2006-06-30 2013-06-18 Intel Corporation Concurrent thread execution using user-level asynchronous signaling
US8572721B2 (en) * 2006-08-03 2013-10-29 Citrix Systems, Inc. Methods and systems for routing packets in a VPN-client-to-VPN-client connection via an SSL/VPN network appliance
US8015388B1 (en) 2006-08-04 2011-09-06 Vmware, Inc. Bypassing guest page table walk for shadow page table entries not present in guest page table
US8161475B2 (en) * 2006-09-29 2012-04-17 Microsoft Corporation Automatic load and balancing for virtual machines to meet resource requirements
US7689817B2 (en) * 2006-11-16 2010-03-30 Intel Corporation Methods and apparatus for defeating malware
US8091127B2 (en) 2006-12-11 2012-01-03 International Business Machines Corporation Heuristic malware detection
US7996836B1 (en) 2006-12-29 2011-08-09 Symantec Corporation Using a hypervisor to provide computer security
US8336046B2 (en) 2006-12-29 2012-12-18 Intel Corporation Dynamic VM cloning on request from application based on mapping of virtual hardware configuration to the identified physical hardware resources
US8381209B2 (en) 2007-01-03 2013-02-19 International Business Machines Corporation Moveable access control list (ACL) mechanisms for hypervisors and virtual machines and virtual port firewalls
US8254568B2 (en) 2007-01-07 2012-08-28 Apple Inc. Secure booting a computing device
US8380987B2 (en) 2007-01-25 2013-02-19 Microsoft Corporation Protection agents and privilege modes
US8276201B2 (en) 2007-03-22 2012-09-25 International Business Machines Corporation Integrity protection in data processing systems
US7930327B2 (en) 2007-05-21 2011-04-19 International Business Machines Corporation Method and apparatus for obtaining the absolute path name of an open file system object from its file descriptor
US20080301770A1 (en) * 2007-05-31 2008-12-04 Kinder Nathan G Identity based virtual machine selector
US20090007100A1 (en) * 2007-06-28 2009-01-01 Microsoft Corporation Suspending a Running Operating System to Enable Security Scanning
US8763115B2 (en) * 2007-08-08 2014-06-24 Vmware, Inc. Impeding progress of malicious guest software
US8332375B2 (en) 2007-08-29 2012-12-11 Nirvanix, Inc. Method and system for moving requested files from one storage location to another
US8245217B2 (en) * 2007-10-12 2012-08-14 Microsoft Corporation Management of software and operating system updates required for the process of creating a virtual machine facsimile of an existing physical or virtual machine
US8261265B2 (en) * 2007-10-30 2012-09-04 Vmware, Inc. Transparent VMM-assisted user-mode execution control transfer
JP5238235B2 (ja) 2007-12-07 2013-07-17 株式会社日立製作所 管理装置及び管理方法
US8336094B2 (en) * 2008-03-27 2012-12-18 Juniper Networks, Inc. Hierarchical firewalls
US8321931B2 (en) 2008-03-31 2012-11-27 Intel Corporation Method and apparatus for sequential hypervisor invocation
US8631397B2 (en) * 2008-03-31 2014-01-14 Microsoft Corporation Virtualized application image patching
US9088615B1 (en) * 2008-07-31 2015-07-21 Pulse Secure, Llc Determining a reduced set of remediation actions for endpoint integrity
CA2726310C (en) * 2008-08-07 2013-10-08 Serge Nabutovsky Link exchange system and method
US8065714B2 (en) * 2008-09-12 2011-11-22 Hytrust, Inc. Methods and systems for securely managing virtualization platform
US9141381B2 (en) * 2008-10-27 2015-09-22 Vmware, Inc. Version control environment for virtual machines
US8060722B2 (en) 2009-03-27 2011-11-15 Vmware, Inc. Hardware assistance for shadow page table coherence with guest page mappings
US9805041B2 (en) * 2009-05-04 2017-10-31 Open Invention Network, Llc Policy based layered filesystem management
US8359422B2 (en) 2009-06-26 2013-01-22 Vmware, Inc. System and method to reduce trace faults in software MMU virtualization
US8381284B2 (en) * 2009-08-21 2013-02-19 Mcafee, Inc. System and method for enforcing security policies in a virtual environment
US8341627B2 (en) * 2009-08-21 2012-12-25 Mcafee, Inc. Method and system for providing user space address protection from writable memory area in a virtual environment
US9262628B2 (en) * 2009-09-11 2016-02-16 Empire Technology Development Llc Operating system sandbox
US9552497B2 (en) 2009-11-10 2017-01-24 Mcafee, Inc. System and method for preventing data loss using virtual machine wrapped applications
US8938800B2 (en) * 2010-07-28 2015-01-20 Mcafee, Inc. System and method for network level protection against malicious software
US8925101B2 (en) 2010-07-28 2014-12-30 Mcafee, Inc. System and method for local protection against malicious software
US8694738B2 (en) * 2011-10-11 2014-04-08 Mcafee, Inc. System and method for critical address space protection in a hypervisor environment
US9069586B2 (en) * 2011-10-13 2015-06-30 Mcafee, Inc. System and method for kernel rootkit protection in a hypervisor environment
US8973144B2 (en) * 2011-10-13 2015-03-03 Mcafee, Inc. System and method for kernel rootkit protection in a hypervisor environment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006012197A2 (en) * 2004-06-29 2006-02-02 Intel Corporation Method of improving computer security through sandboxing
US20070136579A1 (en) * 2005-12-09 2007-06-14 University Of Washington Web browser operating system
WO2008054997A2 (en) * 2006-10-17 2008-05-08 Manage Iq, Inc. Control and management of virtual systems
CN101399835A (zh) * 2007-09-17 2009-04-01 英特尔公司 用于虚拟系统上动态切换和实时安全性控制的方法和设备

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104956376A (zh) * 2013-02-19 2015-09-30 赛门铁克公司 虚拟化环境中应用和设备控制的方法和技术
CN104956376B (zh) * 2013-02-19 2018-09-18 赛门铁克公司 虚拟化环境中应用和设备控制的方法和技术
CN107980123A (zh) * 2015-06-27 2018-05-01 迈克菲有限责任公司 敏感数据的保护
CN107980123B (zh) * 2015-06-27 2022-07-05 迈克菲有限责任公司 敏感数据的保护
CN105608379A (zh) * 2015-10-23 2016-05-25 浪潮(北京)电子信息产业有限公司 虚拟化环境下虚拟主机的加固系统和加固方法
CN108733452A (zh) * 2018-04-16 2018-11-02 南京维拓科技股份有限公司 基于web的云计算资源管理系统
CN108733452B (zh) * 2018-04-16 2021-05-14 南京维拓科技股份有限公司 基于web的云计算资源管理系统

Also Published As

Publication number Publication date
CN102741853B (zh) 2015-12-09
EP2499598B1 (en) 2018-05-16
US20170134436A1 (en) 2017-05-11
US9552497B2 (en) 2017-01-24
EP2499598A1 (en) 2012-09-19
WO2011059877A1 (en) 2011-05-19
US20110113467A1 (en) 2011-05-12

Similar Documents

Publication Publication Date Title
CN102741853B (zh) 用于利用虚拟机包裹应用来防止数据丢失的系统和方法
US11244049B2 (en) Use of an application controller to monitor and control software file and application environments
CN101079882B (zh) 基于态势的数据保护
CN110535833B (zh) 一种基于区块链的数据共享控制方法
CN100592311C (zh) 独立于操作系统的数据管理
CN102227734B (zh) 用于保护机密文件的客户端计算机和其服务器计算机以及其方法
CN102077208B (zh) 向应用程序集发放受保护内容的许可证的方法和系统
CN201846355U (zh) 安全咨询系统
CN104903910A (zh) 控制移动装置对安全数据的访问
US20110113242A1 (en) Protecting mobile devices using data and device control
CA2855862A1 (en) Method of securing a computing device
CN108920946A (zh) 基于浏览器的数据安全管控方法及装置
CN109644196A (zh) 消息保护
US8353053B1 (en) Computer program product and method for permanently storing data based on whether a device is protected with an encryption mechanism and whether data in a data structure requires encryption
CN107016288A (zh) 可信执行环境
CN104092743A (zh) 云环境下用户数据的保护方法及系统
CN110138785A (zh) 一种文档访问权限的处理方法、装置、介质和电子设备
WO2016122410A1 (en) Method for data protection using isolated environment in mobile device
Annansingh Bring your own device to work: how serious is the risk?
WO2020066493A1 (ja) 情報処理システム、情報処理方法及び情報処理プログラム
Takebayashi et al. Data loss prevention technologies
Raisian et al. Security issues model on cloud computing: A case of Malaysia
US10594698B2 (en) Methods and systems for controlling the exchange of files between an enterprise and a network
Antonishyn et al. Analysis of testing approaches to Android mobile application vulnerabilities.
Nabi et al. Smartphones platform security a comparison study

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: American California

Patentee after: McAfee limited liability company

Address before: texas

Patentee before: Mcafee, Inc.