CN104102857B - A windows executable file under the system lifecycle safety management system - Google Patents

A windows executable file under the system lifecycle safety management system Download PDF

Info

Publication number
CN104102857B
CN104102857B CN 201410340330 CN201410340330A CN104102857B CN 104102857 B CN104102857 B CN 104102857B CN 201410340330 CN201410340330 CN 201410340330 CN 201410340330 A CN201410340330 A CN 201410340330A CN 104102857 B CN104102857 B CN 104102857B
Authority
CN
Grant status
Grant
Patent type
Prior art keywords
file
system
access
program
process
Prior art date
Application number
CN 201410340330
Other languages
Chinese (zh)
Other versions
CN104102857A (en )
Inventor
邢希双
王超
Original Assignee
浪潮电子信息产业股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Grant date

Links

Abstract

本发明提供一种WINDOWS系统下的可执行文件全生命周期安全管理系统,通过使用Windows操作系统提供的文件过滤控制接口、程序启动通知接口及进程间访问行为回调接口,将文件访问控制、程序启动干预控制和进程间交互行为干预控制相结合,以全面增强Windows操作系统可执行文件全生命周期的安全性,系统包括:(1)文件系统访问控制模块;(2)程序启动控制模块;(3)程序运行控制模块;(4)规则配置应用程序模块,本发明在系统易用性方面提出了灵活的配置规则机制,即所有内核驱动模块在初始化时会读取预设好的访问控制规则,在工作期间可以任意增加、删除、更新需要的访问控制规则。 The present invention provides an executable file in WINDOWS system lifecycle safety management system, documents provided by using the Windows operating system filter control interface, program start notification interface between the process and the access behavior callback interfaces, file access control, the program starts interactive process between the intervention and control behavior intervention control combine to enhance the overall security of the Windows operating system executables life cycle of the system include: (1) file system access control module; (2) startup control module; (3 ) program execution control module; and (4) the rule module configuration application, the present invention proposes a flexible system configuration rules mechanism ease of use, i.e., all kernel module during initialization good read default access control rules, may be arbitrarily increased during operation, delete, update, access control rules need.

Description

一种WINDOWS系统下的可执行文件全生命周期安全管理系统 Executable file under a WINDOWS system lifecycle safety management system

技术领域 FIELD

[0001] 本发明涉及计算机操作系统安全领域,具体涉及一种WINDOWS系统下的可执行文件全生命周期安全管理系统。 [0001] The present invention relates to the field of computer operating system security, particularly to an executable file WINDOWS system security management system lifecycle.

背景技术 Background technique

[0002]随着云计算、大数据等新型技术的发展,对操作系统上资源的安全性要求越来越高。 [0002] With the development of new technologies of cloud computing, big data and other resources for the operating system security have become increasingly demanding. 可执行文件是操作系统上最重要的资源,它们或者是操作系统持续运行的支柱进程,或者是上层业务系统的核心程序,所以如何有效的保证可执行文件在整个生命周期中的安全性就成为急需解决的技术问题。 Executable files are the most important resource of the operating system, they are the backbone of the process or the operating system continues to run, or upper layer service system kernel, so how to effectively guarantee the security of the executable file throughout the life cycle becomes urgent need to solve the technical problems. 传统的解决方法要么在静态的文件层面进行控制,这样正在运行的程序就很容易被注入或破坏;要么在动态的进程层面进行控制,这样停止运行的可执行程序映像文件就很容易被删除或篡改,这样当该程序再次运行时,或者已经不存在,或者它的行为将不可预知;更没有在程序由静态的可执行文件到动态的进程转换过程中进行干预,以至于一些被人为或其它手段替换或篡改的程序能够轻而易举的运行起来。 The traditional solution either in a static file-level controls, so the running program can easily be injected or destroyed; or control in a dynamic process level, so stop running executable image file can easily be removed or tampered with, so that when the program runs again, or does not exist, or if its behavior is unpredictable; and no intervention in the program converted from a static to a dynamic process executable process that some are man-made or other alternative means or tampering can easily program up and running.

[0003] 本发明提出的WINDOWS系统下的可执行文件全生命周期安全管理系统可以将可执行文件的安全性明显提升,通过将文件访问控制、程序启动控制和程序运行控制相结合,有效保证可执行文件按照开发者的预期逻辑正确执行。 [0003] executable under WINDOWS system proposed by the present invention Lifecycle Management Security security system may significantly enhance the executable file, by the combination of file access control, startup control program and the control program is running, can effectively guarantee executable file execute properly as expected logic developers.

发明内容 SUMMARY

[0004] 本发明的目的是提供一种WINDOWS系统下的可执行文件全生命周期安全管理系统。 [0004] The object of the present invention is to provide a WINDOWS system executable in the security management system lifecycle.

[0005] 本发明的目的是按以下方式实现的,通过使用Windows操作系统提供的文件过滤控制接口、程序启动通知接口及进程间访问行为回调接口,将文件访问控制、程序启动干预控制和进程间交互行为干预控制相结合,可以全面增强Windows操作系统可执行文件全生命周期的安全性,系统包括:(I)文件系统访问控制模块;(2)程序启动控制模块;(3)程序运行控制模块;(4)规则配置应用程序模块,其中: [0005] The present invention is implemented in the following manner, documents provided by using the Windows operating system filter control interface, the program starts between notification interface and process access behavior callback interfaces, file access control, the program starts between the intervention Control and Process interactive combination of behavioral interventions to control, can fully enhance the security of the Windows operating system executables life cycle of the system include: (I) the file system access control module; (2) startup control module; (3) the program execution control module ; (4) rule configuration application module, wherein:

[0006] (I)文件系统访问控制模块:采用文件系统过滤内核驱动的方式实现,根据当前操作系统和系统上的应用程序所涉及的所有可执行文件情况,灵活的配置访问的规则,包括支持具体文件和含有通配符的模糊文件的规则,所有访问规则在该模块规则链表中存放,文件系统过滤内核驱动感知文件访问操作,包括执行、改写、删除、重命名、移动、覆盖的访问操作,查询文件访问控制链表,对可执行文件任何非法的访问和篡改都将得到保护,如果系统配置了某种特定类型的文件在当前操作系统下不能执行,那么对于以执行权位打开该类型的文件,文件过滤驱动获取该文件的路径名称,查询文件访问控制链表后直接予以拒绝,从而该类型的可执行文件状态无法从停止态转换为启动态; [0006] (I) the file system access control module: using file system filter kernel mode driver to achieve, depending on the application all executable files on the current operating system and system involved, the access rules flexible configuration, including support rules specific documents and ambiguous file containing wildcard, all access rules in the rules that the list stored in the file system filter kernel driver aware file access operations include performing, rewriting, deleting, renaming, moving, covering the access operation, the query file access control list for the executable file any illegal access and tampering will be protected, if the system is configured with a particular type of operating system files can not be executed in the current, then to open this type of file to execute the right place, file system filter driver to obtain the file path name, the file access control list upon inquiry directly rejected, so that the state of the executable file type can not be stopped from the state to the activated state;

[0007] (2)程序启动控制模块:采用内核驱动的方式实现,根据当前操作系统和系统上的应用程序所涉及的所有可执行文件情况,灵活的配置访问规则,包括支持具体文件和含有通配符的模糊文件的规则,所有访问规则在该模块规则链表中存放,同时注册Windows操作系统进程创建通知,当操作系统中有任何新的进程创建的时候,操作系统会通知程序启动控制模块,程序启动控制模块收到通知时,获取要创建的进程映像文件路径名称,查询进程创建控制链表,对于任何非法的进程创建、运行,该模块直接进行阻断,从而对应的可执行文件状态无法从启动态转换为运行态; [0007] (2) Startup Control Module: kernel driver manner, according to all the application's executable file on the current operating system and system involved, the flexible configuration of access rules, including file containing specific support wildcards rules of fuzzy file, all access rules in the module rule list stored at the same time register the Windows operating system, the process of creating a notification when the operating system in any new process is created, the operating system will notify the program startup control module, the program starts upon receipt of the notification control module, to obtain the image file path name of the process to create, query process to create a control list, for any unlawful process to create, run, block the module directly, so that the corresponding executable file state can not start from a dynamic is converted to the operating mode;

[0008] (3)程序运行控制模块:采用内核驱动的方式实现,根据当前操作系统和系统上的应用程序所涉及的所有可执行文件情况,灵活的配置访问规则,包括支持具体文件和含有通配符的模糊文件的规则,所有访问规则在该模块规则链表中存放。 [0008] (3) The program execution control module: using the kernel driver of the embodiment, all executable files According application on the current operating system and system involved, flexible configuration access rules, including file containing specific support wildcards the fuzzy rules file, all access rules stored in the rule module list. 程序运行控制模块感知进程间访问操作,包括写地址空间内存、创建远程线程、设置进程相关信息、终止挂起进程、复制进程句柄的访问操作,查询进程访问控制链表,运行中的进程的任何非法的注入和破坏都将得到保护,如果当前操作系统上某个重要的程序或服务非常重要,一旦停止运行将造成较大的危害,允许给该程序或服务配置禁止停止规则,程序运行控制模块感知到停止该程序或服务的动作时,获取该程序或服务对应的可执行文件路径名称,查询进程访问控制链表后直接予以拒绝,从而对应的可执行文件状态无法从运行态转换为停止态; The program runs between perception process control module access operations, including the write memory address space, create a remote thread, set process-related information, pending termination process, access to copy operations, query process process handle access control list, any illegal operation processes injection and destruction will be protected, an important program or service if the current operating system is very important, once stopped will cause greater harm to allow to configure rules prohibit stop the program or service, program execution control module perception when action to stop the program or service, obtaining the executable file path name of the corresponding program or service, they are rejected direct access control list after the inquiry process, thus corresponding executable file can not be converted from state to run for the state to stop state;

[0009] (4)规则配置应用程序模块:采用Windows应用程序的方式实现,负责安装文件系统访问控制模块、程序启动控制模块和程序运行控制模块,接收命令配置三个模块的规则或从当前操作系统中卸载三个模块。 [0009] (4) application rule configuration module: using Windows application way, responsible for installing the file system access control module, control module and the program starts the program execution control module, configured to receive a command from the three modules of the current operating rules or three unloading system modules.

[0010] 本发明的目的有益效果是:该方法具有可进行文件系统上的静态可执行文件、程序启动过程、内存中的动态进程全生命周期管理的特点,通过使用Windows操作系统提供的文件过滤控制接口、程序启动通知接口及进程间访问行为回调接口,将文件访问控制、程序启动干预控制和进程间交互行为干预控制相结合,可以全面增强Windows操作系统可执行文件全生命周期的安全性。 [0010] The purpose beneficial effect of the invention is: the method can be static characteristics of the executable file on the file system, the program starts the process, dynamic memory process lifecycle management, document provided by the Windows operating system filter control interface, program start notification interface between the process and the access behavior callback interfaces, file access control, the program starts the process of interaction between the intervention and control combined with behavioral interventions to control, can fully enhance the security of the Windows operating system executables full life cycle.

[0011] 本发明在系统易用性方面提出了灵活的配置规则机制,即所有内核驱动模块在初始化时会读取预设好的访问控制规则,在工作期间可以任意增加、删除、更新需要的访问控制规则。 [0011] The present invention provides a flexible configuration mechanism rules in the system ease of use, that is, all the kernel module during initialization good reads default access control rules can be added during any work, delete, update needed access control rules.

附图说明 BRIEF DESCRIPTION

[0012]图1是可执行文件全生命周期状态转换原理示意图; [0012] FIG. 1 is a schematic diagram of an executable file lifecycle state transition principle;

[0013]图2是可执行文件全生命周期安全管理模块结构图; [0013] FIG. 2 is an executable file lifecycle management module configuration diagram of the security;

[0014]图3是规则配置应用程序流程图。 [0014] FIG. 3 is a flowchart showing application configuration rules.

具体实施方式 Detailed ways

[0015] 为使本发明的目的、技术方案和优点更加清楚,下面将结合附图对本发明做进一步地详细描述。 [0015] To make the objectives, technical solutions, and advantages of the present invention clearer, the following will be made in conjunction with the accompanying drawings of the present invention is described in further detail.

[0016] 一种WINDOWS系统下的可执行文件全生命周期安全管理系统,通过在现有Windows操作系统下增加内核安全模块,干预操作系统的文件访问操作、进程启动控制和进程间行为控制,从而提高可执行文件整个生命周期的安全性,其原理如图1所示,其系统组成如图2所不,系统包括(I)内核态文件访问控制模块;(2)内核态程序启动控制模块;(3)内核态程序运行控制模块;(4)用户态规则配置应用程序。 Executable files in the [0016] A WINDOWS system lifecycle safety management system, by increasing the kernel security module in an existing Windows operating system, file system access operator intervention operations, process control startup behavior between control and processes, thus improve the security of the entire life cycle of the executable file, the principle shown in Figure 1, system components which are not shown in Figure 2, the system comprising (I) kernel state file access control module; (2) a control module startup kernel mode; (3) The program execution control module kernel mode; (4) user-mode application rule configuration.

[0017]内核态文件访问控制模块(I)由用户态规则配置应用程序加载进操作系统内核(见图3)。 [0017] The kernel state file access control module (I) rules configured by the user mode application is loaded into the operating system kernel (see FIG. 3). 加载成功后,用户态规则配置应用程序立即建立与内核态文件访问控制模块的通讯连接,以后所有的文件访问控制规则的添加、删除、更新都通过此连接进行(见图2)。 After successfully loaded, the user mode to configure the application to establish the rule immediately and kernel mode file access control module of the communication connection, after all file access control rules to add, delete, update through this connection (see Figure 2).

[0018]内核态程序启动控制模块(2)由用户态规则配置应用程序加载进操作系统内核(见图3)。 [0018] The kernel mode startup control module (2) configured by the user mode application rules loaded into the operating system kernel (see FIG. 3). 加载成功后,用户态规则配置应用程序立即建立与内核态程序启动控制模块的通讯连接,以后所有的程序启动控制规则的添加、删除、更新都通过此连接进行(见图2)。 After successfully loaded, the user mode to configure the application to establish the rule immediately start with the kernel mode control module connected to the communication program, all future proceedings control rules add, delete, update through this connection (see Figure 2).

[0019]内核态程序运行控制模块(3)由用户态规则配置应用程序加载进操作系统内核(见图3)。 [0019] The kernel mode program execution control module (3) configure the application loaded into the operating system kernel (see FIG. 3) by a regular user mode. 加载成功后,用户态规则配置应用程序立即建立与内核态程序运行控制模块的通讯连接,以后所有的程序运行控制规则的添加、删除、更新都通过此连接进行(见图2)。 After successfully loaded, the user mode to configure the application to establish the rule immediately connected communication kernel mode program execution control module and, after all the rules of operation control program to add, delete, update through this connection (see Figure 2).

[0020] 用户态规则配置应用程序(4)是整个Windows系统下的可执行文件全生命周期安全管理的运行枢纽和统一数据入口。 [0020] user mode rule configuration application (4) is running hub and unify data entry executable files in the Windows system throughout the entire life cycle of safety management. 用户态规则配置应用程序启动时,首先加载上述三个内核模块,然后从初始配置文件中获取三个模块的初始规则,分别将三种初始规则提交给三个内核模块,使文件全生命周期安全管理的初始规则生效。 Rule configuration mode when a user starts the application, the above three first loaded kernel modules, three modules and acquires initial rule from the initial profile, respectively, will be submitted to three kinds of rules to the initial three kernel modules, so that the security document lifecycle the initial management rules take effect. 以上处理完成后,用户态规则配置应用程序便启动起来了,然后它就处于等待用户命令状态。 After the above process is completed, the user mode rule configuration application will start up, and then it waits for the user in command state. 当用户态规则配置应用程序收到用户命令时,它判断收到的命令是否是退出命令,如果是退出命令,它就卸载三个内核模块,然后自己也退出运行;如果不是退出命令,则该命令一定是规则配置命令,它从命令参数中获取输入规则的类型和内容,然后把输入规则的内容提交给对应的内核模块,从而使相应的内核防护立即生效。 When a user mode rule configuration application receives a user command, it determines whether the received command is the exit command to exit the command if it is, it will unload three kernel modules, then he is out of operation; if not quit command, the command must be regular configuration command, it gets type and content rules from the command input parameters, and then submitted for the rule to the corresponding content kernel module, so that the corresponding core protection effect immediately.

[0021]除说明书所述的技术特征外,均为本专业技术人员的已知技术。 [0021] In addition to the technical features described in the specification, it is known to those skilled in the art.

Claims (1)

1.一种WINDOWS系统下的可执行文件全生命周期安全管理系统,其特征在于通过使用Windows操作系统提供的文件过滤控制接口、程序启动通知接口及进程间访问行为回调接口,将文件访问控制、程序启动干预控制和进程间交互行为干预控制相结合,以全面增强Windows操作系统可执行文件全生命周期的安全性,系统包括:(I)文件系统访问控制模块;(2)程序启动控制模块;(3)程序运行控制模块;(4)规则配置应用程序模块,其中: (1)文件系统访问控制模块:采用文件系统过滤内核驱动的方式实现,根据当前操作系统和系统上的应用程序所涉及的所有可执行文件情况,灵活的配置访问的规则,包括支持具体文件和含有通配符的模糊文件的规则,所有访问规则在该模块规则链表中存放,文件系统过滤内核驱动感知文件访问操作,包括执行、改写、删除、重命名、移动、 An executable file in WINDOWS system lifecycle safety management system, characterized in that the documents provided by using the Windows operating system filter control interface, program start notification interface between the process and the access behavior callback interfaces, file access control, between the intervention and control program starts the process of interactive behavioral interventions to control combine to enhance the overall security of the Windows operating system executables life cycle of the system include: (I) the file system access control module; (2) the program starts control module; (3) the program execution control module; and (4) rule configuration application module, wherein: (1) the file system access control module: by way of file system filter kernel driver implementation involved depending on the application on the current operating system and all executable files, the flexible access rule configuration, including support and fuzzy rules specific documents containing wildcard file, all access rules stored in the rule module list, the file system filter kernel driver aware file access operations, including the execution , rewrite, delete, rename, move, 盖的访问操作,查询文件访问控制链表,对可执行文件任何非法的访问和篡改都将得到保护,如果系统配置的文件在当前操作系统下不能执行,那么对于以执行权位打开该类型的文件,文件过滤驱动获取该文件的路径名称,查询文件访问控制链表后直接予以拒绝,从而该类型的可执行文件状态无法从停止态转换为启动态; (2)程序启动控制模块:采用内核驱动的方式实现,根据当前操作系统和系统上的应用程序所涉及的所有可执行文件情况,灵活的配置访问规则,包括支持具体文件和含有通配符的模糊文件的规则,所有访问规则在该模块规则链表中存放,同时注册Windows操作系统进程创建通知,当操作系统中有任何新的进程创建的时候,操作系统会通知程序启动控制模块,程序启动控制模块收到通知时,获取要创建的进程映像文件路径名称,查询进 Cover access operations, query file access control list for the executable file any illegal access and tampering will be protected, if the system configuration file can not be executed under the current operating system, to open this type of file to execute the right place , filter driver acquires file path name of the file, the file access control list upon inquiry directly rejected, so that the state of the executable file type can not be stopped from the state to the activated state; (2) startup control module: kernel driver implementation, all according to the application's executable file on the current operating system and system involved, the flexible configuration of access rules, including support and fuzzy rules specific documents containing wildcard file, all access rules in the rule chain module storage, while the Windows operating system registration process creates a notification when the operating system in any new process is created, the operating system will notify the program startup control module, the program starts when you receive notification control module, access to the process of creating the image file path name, inquiry into 创建控制链表,对于任何非法的进程创建、运行,该模块直接进行阻断,从而对应的可执行文件状态无法从启动态转换为运行态; (3)程序运行控制模块:采用内核驱动的方式实现,根据当前操作系统和系统上的应用程序所涉及的所有可执行文件情况,灵活的配置访问规则,包括支持具体文件和含有通配符的模糊文件的规则,所有访问规则在该模块规则链表中存放,程序运行控制模块感知进程间访问操作,包括写地址空间内存、创建远程线程、设置进程相关信息、终止挂起进程、复制进程句柄的访问操作,查询进程访问控制链表,运行中的进程的任何非法的注入和破坏都将得到保护,如果当前操作系统上某个重要的程序或服务非常重要,一旦停止运行将造成较大的危害,允许给该程序或服务配置禁止停止规则,程序运行控制模块感知到停止该程序或 Create Control Lists for any illegal process creation, operation, the module is directly blocked state so as to correspond to the executable file from the activated state can not be converted into the operating mode; (3) The program execution control module: The kernel driver manner the case where the application all executable files on the current operating system and system involved, flexible configuration access rules, including support and fuzzy rules specific documents containing wildcard file, all access rules stored in the rule list in the module, the program runs between perception process control module access operations, including the write memory address space, create a remote thread, set process-related information, pending termination process, access to copy operations, query process process handle access control list, any illegal operation processes injection and destruction will be protected, an important program or service if the current operating system is very important, once stopped will cause greater harm to allow to configure rules prohibit stop the program or service, program execution control module perception to stop the program or 务的动作时,获取该程序或服务对应的可执行文件路径名称,查询进程访问控制链表后直接予以拒绝,从而对应的可执行文件状态无法从运行态转换为停止态; (4)规则配置应用程序模块:采用Windows应用程序的方式实现,负责安装文件系统访问控制模块、程序启动控制模块和程序运行控制模块,接收命令配置三个模块的规则或从当前操作系统中卸载三个模块。 When service operation, to obtain the executable file path name of the corresponding program or service, they are rejected direct access control list after the inquiry process, thus corresponding executable file state can not run from the state to the stop state; (4) the rules configuration application program module: using Windows application way, responsible for the installation file system access control module, control module and the program starts to run control module receives commands to configure rules three modules of three or unload modules from the current operating system.
CN 201410340330 2014-07-17 2014-07-17 A windows executable file under the system lifecycle safety management system CN104102857B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201410340330 CN104102857B (en) 2014-07-17 2014-07-17 A windows executable file under the system lifecycle safety management system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201410340330 CN104102857B (en) 2014-07-17 2014-07-17 A windows executable file under the system lifecycle safety management system

Publications (2)

Publication Number Publication Date
CN104102857A true CN104102857A (en) 2014-10-15
CN104102857B true CN104102857B (en) 2017-02-15

Family

ID=51671001

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201410340330 CN104102857B (en) 2014-07-17 2014-07-17 A windows executable file under the system lifecycle safety management system

Country Status (1)

Country Link
CN (1) CN104102857B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101311924A (en) * 2007-05-24 2008-11-26 中兴通讯股份有限公司 Graphical user interface browsers system and method

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8578076B2 (en) * 2009-05-01 2013-11-05 Citrix Systems, Inc. Systems and methods for establishing a cloud bridge between virtual storage resources
CN102113334B (en) * 2009-05-19 2013-09-11 松下电器产业株式会社 Recording medium, reproducing device, encoding device, integrated circuit, and reproduction output device
US9659077B2 (en) * 2012-06-18 2017-05-23 Actifio, Inc. System and method for efficient database record replication using different replication strategies based on the database records

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101311924A (en) * 2007-05-24 2008-11-26 中兴通讯股份有限公司 Graphical user interface browsers system and method

Also Published As

Publication number Publication date Type
CN104102857A (en) 2014-10-15 application

Similar Documents

Publication Publication Date Title
US8234640B1 (en) Compliance-based adaptations in managed virtual systems
US8225317B1 (en) Insertion and invocation of virtual appliance agents through exception handling regions of virtual machines
US20080134177A1 (en) Compliance-based adaptations in managed virtual systems
US20120144391A1 (en) Provisioning a virtual machine
US20110265076A1 (en) System and Method for Updating an Offline Virtual Machine
US20110061045A1 (en) Operating Systems in a Layerd Virtual Workspace
US20090164994A1 (en) Virtual computing management systems and methods
US20030163723A1 (en) Method and apparatus for loading a trustable operating system
US20070112999A1 (en) Efficient power management of a system with virtual machines
US20110231839A1 (en) Virtual machine homogenization to enable migration across heterogeneous computers
US20070106993A1 (en) Computer security method having operating system virtualization allowing multiple operating system instances to securely share single machine resources
US7574709B2 (en) VEX-virtual extension framework
US7665143B2 (en) Creating secure process objects
US20140082621A1 (en) Automatic optimization for virtual systems
US20120227058A1 (en) Dynamic application migration
US8949825B1 (en) Enforcement of compliance policies in managed virtual systems
US20130104125A1 (en) System and Method for License Management of Virtual Machines at a Virtual Machine Manager
US20090125902A1 (en) On-demand disposable virtual work system
US20130227551A1 (en) System and method for hypervisor version migration
CN102207881A (en) Quick operation system start-up method based on Android
US9086917B1 (en) Registering and accessing virtual systems for use in a managed system
US20120144179A1 (en) Fast computer startup
US9111089B1 (en) Systems and methods for safely executing programs
US8127316B1 (en) System and method for intercepting process creation events
US8887152B1 (en) Android application virtual environment

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
C14 Grant of patent or utility model