JP2014516191A - 仮想パーティションを監視するためのシステムおよび方法 - Google Patents
仮想パーティションを監視するためのシステムおよび方法 Download PDFInfo
- Publication number
- JP2014516191A JP2014516191A JP2014514848A JP2014514848A JP2014516191A JP 2014516191 A JP2014516191 A JP 2014516191A JP 2014514848 A JP2014514848 A JP 2014514848A JP 2014514848 A JP2014514848 A JP 2014514848A JP 2014516191 A JP2014516191 A JP 2014516191A
- Authority
- JP
- Japan
- Prior art keywords
- event
- virtual
- auxiliary agent
- virtual partition
- handler
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 95
- 238000012544 monitoring process Methods 0.000 title description 25
- 230000008569 process Effects 0.000 claims abstract description 82
- 239000012752 auxiliary agent Substances 0.000 claims abstract description 43
- 230000009471 action Effects 0.000 claims abstract description 21
- 238000012545 processing Methods 0.000 description 18
- 230000001960 triggered effect Effects 0.000 description 9
- 230000008901 benefit Effects 0.000 description 6
- 239000003795 chemical substances by application Substances 0.000 description 6
- 238000004891 communication Methods 0.000 description 6
- 230000000694 effects Effects 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 5
- 238000001514 detection method Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 238000002347 injection Methods 0.000 description 3
- 239000007924 injection Substances 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 238000005192 partition Methods 0.000 description 3
- 238000011156 evaluation Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 244000035744 Hura crepitans Species 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 239000002184 metal Substances 0.000 description 1
- 230000007727 signaling mechanism Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45545—Guest-host, i.e. hypervisor is an application program itself, e.g. VirtualBox
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45591—Monitoring or debugging support
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Virology (AREA)
- Databases & Information Systems (AREA)
- Computing Systems (AREA)
- Bioethics (AREA)
- Debugging And Monitoring (AREA)
- Storage Device Security (AREA)
Abstract
【選択図】図1
Description
Claims (26)
- 仮想パーティションのイベントに関するイベント通知を、外部ハンドラで受信する段階と、
前記仮想パーティション内の補助エージェントに、タスクを実行して、前記タスクに基づく結果を前記外部ハンドラに戻すよう命令する段階と、
前記補助エージェントが返した前記結果に基づいてポリシーアクションをとる段階と
を備える方法。 - 前記外部ハンドラは、第2の仮想パーティションで動作する、請求項1に記載の方法。
- 前記外部ハンドラは、仮想ホストで動作する、請求項1に記載の方法。
- 前記外部ハンドラは、仮想化プラットフォームの第1の仮想ゲストで動作し、
前記仮想パーティションは、前記仮想化プラットフォームの第2の仮想ゲストである、請求項1に記載の方法。 - 前記イベント通知は、仮想化プラットフォームのハイパーバイザエクステンションから受信される、請求項1から4のいずれか一項に記載の方法。
- 前記イベントを生じさせた前記仮想パーティションのプロセスのスレッドを保留する段階と、
前記イベントを生じさせた前記スレッドを保留した後に、前記仮想パーティションの他のプロセスを再開する段階とをさらに備える、請求項1から5のいずれか一項に記載の方法。 - 前記補助エージェントから戻された前記結果は、前記イベントに関するイベントコンテキストを含む、請求項1から6のいずれか一項に記載の方法。
- 前記ポリシーアクションは、前記イベントを生じさせたプロセスを終了することを含む、請求項1から7のいずれか一項に記載の方法。
- 前記ポリシーアクションは、前記イベントを生じさせたプロセスを終了するように、前記補助エージェントに命令することを含む、請求項1から8のいずれか一項に記載の方法。
- 前記外部ハンドラは、仮想化プラットフォームの第1の仮想ゲストで動作して、
前記仮想パーティションは、前記仮想化プラットフォームの第2の仮想ゲストであり、
前記イベント通知は、前記仮想化プラットフォームのハイパーバイザエクステンションから受信され、
前記仮想パーティションの他のプロセスは、前記イベントを生じさせたプロセスのスレッドを保留した後に再開され、
前記補助エージェントからの前記結果は、前記イベントに関するイベントコンテキストを含み、
前記ポリシーアクションは、前記イベントを生じさせた前記プロセスを終了するように、前記補助エージェントに命令する、請求項1に記載の方法。 - 1以上のプロセッサとメモリとを備えるシステムであって、さらに、
仮想パーティションのイベントに関するイベント通知を、外部ハンドラで受信する手段と、
前記仮想パーティション内の補助エージェントに、タスクを実行して、前記タスクに基づく結果を前記外部ハンドラに戻すよう命令する手段と、
前記補助エージェントが返した前記結果に基づいてポリシーアクションをとる手段と
を備える、システム。 - 前記外部ハンドラは、第2の仮想パーティションで動作する、請求項11に記載のシステム。
- 前記外部ハンドラは、仮想ホストで動作する、請求項11に記載のシステム。
- 前記外部ハンドラは、仮想化プラットフォームの第1の仮想ゲストで動作し、
前記仮想パーティションは、前記仮想化プラットフォームの第2の仮想ゲストである、請求項11に記載のシステム。 - 前記イベント通知は、仮想化プラットフォームのハイパーバイザエクステンションから受信される、請求項11から14のいずれか一項に記載のシステム。
- 前記イベントを生じさせた前記仮想パーティションのプロセスのスレッドを保留する手段をさらに備える、請求項11から15のいずれか一項に記載のシステム。
- 前記補助エージェントから戻された前記結果は、前記イベントに関するイベントコンテキストを含む、請求項11から16のいずれか一項に記載のシステム。
- 前記ポリシーアクションは、前記イベントを生じさせたプロセスを終了することを含む、請求項11から17のいずれか一項に記載のシステム。
- 前記ポリシーアクションは、前記イベントを生じさせたプロセスを終了するように、前記補助エージェントに命令することを含む、請求項11から18のいずれか一項に記載のシステム。
- 仮想パーティション内の補助エージェントと、
前記仮想パーティション外のセキュリティハンドラと、
前記セキュリティハンドラと前記補助エージェントとに関する命令を実行する1以上のプロセッサと
を備える装置であって、
前記命令は、
前記仮想パーティションのイベントに関するイベント通知を、前記セキュリティハンドラで受信することと、
前記イベントを生じさせた前記仮想パーティションのプロセスのスレッドを保留することと、
前記補助エージェントに、前記仮想パーティション内でタスクを実行して、前記タスクに基づく結果を前記セキュリティハンドラに戻すよう命令することと、
前記補助エージェントが返した前記結果に基づいてポリシーアクションをとることと
を含む処理を実行する、装置。 - 前記セキュリティハンドラは、仮想化プラットフォームの第1の仮想ゲストで動作し、
前記仮想パーティションは、前記仮想化プラットフォームの第2の仮想ゲストである、請求項20に記載の装置。 - 前記イベント通知は、仮想化プラットフォームのハイパーバイザエクステンションから受信される、請求項20または21に記載の装置。
- 前記処理はさらに、
前記イベントを生じさせたプロセスのスレッドを保留した後に、前記仮想パーティションの他のプロセスを再開することを含む、請求項20から22のいずれか一項に記載の装置。 - 前記補助エージェントから戻された前記結果は、前記イベントに関するイベントコンテキストを含む、請求項20から23のいずれか一項に記載の装置。
- 前記ポリシーアクションは、前記イベントを生じさせた前記プロセスを終了することを含む、請求項20から24のいずれか一項に記載の装置。
- 前記ポリシーアクションは、前記イベントを生じさせた前記プロセスを終了するように、前記補助エージェントに命令することを含む、請求項20から25のいずれか一項に記載の装置。
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/155,572 | 2011-06-08 | ||
US13/155,572 US9298910B2 (en) | 2011-06-08 | 2011-06-08 | System and method for virtual partition monitoring |
PCT/US2012/041384 WO2012170709A2 (en) | 2011-06-08 | 2012-06-07 | System and method for virtual partition monitoring |
Publications (2)
Publication Number | Publication Date |
---|---|
JP2014516191A true JP2014516191A (ja) | 2014-07-07 |
JP5861228B2 JP5861228B2 (ja) | 2016-02-16 |
Family
ID=47294263
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2014514848A Active JP5861228B2 (ja) | 2011-06-08 | 2012-06-07 | 仮想パーティションを監視するためのシステム、装置、プログラムおよび方法 |
Country Status (6)
Country | Link |
---|---|
US (2) | US9298910B2 (ja) |
EP (1) | EP2718867A4 (ja) |
JP (1) | JP5861228B2 (ja) |
KR (1) | KR101626398B1 (ja) |
CN (1) | CN103827882B (ja) |
WO (1) | WO2012170709A2 (ja) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2017102823A (ja) * | 2015-12-04 | 2017-06-08 | 日本電信電話株式会社 | 解析装置、解析方法および解析プログラム |
JP2017111794A (ja) * | 2015-12-18 | 2017-06-22 | エーオー カスペルスキー ラボAO Kaspersky Lab | 障害のあるユーザのためのapiを使用したデータへのアクセスを制御するためのシステムおよび方法 |
JP2018129019A (ja) * | 2017-02-08 | 2018-08-16 | エーオー カスペルスキー ラボAO Kaspersky Lab | 仮想マシンにおける悪意のあるファイルを分析するシステム及び方法 |
JP2018538633A (ja) * | 2015-12-19 | 2018-12-27 | ビットディフェンダー アイピーアール マネジメント リミテッド | 複数のネットワークエンドポイントをセキュアにするためのデュアルメモリイントロスペクション |
JP2022104878A (ja) * | 2020-12-30 | 2022-07-12 | アクロニス・インターナショナル・ゲーエムベーハー | ソフトウェアへの悪意あるプロセスの注入を防止するためのシステムおよび方法 |
Families Citing this family (57)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9298910B2 (en) | 2011-06-08 | 2016-03-29 | Mcafee, Inc. | System and method for virtual partition monitoring |
US9311126B2 (en) | 2011-07-27 | 2016-04-12 | Mcafee, Inc. | System and method for virtual partition monitoring |
CN102768629B (zh) * | 2012-04-16 | 2017-02-08 | 中兴通讯股份有限公司 | 基于调度层实现虚拟机间通讯的方法和装置 |
US9225638B2 (en) | 2013-05-09 | 2015-12-29 | Vmware, Inc. | Method and system for service switching using service tags |
US10033693B2 (en) | 2013-10-01 | 2018-07-24 | Nicira, Inc. | Distributed identity-based firewalls |
US9619346B2 (en) * | 2013-10-31 | 2017-04-11 | Assured Information Security, Inc. | Virtual machine introspection facilities |
US10255093B2 (en) * | 2013-12-17 | 2019-04-09 | Intel Corporation | Techniques for portable computing device virtualization |
US9973531B1 (en) * | 2014-06-06 | 2018-05-15 | Fireeye, Inc. | Shellcode detection |
US11496606B2 (en) | 2014-09-30 | 2022-11-08 | Nicira, Inc. | Sticky service sessions in a datacenter |
US9774537B2 (en) | 2014-09-30 | 2017-09-26 | Nicira, Inc. | Dynamically adjusting load balancing |
US9825810B2 (en) | 2014-09-30 | 2017-11-21 | Nicira, Inc. | Method and apparatus for distributing load among a plurality of service nodes |
US10606626B2 (en) | 2014-12-29 | 2020-03-31 | Nicira, Inc. | Introspection method and apparatus for network access filtering |
SG10201500698YA (en) * | 2015-01-29 | 2016-08-30 | Huawei Internat Pte Ltd | Method for data protection using isolated environment in mobile device |
CN104766006B (zh) * | 2015-03-18 | 2019-03-12 | 百度在线网络技术(北京)有限公司 | 一种确定危险文件所对应的行为信息的方法和装置 |
US10594743B2 (en) | 2015-04-03 | 2020-03-17 | Nicira, Inc. | Method, apparatus, and system for implementing a content switch |
KR102319661B1 (ko) * | 2015-08-07 | 2021-11-03 | 삼성전자주식회사 | 전자 장치 및 전자 장치의 보안 정보 저장 방법 |
US10324746B2 (en) | 2015-11-03 | 2019-06-18 | Nicira, Inc. | Extended context delivery for context-based authorization |
US10938837B2 (en) | 2016-08-30 | 2021-03-02 | Nicira, Inc. | Isolated network stack to manage security for virtual machines |
US20180082053A1 (en) * | 2016-09-21 | 2018-03-22 | Telefonaktiebolaget Lm Ericsson (Publ) | Application token through associated container |
WO2018106612A1 (en) | 2016-12-06 | 2018-06-14 | Nicira, Inc. | Performing context-rich attribute-based services on a host |
US10635479B2 (en) | 2016-12-19 | 2020-04-28 | Bitdefender IPR Management Ltd. | Event filtering for virtual machine security applications |
US10805332B2 (en) | 2017-07-25 | 2020-10-13 | Nicira, Inc. | Context engine model |
US10812451B2 (en) | 2016-12-22 | 2020-10-20 | Nicira, Inc. | Performing appID based firewall services on a host |
US11032246B2 (en) | 2016-12-22 | 2021-06-08 | Nicira, Inc. | Context based firewall services for data message flows for multiple concurrent users on one machine |
US10581960B2 (en) | 2016-12-22 | 2020-03-03 | Nicira, Inc. | Performing context-rich attribute-based load balancing on a host |
US10803173B2 (en) | 2016-12-22 | 2020-10-13 | Nicira, Inc. | Performing context-rich attribute-based process control services on a host |
US10802858B2 (en) | 2016-12-22 | 2020-10-13 | Nicira, Inc. | Collecting and processing contextual attributes on a host |
US10248469B2 (en) | 2017-01-19 | 2019-04-02 | International Business Machines Corporation | Software based collection of performance metrics for allocation adjustment of virtual resources |
EP3361406A1 (en) * | 2017-02-08 | 2018-08-15 | AO Kaspersky Lab | System and method of analysis of files for maliciousness in a virtual machine |
RU2651196C1 (ru) | 2017-06-16 | 2018-04-18 | Акционерное общество "Лаборатория Касперского" | Способ обнаружения аномальных событий по популярности свертки события |
US10503904B1 (en) | 2017-06-29 | 2019-12-10 | Fireeye, Inc. | Ransomware detection and mitigation |
US10546120B2 (en) * | 2017-09-25 | 2020-01-28 | AO Kaspersky Lab | System and method of forming a log in a virtual machine for conducting an antivirus scan of a file |
US10797966B2 (en) * | 2017-10-29 | 2020-10-06 | Nicira, Inc. | Service operation chaining |
KR102505996B1 (ko) * | 2017-11-08 | 2023-03-08 | 한국전자통신연구원 | 가상 머신 프로세서의 원격 처리 장치 및 방법 |
US11012420B2 (en) | 2017-11-15 | 2021-05-18 | Nicira, Inc. | Third-party service chaining using packet encapsulation in a flow-based forwarding element |
US10778651B2 (en) | 2017-11-15 | 2020-09-15 | Nicira, Inc. | Performing context-rich attribute-based encryption on a host |
US10659252B2 (en) | 2018-01-26 | 2020-05-19 | Nicira, Inc | Specifying and utilizing paths through a network |
US10802893B2 (en) | 2018-01-26 | 2020-10-13 | Nicira, Inc. | Performing process control services on endpoint machines |
US10797910B2 (en) | 2018-01-26 | 2020-10-06 | Nicira, Inc. | Specifying and utilizing paths through a network |
US10862773B2 (en) * | 2018-01-26 | 2020-12-08 | Nicira, Inc. | Performing services on data messages associated with endpoint machines |
US10728174B2 (en) | 2018-03-27 | 2020-07-28 | Nicira, Inc. | Incorporating layer 2 service between two interfaces of gateway device |
US10805192B2 (en) | 2018-03-27 | 2020-10-13 | Nicira, Inc. | Detecting failure of layer 2 service using broadcast messages |
US10944673B2 (en) | 2018-09-02 | 2021-03-09 | Vmware, Inc. | Redirection of data messages at logical network gateway |
US11595250B2 (en) | 2018-09-02 | 2023-02-28 | Vmware, Inc. | Service insertion at logical network gateway |
CN109684148B (zh) * | 2018-11-08 | 2022-03-15 | 中国航空工业集团公司洛阳电光设备研究所 | 一种基于arinc653的机载嵌入式软件虚拟总线通信构建方法 |
US11360796B2 (en) | 2019-02-22 | 2022-06-14 | Vmware, Inc. | Distributed forwarding for performing service chain operations |
US11537581B2 (en) * | 2019-03-22 | 2022-12-27 | Hewlett Packard Enterprise Development Lp | Co-parent keys for document information trees |
US11140218B2 (en) | 2019-10-30 | 2021-10-05 | Vmware, Inc. | Distributed service chain across multiple clouds |
US11283717B2 (en) | 2019-10-30 | 2022-03-22 | Vmware, Inc. | Distributed fault tolerant service chain |
US11539718B2 (en) | 2020-01-10 | 2022-12-27 | Vmware, Inc. | Efficiently performing intrusion detection |
US11223494B2 (en) | 2020-01-13 | 2022-01-11 | Vmware, Inc. | Service insertion for multicast traffic at boundary |
US11153406B2 (en) | 2020-01-20 | 2021-10-19 | Vmware, Inc. | Method of network performance visualization of service function chains |
US11659061B2 (en) | 2020-01-20 | 2023-05-23 | Vmware, Inc. | Method of adjusting service function chains to improve network performance |
US11438257B2 (en) | 2020-04-06 | 2022-09-06 | Vmware, Inc. | Generating forward and reverse direction connection-tracking records for service paths at a network edge |
US11108728B1 (en) | 2020-07-24 | 2021-08-31 | Vmware, Inc. | Fast distribution of port identifiers for rule processing |
US11611625B2 (en) | 2020-12-15 | 2023-03-21 | Vmware, Inc. | Providing stateful services in a scalable manner for machines executing on host computers |
US11734043B2 (en) | 2020-12-15 | 2023-08-22 | Vmware, Inc. | Providing stateful services in a scalable manner for machines executing on host computers |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH02201543A (ja) * | 1989-01-30 | 1990-08-09 | Nec Corp | 仮想計算機特権命令処理方式 |
JP2006178936A (ja) * | 2004-12-21 | 2006-07-06 | Microsoft Corp | 仮想マシンまたは強化オペレーティングシステムなどにおけるコンピュータのセキュリティ管理 |
US20090241109A1 (en) * | 2008-03-24 | 2009-09-24 | International Business Machines Corporation | Context Agent Injection Using Virtual Machine Introspection |
JP2009253811A (ja) * | 2008-04-09 | 2009-10-29 | Nec Corp | 端末装置、ネットワーク接続方法及びプログラム |
Family Cites Families (69)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6075938A (en) | 1997-06-10 | 2000-06-13 | The Board Of Trustees Of The Leland Stanford Junior University | Virtual machine monitors for scalable multiprocessors |
US6073142A (en) | 1997-06-23 | 2000-06-06 | Park City Group | Automated post office based rule analysis of e-mail messages and other data objects for controlled distribution in network environments |
US6378072B1 (en) | 1998-02-03 | 2002-04-23 | Compaq Computer Corporation | Cryptographic system |
US5987610A (en) | 1998-02-12 | 1999-11-16 | Ameritech Corporation | Computer virus screening methods and systems |
US6363421B2 (en) | 1998-05-31 | 2002-03-26 | Lucent Technologies, Inc. | Method for computer internet remote management of a telecommunication network element |
US6684329B1 (en) | 1999-07-13 | 2004-01-27 | Networks Associates Technology, Inc. | System and method for increasing the resiliency of firewall systems |
US6460050B1 (en) | 1999-12-22 | 2002-10-01 | Mark Raymond Pace | Distributed content identification system |
FR2804564B1 (fr) | 2000-01-27 | 2002-03-22 | Bull Sa | Relais de securite multiapplicatif |
AU2001243365A1 (en) | 2000-03-02 | 2001-09-12 | Alarity Corporation | System and method for process protection |
US6901519B1 (en) | 2000-06-22 | 2005-05-31 | Infobahn, Inc. | E-mail virus protection system and method |
US6986052B1 (en) | 2000-06-30 | 2006-01-10 | Intel Corporation | Method and apparatus for secure execution using a secure memory partition |
US6691113B1 (en) | 2000-09-28 | 2004-02-10 | Curl Corporation | Persistent data storage for client computer software programs |
US7660902B2 (en) | 2000-11-20 | 2010-02-09 | Rsa Security, Inc. | Dynamic file access control and management |
JP3953273B2 (ja) | 2000-12-27 | 2007-08-08 | 独立行政法人科学技術振興機構 | 大豆繊維体及びその製造方法 |
US20040117658A1 (en) | 2002-09-27 | 2004-06-17 | Andrea Klaes | Security monitoring and intrusion detection system |
US7181744B2 (en) | 2002-10-24 | 2007-02-20 | International Business Machines Corporation | System and method for transferring data between virtual machines or other computer entities |
US20040158730A1 (en) | 2003-02-11 | 2004-08-12 | International Business Machines Corporation | Running anti-virus software on a network attached storage device |
US8209680B1 (en) | 2003-04-11 | 2012-06-26 | Vmware, Inc. | System and method for disk imaging on diverse computers |
US7100205B2 (en) | 2003-10-22 | 2006-08-29 | The United States Of America As Represented By The Secretary Of The Navy | Secure attention instruction central processing unit and system architecture |
US8122361B2 (en) | 2003-10-23 | 2012-02-21 | Microsoft Corporation | Providing a graphical user interface in a system with a high-assurance execution environment |
US7783891B2 (en) | 2004-02-25 | 2010-08-24 | Microsoft Corporation | System and method facilitating secure credential management |
US7581253B2 (en) | 2004-07-20 | 2009-08-25 | Lenovo (Singapore) Pte. Ltd. | Secure storage tracking for anti-virus speed-up |
US7644287B2 (en) | 2004-07-29 | 2010-01-05 | Microsoft Corporation | Portion-level in-memory module authentication |
US8332653B2 (en) | 2004-10-22 | 2012-12-11 | Broadcom Corporation | Secure processing environment |
US20060089984A1 (en) * | 2004-10-22 | 2006-04-27 | International Business Machines Corporation | Process and implementation for autonomous probe enablement |
ITMI20050063A1 (it) * | 2005-01-20 | 2006-07-21 | Atmel Corp | Metodo e sistema per la gestione di una richiesta di sospensione in una memoria flash |
US7685635B2 (en) | 2005-03-11 | 2010-03-23 | Microsoft Corporation | Systems and methods for multi-level intercept processing in a virtual machine environment |
US8619971B2 (en) | 2005-04-01 | 2013-12-31 | Microsoft Corporation | Local secure service partitions for operating system security |
US7735136B2 (en) | 2005-04-18 | 2010-06-08 | Vmware, Inc. | 0-touch and 1-touch techniques for improving the availability of computer programs under protection without compromising security |
US7239166B2 (en) | 2005-06-15 | 2007-07-03 | Microsoft Corporation | Portable multi-purpose toolkit for testing computing device hardware and software |
US8713667B2 (en) | 2005-07-08 | 2014-04-29 | Hewlett-Packard Development Company, L.P. | Policy based cryptographic application programming interface in secure memory |
US20070074192A1 (en) | 2005-08-30 | 2007-03-29 | Geisinger Nile J | Computing platform having transparent access to resources of a host platform |
US20070106986A1 (en) | 2005-10-25 | 2007-05-10 | Worley William S Jr | Secure virtual-machine monitor |
US7496727B1 (en) | 2005-12-06 | 2009-02-24 | Transmeta Corporation | Secure memory access system and method |
US20070180509A1 (en) | 2005-12-07 | 2007-08-02 | Swartz Alon R | Practical platform for high risk applications |
US8321859B2 (en) | 2005-12-22 | 2012-11-27 | Alan Joshua Shapiro | Method and apparatus for dispensing on a data-storage medium customized content comprising selected assets |
US7845009B2 (en) | 2006-05-16 | 2010-11-30 | Intel Corporation | Method and apparatus to detect kernel mode rootkit events through virtualization traps |
US20080016314A1 (en) | 2006-07-12 | 2008-01-17 | Lixin Li | Diversity-based security system and method |
US9003000B2 (en) | 2006-07-25 | 2015-04-07 | Nvidia Corporation | System and method for operating system installation on a diskless computing platform |
US8458695B2 (en) | 2006-10-17 | 2013-06-04 | Manageiq, Inc. | Automatic optimization for virtual systems |
US8949826B2 (en) | 2006-10-17 | 2015-02-03 | Managelq, Inc. | Control and management of virtual systems |
US8234641B2 (en) | 2006-10-17 | 2012-07-31 | Managelq, Inc. | Compliance-based adaptations in managed virtual systems |
US9038062B2 (en) | 2006-10-17 | 2015-05-19 | Manageiq, Inc. | Registering and accessing virtual systems for use in a managed system |
US9015703B2 (en) | 2006-10-17 | 2015-04-21 | Manageiq, Inc. | Enforcement of compliance policies in managed virtual systems |
US8356361B2 (en) | 2006-11-07 | 2013-01-15 | Spansion Llc | Secure co-processing memory controller integrated into an embedded memory subsystem |
US8380987B2 (en) * | 2007-01-25 | 2013-02-19 | Microsoft Corporation | Protection agents and privilege modes |
US8561204B1 (en) | 2007-02-12 | 2013-10-15 | Gregory William Dalcher | System, method, and computer program product for utilizing code stored in a protected area of memory for securing an associated system |
US8171485B2 (en) | 2007-03-26 | 2012-05-01 | Credit Suisse Securities (Europe) Limited | Method and system for managing virtual and real machines |
US8024790B2 (en) | 2007-04-11 | 2011-09-20 | Trend Micro Incorporated | Portable secured computing environment for performing online confidential transactions in untrusted computers |
US20080271019A1 (en) | 2007-04-24 | 2008-10-30 | Stratton Robert J | System and Method for Creating a Virtual Assurance System |
US8806479B2 (en) | 2007-06-05 | 2014-08-12 | International Business Machines Corporation | Creating an application virtual machine image by isolating installation artifacts in shadow area |
US20090007100A1 (en) * | 2007-06-28 | 2009-01-01 | Microsoft Corporation | Suspending a Running Operating System to Enable Security Scanning |
US8205194B2 (en) | 2007-06-29 | 2012-06-19 | Microsoft Corporation | Updating offline virtual machines or VM images |
US8621610B2 (en) | 2007-08-06 | 2013-12-31 | The Regents Of The University Of Michigan | Network service for the detection, analysis and quarantine of malicious and unwanted files |
US9459984B2 (en) | 2007-10-29 | 2016-10-04 | Intel Corporation | Method and systems for external performance monitoring for virtualized environments |
US8352939B1 (en) | 2007-12-03 | 2013-01-08 | Mcafee, Inc. | System, method and computer program product for performing a security or maintenance operation in association with virtual disk data |
US7797748B2 (en) * | 2007-12-12 | 2010-09-14 | Vmware, Inc. | On-access anti-virus mechanism for virtual machine architecture |
US8261254B2 (en) * | 2008-03-31 | 2012-09-04 | Symantec Corporation | Dynamic insertion and removal of virtual software sub-layers |
WO2009151888A2 (en) * | 2008-05-19 | 2009-12-17 | Authentium, Inc. | Secure virtualization system software |
US8151032B2 (en) | 2008-06-26 | 2012-04-03 | Microsoft Corporation | Direct memory access filter for virtualized operating systems |
US8738932B2 (en) | 2009-01-16 | 2014-05-27 | Teleputers, Llc | System and method for processor-based security |
US8356285B2 (en) * | 2009-03-31 | 2013-01-15 | Oracle America, Inc. | Facilitated introspection of virtualized environments |
US8219990B2 (en) | 2009-05-28 | 2012-07-10 | Novell, Inc. | Techniques for managing virtual machine (VM) states |
US8813069B2 (en) | 2009-05-29 | 2014-08-19 | Red Hat, Inc. | Migration of functionalities across systems |
US8621460B2 (en) | 2009-11-02 | 2013-12-31 | International Business Machines Corporation | Endpoint-hosted hypervisor management |
US8528091B2 (en) | 2009-12-31 | 2013-09-03 | The Trustees Of Columbia University In The City Of New York | Methods, systems, and media for detecting covert malware |
US8549648B2 (en) * | 2011-03-29 | 2013-10-01 | Mcafee, Inc. | Systems and methods for identifying hidden processes |
US9298910B2 (en) | 2011-06-08 | 2016-03-29 | Mcafee, Inc. | System and method for virtual partition monitoring |
US9311126B2 (en) | 2011-07-27 | 2016-04-12 | Mcafee, Inc. | System and method for virtual partition monitoring |
-
2011
- 2011-06-08 US US13/155,572 patent/US9298910B2/en not_active Expired - Fee Related
-
2012
- 2012-06-07 EP EP12796800.6A patent/EP2718867A4/en not_active Withdrawn
- 2012-06-07 WO PCT/US2012/041384 patent/WO2012170709A2/en active Application Filing
- 2012-06-07 CN CN201280028185.6A patent/CN103827882B/zh active Active
- 2012-06-07 KR KR1020137033671A patent/KR101626398B1/ko active IP Right Grant
- 2012-06-07 JP JP2014514848A patent/JP5861228B2/ja active Active
-
2016
- 2016-03-28 US US15/082,060 patent/US10032024B2/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH02201543A (ja) * | 1989-01-30 | 1990-08-09 | Nec Corp | 仮想計算機特権命令処理方式 |
JP2006178936A (ja) * | 2004-12-21 | 2006-07-06 | Microsoft Corp | 仮想マシンまたは強化オペレーティングシステムなどにおけるコンピュータのセキュリティ管理 |
US20090241109A1 (en) * | 2008-03-24 | 2009-09-24 | International Business Machines Corporation | Context Agent Injection Using Virtual Machine Introspection |
JP2009253811A (ja) * | 2008-04-09 | 2009-10-29 | Nec Corp | 端末装置、ネットワーク接続方法及びプログラム |
Non-Patent Citations (3)
Title |
---|
CSNG200700826004; 尾上 浩一: '仮想マシンモニタによる仮想マシン内プロセスの制御' 情報処理学会研究報告 Vol.2007 No.83 , 20070803, 31〜38頁, 社団法人 情報処理学会 * |
JPN6014039639; 尾上 浩一: '仮想マシンモニタによる仮想マシン内プロセスの制御' 情報処理学会研究報告 Vol.2007 No.83 , 20070803, 31〜38頁, 社団法人 情報処理学会 * |
JPN6015021594; Payne, B.D.: 'Lares: An Architecture for Secure Active Monitoring Using Virtualization' [online] [retrieved on 2015-05-26], 200805, p.223-247, IEEE * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2017102823A (ja) * | 2015-12-04 | 2017-06-08 | 日本電信電話株式会社 | 解析装置、解析方法および解析プログラム |
JP2017111794A (ja) * | 2015-12-18 | 2017-06-22 | エーオー カスペルスキー ラボAO Kaspersky Lab | 障害のあるユーザのためのapiを使用したデータへのアクセスを制御するためのシステムおよび方法 |
JP2018538633A (ja) * | 2015-12-19 | 2018-12-27 | ビットディフェンダー アイピーアール マネジメント リミテッド | 複数のネットワークエンドポイントをセキュアにするためのデュアルメモリイントロスペクション |
JP2018129019A (ja) * | 2017-02-08 | 2018-08-16 | エーオー カスペルスキー ラボAO Kaspersky Lab | 仮想マシンにおける悪意のあるファイルを分析するシステム及び方法 |
JP2022104878A (ja) * | 2020-12-30 | 2022-07-12 | アクロニス・インターナショナル・ゲーエムベーハー | ソフトウェアへの悪意あるプロセスの注入を防止するためのシステムおよび方法 |
JP7353346B2 (ja) | 2020-12-30 | 2023-09-29 | アクロニス・インターナショナル・ゲーエムベーハー | ソフトウェアへの悪意あるプロセスの注入を防止するためのシステムおよび方法 |
Also Published As
Publication number | Publication date |
---|---|
EP2718867A4 (en) | 2014-11-05 |
JP5861228B2 (ja) | 2016-02-16 |
CN103827882A (zh) | 2014-05-28 |
WO2012170709A3 (en) | 2013-01-31 |
EP2718867A2 (en) | 2014-04-16 |
US20120317570A1 (en) | 2012-12-13 |
KR101626398B1 (ko) | 2016-06-01 |
US10032024B2 (en) | 2018-07-24 |
WO2012170709A2 (en) | 2012-12-13 |
CN103827882B (zh) | 2017-03-29 |
KR20140031947A (ko) | 2014-03-13 |
US20160224792A1 (en) | 2016-08-04 |
US9298910B2 (en) | 2016-03-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5861228B2 (ja) | 仮想パーティションを監視するためのシステム、装置、プログラムおよび方法 | |
US10489187B2 (en) | Systems and methods for auditing a virtual machine | |
US9465652B1 (en) | Hardware-based mechanisms for updating computer systems | |
US8893222B2 (en) | Security system and method for the android operating system | |
CN107690645B (zh) | 使用解释器虚拟机的行为恶意软件检测 | |
JP6063941B2 (ja) | システム管理要求のための仮想高特権モード | |
US8117435B2 (en) | Method and system for secured dynamic bios update | |
CN110622138B (zh) | 一种数据迁移方法及装置 | |
US8707417B1 (en) | Driver domain as security monitor in virtualization environment | |
US9298484B2 (en) | Encapsulation of an application for virtualization | |
US10140448B2 (en) | Systems and methods of asynchronous analysis of event notifications for computer security applications | |
US9596261B1 (en) | Systems and methods for delivering context-specific introspection notifications | |
US9536084B1 (en) | Systems and methods for delivering event-filtered introspection notifications | |
US11442770B2 (en) | Formally verified trusted computing base with active security and policy enforcement | |
US9864708B2 (en) | Safely discovering secure monitors and hypervisor implementations in systems operable at multiple hierarchical privilege levels | |
US9535772B2 (en) | Creating a communication channel between different privilege levels using wait-for-event instruction in systems operable at multiple levels hierarchical privilege levels | |
US9531735B1 (en) | Systems and methods for delivering introspection notifications from a virtual machine | |
US11995452B2 (en) | Firmware memory map namespace for concurrent containers | |
US20230025126A1 (en) | Virtualization layer assisted upgrading of in-guest agents | |
US20230146526A1 (en) | Firmware memory map namespace for concurrent containers |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A621 | Written request for application examination |
Free format text: JAPANESE INTERMEDIATE CODE: A621 Effective date: 20131210 |
|
A977 | Report on retrieval |
Free format text: JAPANESE INTERMEDIATE CODE: A971007 Effective date: 20140910 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20140924 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20141224 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20150602 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20150827 |
|
TRDD | Decision of grant or rejection written | ||
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20151124 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20151203 |
|
R150 | Certificate of patent or registration of utility model |
Ref document number: 5861228 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
S533 | Written request for registration of change of name |
Free format text: JAPANESE INTERMEDIATE CODE: R313533 |
|
R350 | Written notification of registration of transfer |
Free format text: JAPANESE INTERMEDIATE CODE: R350 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |