JP5763278B2 - ハイパーバイザ環境におけるクリティカル・アドレス空間保護のためのシステム及び方法 - Google Patents
ハイパーバイザ環境におけるクリティカル・アドレス空間保護のためのシステム及び方法 Download PDFInfo
- Publication number
- JP5763278B2 JP5763278B2 JP2014535730A JP2014535730A JP5763278B2 JP 5763278 B2 JP5763278 B2 JP 5763278B2 JP 2014535730 A JP2014535730 A JP 2014535730A JP 2014535730 A JP2014535730 A JP 2014535730A JP 5763278 B2 JP5763278 B2 JP 5763278B2
- Authority
- JP
- Japan
- Prior art keywords
- guest
- access
- hypervisor
- cas
- page
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1458—Protection against unauthorised use of memory or access to memory by checking the subject access rights
- G06F12/1466—Key-lock mechanism
- G06F12/1475—Key-lock mechanism in a virtual system, e.g. with translation means
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1408—Protection against unauthorised use of memory or access to memory by using cryptography
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1416—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
- G06F12/145—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being virtual, e.g. for virtual blocks or segments before a translation mechanism
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1458—Protection against unauthorised use of memory or access to memory by checking the subject access rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1458—Protection against unauthorised use of memory or access to memory by checking the subject access rights
- G06F12/1491—Protection against unauthorised use of memory or access to memory by checking the subject access rights in a hierarchical protection system, e.g. privilege levels, memory rings
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
Description
一実施形態におけるシステム及び方法は、ハイパーバイザ環境においてアドレス空間レイアウトのランダム化(ASLR:address space layout randomization)を実装するゲスト・オペレーティング・システム(OS)のクリティカル・アドレス空間(CAS:critical address space)へのアクセス試行を検出し、このアクセスを試みるプロセスを識別し、少なくとも1つのアクションが許可されていない場合に、この少なくとも1つのアクションを取るモジュールを含む。このアクションは、ハイパーバイザの管理コンソールにアクセスを報告することと、ゲストOSに推奨を提供することと、ゲストOS内で自動的にアクションを取ることとのうちの1つ又は複数としてよい。ハイパーバイザの管理コンソールにアクセスを報告することは、ゲストOSのステータスに感染済み(infected)というフラグを立てることを含む。ゲストOSに推奨を提供することは、プロセスがセキュリティ・ツールによってスキャンされ、ホワイトリストに載せられるまで、プロセスをブラックリストに載せるようを推奨すること、及び/又はプロセス上でウイルス対策を実行することを含む。ゲストOS内でアクションを取ることは、ゲストOS内でウイルス対策プログラムを実行すること、及び/又はオフライン・スキャンのためにゲストOSをシャットダウンするか若しくはゲストOSの状態を保存することを含む。
<例示的な実施形態>
図1は、ハイパーバイザ環境におけるクリティカル・アドレス空間保護のためのシステム10の例示的な実装形態を示す簡略化したブロック図である。本明細書で使用されるとき、「ハイパーバイザ」は、「ゲストOS」と呼ばれる1つ又は複数のオペレーティング・システム(OS)をホスト・デバイス(例えばコンピュータ)上で同時に実行することを可能にするハードウェア仮想化エンティティである。例示的な一実施形態において、ハイパーバイザは、ホスト・デバイスのハードウェア上で直接実行されて、ハードウェアを制御し、ゲストOSを管理することができる。代替的な実施形態では、ハイパーバイザは、(Linux(登録商標) OSのような)従来のOS環境内において、高レベルで実行される1つ又は複数のゲストOSをサポートするソフトウェア・レイヤとして実行することができる。仮想化により、ゲストOSは、ホスト・デバイスの物理的特性及び挙動が複製される、分離した仮想環境(典型的に仮想マシン又はゲストと呼ばれる)上で変更されずに実行されることが可能になる。より具体的には、ゲストは、仮想ハードウェア(プロセッサ、メモリ、ディスク、ネットワーク・インタフェース等)が装備された、分離した仮想環境を表す可能性がある。図1に示される実施形態によれば、システム10は、仮想化環境をゲスト14に提供するハイパーバイザ12を備える。本開示の広範な範囲内において、任意の数のゲストがハイパーバイザ12上でホストされることがある。説明を簡単にするために、図1では、単一のゲストが代表として図示されている。
Claims (25)
- ハイパーバイザを備えるハイパーバイザ環境において、ゲスト・オペレーティング・システム(OS)のクリティカル・アドレス空間(CAS)へのアクセスの試みを検出するステップであって、アドレス空間レイアウトのランダム化(ASLR)が前記ゲストOSによって実施される、ステップと、
前記アクセスを試みるプロセスを識別するステップと、
前記プロセスが前記CASにアクセスすることを許可されていない場合、アクションを取るステップと
を含む、方法。 - 前記アクセスを試みる前記プロセスを識別する前記のステップが、前記プロセスに対応するCR3レジスタを読み取るステップを含む、請求項1に記載の方法。
- 前記アクションは、
前記ハイパーバイザの管理コンソールに前記アクセスを報告することと、
前記ゲストOSに推奨を提供することと、
前記ゲストOS内でアクションを自動的に取ることと
から選択される、請求項1又は2に記載の方法。 - 前記ハイパーバイザの管理コンソールに前記アクセスを報告することは、前記ゲストOSのステータスに感染済みとフラグを立てることを含む、請求項3に記載の方法。
- 前記ゲストOSに推奨を提供することは、
前記プロセスがセキュリティ・ツールによってスキャンされ、ホワイトリストに載せられるまで、前記プロセスをブラックリストに載せることを推奨することと、
前記プロセス上でウイルス対策を実行することと
のうちの少なくとも1つを含む、請求項3又は4に記載の方法。 - 前記ゲストOS内でアクションを取ることは、
前記ゲストOS内でウイルス対策プログラムを実行することと、
オフライン・スキャンのために、前記ゲストOSをシャットダウンするか前記ゲストOSの状態を保存することと
のうちの少なくとも1つを含む、請求項3乃至5のいずれかに記載の方法。 - 前記プロセスがメモリ要素の書き込み可能エリアから実行されている場合は前記アクセスを拒否することと、
前記プロセスが前記メモリ要素の読み取り専用エリアから実行されている場合は前記アクセスを許可することと
を含む、ポリシーを使用して前記アクセスの試みを検証するステップを更に含む、請求項1乃至6のいずれかに記載の方法。 - 前記CASに対応するマシン・アドレスを識別するステップを更に含み、該マシン・アドレスを識別するステップは、
前記ゲストOS内でページ・フォルトを強制することと、
前記CASに対応するゲスト仮想アドレスからゲスト物理アドレスを解くことと、
前記マシン・アドレスを前記ゲスト物理アドレスにマッピングすることと
を含む、請求項1乃至7のいずれかに記載の方法。 - 前記アクセスの試みを検出する前記のステップが、
前記ハイパーバイザのシャドウ・ページ・テーブル内で前記CASに対応するページについて、ページ・テーブル・エントリ(PTE)を生成するステップと、
前記アクセスの試みの結果としてページ・フォルトが発生するように、前記PTEをマークするステップと
を含む、請求項1乃至7のいずれかに記載の方法。 - 装置であって、
データを記憶するように構成されたメモリ要素と、
前記データに関連する命令を実行するように動作可能なコンピューティング・プロセッサと、
ハイパーバイザと、
ゲストOS内に存在するエージェントであって、
前記ハイパーバイザを備えるハイパーバイザ環境において前記ゲストOSのCASへのアクセスの試みを検出するステップであって、アドレス空間レイアウトのランダム化(ASLR)が前記ゲストOSによって実施される、ステップと、
前記アクセスを試みるプロセスを識別するステップと、
前記プロセスが前記CASにアクセスすることを許可されていない場合、アクションを取るステップと
のために当該装置が構成されるように、ゲストOSに存在するエージェントと
を備える、装置。 - 前記アクセスを試みる前記プロセスを識別する前記のステップが、前記プロセスに対応するCR3レジスタを読み取るステップを含む、請求項10に記載の装置。
- 前記アクションは、
前記ハイパーバイザの管理コンソールに前記アクセスを報告することと、
前記ゲストOSに推奨を提供することと、
前記ゲストOS内で自動的にアクションを取ることと
から選択される、請求項10又は11に記載の装置。 - 前記ハイパーバイザの管理コンソールに前記アクセスを報告することは、前記ゲストOSのステータスに感染済みとフラグを立てることを含む、請求項12に記載の装置。
- 前記ゲストOSに推奨を提供することは、
前記プロセスがセキュリティ・ツールによってスキャンされ、ホワイトリストに載せられるまで、前記プロセスをブラックリストに載せることを推奨することと、
前記プロセス上でウイルス対策を実行することと
のうちの少なくとも1つを含む、請求項12又は13に記載の装置。 - 前記ゲストOS内でアクションを取ることは、
前記ゲストOS内でウイルス対策プログラムを実行することと、
オフライン・スキャンのために、前記ゲストOSをシャットダウンするか前記ゲストOSの状態を保存することと
のうちの少なくとも1つを含む、請求項12乃至14のいずれかに記載の装置。 - 当該装置が、
前記プロセスがメモリ要素の書き込み可能エリアから実行されている場合は前記アクセスを拒否することと、
前記プロセスが前記メモリ要素の読み取り専用エリアから実行されている場合は前記アクセスを許可することと
を含む、ポリシーを使用して前記アクセスの試みを検証するステップのために更に構成される、請求項10乃至15のいずれかに記載の装置。 - 当該装置が、
前記CASに対応するマシン・アドレスを識別するステップのために更に構成され、該識別するステップは、
前記ゲストOS内でページ・フォルトを強制することと、
前記CASに対応するゲスト仮想アドレスからゲスト物理アドレスを解くことと、
前記マシン・アドレスを前記ゲスト物理アドレスにマッピングすることと
を含む、請求項10乃至16のいずれかに記載の装置。 - 前記アクセスの試みを検出する前記のステップが、
前記ハイパーバイザのシャドウ・ページ・テーブル内で前記CASに対応するページについてPTEを生成するステップと、
前記アクセスの試みの結果としてページ・フォルトが発生するように、前記PTEをマークするステップと
を含む、請求項10乃至16のいずれかに記載の装置。 - コンピューティング・デバイスのプロセッサによって実行されるコンピュータ・プログラムであって、前記プロセッサによって実行されると、該プロセッサに、
ハイパーバイザを備えるハイパーバイザ環境においてゲストOSのCASへのアクセスの試みを検出するステップであって、ASLRが前記ゲストOSによって実施される、ステップと、
前記アクセスを試みるプロセスを識別するステップと、
前記プロセスが前記CASにアクセスすることを許可されていない場合、アクションを取るステップと
を含む動作を実行させる、コンピュータ・プログラム。 - 前記アクセスを試みる前記プロセスを識別する前記のステップが、前記プロセスに対応するCR3レジスタを読み取るステップを含む、請求項19に記載のコンピュータ・プログラム。
- 前記アクションは、
前記ハイパーバイザの管理コンソールに前記アクセスを報告することと、
前記ゲストOSに推奨を提供することと、
前記ゲストOS内で自動的にアクションを取ることと
から選択される、請求項19又は20に記載のコンピュータ・プログラム。 - 前記ハイパーバイザの管理コンソールに前記アクセスを報告することは、前記ゲストOSのステータスに感染済みとフラグを立てることを含む、請求項21に記載のコンピュータ・プログラム。
- 前記プロセッサによって実行されると、前記プロセッサに、
前記プロセスがメモリ要素の書き込み可能エリアから実行されている場合は前記アクセスを拒否することと、
前記プロセスが前記メモリ要素の読み取り専用エリアから実行されている場合は前記アクセスを許可することと
を含む動作を更に実行させる、請求項19乃至22のいずれかに記載のコンピュータ・プログラム。 - 前記プロセッサによって実行されると、前記プロセッサに、
前記CASに対応するマシン・アドレスを識別するステップを更に実行させ、該識別するステップは、
前記ゲストOS内でページ・フォルトを強制することと、
前記CASに対応するゲスト仮想アドレスからゲスト物理アドレスを解くことと、
前記マシン・アドレスを前記ゲスト物理アドレスにマッピングすることと
を含む、請求項19乃至23に記載のコンピュータ・プログラム。 - 前記アクセスの試みを検出する前記のステップが、
前記ハイパーバイザのシャドウ・ページ・テーブル内で前記CASに対応するページについてPTEを生成するステップと、
前記アクセスの試みの結果として、ページ・フォルトが発生するように前記PTEをマークするステップと
を含む、請求項19乃至23に記載のコンピュータ・プログラム。
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/271,102 US8694738B2 (en) | 2011-10-11 | 2011-10-11 | System and method for critical address space protection in a hypervisor environment |
US13/271,102 | 2011-10-11 | ||
PCT/US2012/055674 WO2013055502A1 (en) | 2011-10-11 | 2012-09-15 | System and method for critical address space protection in a hypervisor environment |
Publications (2)
Publication Number | Publication Date |
---|---|
JP2014528623A JP2014528623A (ja) | 2014-10-27 |
JP5763278B2 true JP5763278B2 (ja) | 2015-08-12 |
Family
ID=48042866
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2014535730A Active JP5763278B2 (ja) | 2011-10-11 | 2012-09-15 | ハイパーバイザ環境におけるクリティカル・アドレス空間保護のためのシステム及び方法 |
Country Status (5)
Country | Link |
---|---|
US (1) | US8694738B2 (ja) |
EP (1) | EP2766847A4 (ja) |
JP (1) | JP5763278B2 (ja) |
CN (1) | CN103907098B (ja) |
WO (1) | WO2013055502A1 (ja) |
Families Citing this family (74)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7840968B1 (en) | 2003-12-17 | 2010-11-23 | Mcafee, Inc. | Method and system for containment of usage of language interfaces |
US7856661B1 (en) | 2005-07-14 | 2010-12-21 | Mcafee, Inc. | Classification of software on networked systems |
US7757269B1 (en) | 2006-02-02 | 2010-07-13 | Mcafee, Inc. | Enforcing alignment of approved changes and deployed changes in the software change life-cycle |
US7895573B1 (en) | 2006-03-27 | 2011-02-22 | Mcafee, Inc. | Execution environment file inventory |
US8555404B1 (en) | 2006-05-18 | 2013-10-08 | Mcafee, Inc. | Connectivity-based authorization |
US9424154B2 (en) * | 2007-01-10 | 2016-08-23 | Mcafee, Inc. | Method of and system for computer system state checks |
US8332929B1 (en) | 2007-01-10 | 2012-12-11 | Mcafee, Inc. | Method and apparatus for process enforced configuration management |
US8701189B2 (en) | 2008-01-31 | 2014-04-15 | Mcafee, Inc. | Method of and system for computer system denial-of-service protection |
US8615502B2 (en) | 2008-04-18 | 2013-12-24 | Mcafee, Inc. | Method of and system for reverse mapping vnode pointers |
US8381284B2 (en) | 2009-08-21 | 2013-02-19 | Mcafee, Inc. | System and method for enforcing security policies in a virtual environment |
US9552497B2 (en) * | 2009-11-10 | 2017-01-24 | Mcafee, Inc. | System and method for preventing data loss using virtual machine wrapped applications |
US8925101B2 (en) | 2010-07-28 | 2014-12-30 | Mcafee, Inc. | System and method for local protection against malicious software |
US8938800B2 (en) | 2010-07-28 | 2015-01-20 | Mcafee, Inc. | System and method for network level protection against malicious software |
US8549003B1 (en) | 2010-09-12 | 2013-10-01 | Mcafee, Inc. | System and method for clustering host inventories |
KR101701515B1 (ko) * | 2010-11-16 | 2017-02-01 | 삼성전자주식회사 | 메모리 접근 정보를 추적하기 위한 장치 및 방법 |
US9075993B2 (en) | 2011-01-24 | 2015-07-07 | Mcafee, Inc. | System and method for selectively grouping and managing program files |
US9112830B2 (en) | 2011-02-23 | 2015-08-18 | Mcafee, Inc. | System and method for interlocking a host and a gateway |
US9594881B2 (en) | 2011-09-09 | 2017-03-14 | Mcafee, Inc. | System and method for passive threat detection using virtual memory inspection |
US8694738B2 (en) | 2011-10-11 | 2014-04-08 | Mcafee, Inc. | System and method for critical address space protection in a hypervisor environment |
US9069586B2 (en) | 2011-10-13 | 2015-06-30 | Mcafee, Inc. | System and method for kernel rootkit protection in a hypervisor environment |
US8973144B2 (en) | 2011-10-13 | 2015-03-03 | Mcafee, Inc. | System and method for kernel rootkit protection in a hypervisor environment |
US8800024B2 (en) | 2011-10-17 | 2014-08-05 | Mcafee, Inc. | System and method for host-initiated firewall discovery in a network environment |
US8713668B2 (en) | 2011-10-17 | 2014-04-29 | Mcafee, Inc. | System and method for redirected firewall discovery in a network environment |
US9069598B2 (en) | 2012-01-06 | 2015-06-30 | International Business Machines Corporation | Providing logical partions with hardware-thread specific information reflective of exclusive use of a processor core |
US8739272B1 (en) | 2012-04-02 | 2014-05-27 | Mcafee, Inc. | System and method for interlocking a host and a gateway |
RU2510075C2 (ru) * | 2012-04-11 | 2014-03-20 | Открытое Акционерное Общество "Информационные Технологии И Коммуникационные Системы" | Способ обнаружения вредоносного программного обеспечения в ядре операционной системы |
CN102750477B (zh) * | 2012-06-11 | 2014-03-19 | 腾讯科技(深圳)有限公司 | 控制终端关闭的方法和系统 |
US9223962B1 (en) | 2012-07-03 | 2015-12-29 | Bromium, Inc. | Micro-virtual machine forensics and detection |
US10607007B2 (en) | 2012-07-03 | 2020-03-31 | Hewlett-Packard Development Company, L.P. | Micro-virtual machine forensics and detection |
US9275223B2 (en) * | 2012-10-19 | 2016-03-01 | Mcafee, Inc. | Real-time module protection |
US9922192B1 (en) | 2012-12-07 | 2018-03-20 | Bromium, Inc. | Micro-virtual machine forensics and detection |
US8973146B2 (en) | 2012-12-27 | 2015-03-03 | Mcafee, Inc. | Herd based scan avoidance system in a network environment |
US8868908B2 (en) * | 2013-03-08 | 2014-10-21 | Dark Matter Labs, Inc. | Total hypervisor encryptor |
US20140325689A1 (en) * | 2013-04-26 | 2014-10-30 | Tencent Technology (Shenzhen) Company Limited | Shutdown verification method and device |
US9507727B2 (en) | 2013-07-17 | 2016-11-29 | Bitdefender IPR Management Ltd. | Page fault injection in virtual machines |
US9147070B2 (en) * | 2013-08-12 | 2015-09-29 | Cisco Technology, Inc. | Binary translation and randomization system for application security |
WO2015060857A1 (en) | 2013-10-24 | 2015-04-30 | Mcafee, Inc. | Agent assisted malicious application blocking in a network environment |
US10747563B2 (en) * | 2014-03-17 | 2020-08-18 | Vmware, Inc. | Optimizing memory sharing in a virtualized computer system with address space layout randomization (ASLR) enabled in guest operating systems wherein said ASLR is enable during initialization of a virtual machine, in a group, when no other virtual machines are active in said group |
US9760712B2 (en) * | 2014-05-23 | 2017-09-12 | Vmware, Inc. | Application whitelisting using user identification |
US9792222B2 (en) * | 2014-06-27 | 2017-10-17 | Intel Corporation | Validating virtual address translation by virtual machine monitor utilizing address validation structure to validate tentative guest physical address and aborting based on flag in extended page table requiring an expected guest physical address in the address validation structure |
US20160048679A1 (en) | 2014-08-18 | 2016-02-18 | Bitdefender IPR Management Ltd. | Systems And Methods for Exposing A Current Processor Instruction Upon Exiting A Virtual Machine |
US20160077981A1 (en) * | 2014-09-12 | 2016-03-17 | Advanced Micro Devices, Inc. | Method and Apparatus for Efficient User-Level IO in a Virtualized System |
US10311227B2 (en) | 2014-09-30 | 2019-06-04 | Apple Inc. | Obfuscation of an address space layout randomization mapping in a data processing system |
US10311228B2 (en) | 2014-09-30 | 2019-06-04 | Apple Inc. | Using a fine-grained address space layout randomization to mitigate potential security exploits |
EP3123311B8 (en) | 2014-11-17 | 2021-03-03 | Morphisec Information Security 2014 Ltd | Malicious code protection for computer systems based on process modification |
US9659170B2 (en) * | 2015-01-02 | 2017-05-23 | Senteon LLC | Securing data on untrusted devices |
US9189630B1 (en) | 2015-01-21 | 2015-11-17 | AO Kaspersky Lab | Systems and methods for active operating system kernel protection |
JP6645011B2 (ja) * | 2015-01-27 | 2020-02-12 | 日本電気株式会社 | 仮想化システム、サーバ、端末、仮想化方法、及びそのためのプログラム |
EP3281104B1 (en) * | 2015-04-07 | 2024-01-24 | Runsafe Security, Inc. | System and method of obfuscation through binary and memory diversity |
US9727359B2 (en) * | 2015-04-27 | 2017-08-08 | Red Hat Israel, Ltd. | Virtual machine function based sub-page base address register access for peripheral component interconnect device assignment |
US9710393B2 (en) * | 2015-06-25 | 2017-07-18 | Intel Corporation | Dynamic page table edit control |
US10075296B2 (en) * | 2015-07-02 | 2018-09-11 | Intel Corporation | Loading and virtualizing cryptographic keys |
DE102015223335A1 (de) * | 2015-11-25 | 2017-06-01 | Robert Bosch Gmbh | Verfahren zum Betreiben eines Mikrocontrollers |
US10191858B2 (en) | 2015-11-25 | 2019-01-29 | Red Hat Israel, Ltd. | Virtual machine memory lock-down |
EP3230919B1 (en) | 2016-02-11 | 2023-04-12 | Morphisec Information Security 2014 Ltd | Automated classification of exploits based on runtime environmental features |
US10013554B2 (en) | 2016-03-31 | 2018-07-03 | Qualcomm Incorporated | Time varying address space layout randomization |
US10019583B2 (en) * | 2016-04-01 | 2018-07-10 | Samsung Electronics Co., Ltd. | Method and apparatus for performing protected walk-based shadow paging using multiple stages of page tables |
GB2549511B (en) | 2016-04-20 | 2019-02-13 | Advanced Risc Mach Ltd | An apparatus and method for performing operations on capability metadata |
US10621340B2 (en) * | 2016-09-01 | 2020-04-14 | Intel Corporation | Hybrid hypervisor-assisted security model |
US10043013B1 (en) * | 2016-09-09 | 2018-08-07 | Symantec Corporation | Systems and methods for detecting gadgets on computing devices |
US10049214B2 (en) * | 2016-09-13 | 2018-08-14 | Symantec Corporation | Systems and methods for detecting malicious processes on computing devices |
US10228963B2 (en) | 2016-12-19 | 2019-03-12 | Red Hat, Inc. | Efficient hypervisor reporting |
US10489308B2 (en) * | 2017-06-29 | 2019-11-26 | Intel Corporation | Mitigating attacks on kernel address space layout randomization |
US11188367B2 (en) * | 2017-08-21 | 2021-11-30 | Nicira Inc. | Guest operating system physical memory page protection using hypervisor |
US10740190B2 (en) * | 2017-09-15 | 2020-08-11 | Iron Mountain Incorporated | Secure data protection and recovery |
US11210222B2 (en) * | 2018-01-23 | 2021-12-28 | Vmware, Inc. | Non-unified cache coherency maintenance for virtual machines |
CN108830078B (zh) * | 2018-05-09 | 2022-04-19 | 中国船舶重工集团公司第七一四研究所 | 一种针对工控设备的恶意代码发现方法 |
US11150929B2 (en) | 2018-05-29 | 2021-10-19 | Red Hat, Inc. | Enhanced memory management for virtual machines |
KR102186221B1 (ko) * | 2018-11-29 | 2020-12-03 | 한국전자통신연구원 | 하드웨어 기반의 임베디드 시스템의 주소 공간 레이아웃 랜덤화 방법 및 이를 위한 장치 |
US11061829B2 (en) * | 2019-04-09 | 2021-07-13 | Red Hat, Inc. | Prefetch support with address space randomization |
CN110430209B (zh) * | 2019-08-13 | 2021-12-14 | 中科天御(苏州)科技有限公司 | 一种基于动态多样化的工控系统安全防御方法及装置 |
US11573910B2 (en) | 2019-08-22 | 2023-02-07 | Intel Corporation | Apparatus, system and method to define memory information leak zones in a computing system |
KR20220007300A (ko) * | 2020-07-10 | 2022-01-18 | 에스케이하이닉스 주식회사 | 메모리 시스템 및 메모리 시스템의 동작방법 |
US11947465B2 (en) * | 2020-10-13 | 2024-04-02 | International Business Machines Corporation | Buffer overflow trapping |
Family Cites Families (236)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4982430A (en) | 1985-04-24 | 1991-01-01 | General Instrument Corporation | Bootstrap channel security arrangement for communication network |
US4688169A (en) | 1985-05-30 | 1987-08-18 | Joshi Bhagirath S | Computer software security system |
US5155847A (en) | 1988-08-03 | 1992-10-13 | Minicom Data Corporation | Method and apparatus for updating software at remote locations |
US5560008A (en) | 1989-05-15 | 1996-09-24 | International Business Machines Corporation | Remote authentication and authorization in a distributed data processing system |
CA2010591C (en) | 1989-10-20 | 1999-01-26 | Phillip M. Adams | Kernels, description tables and device drivers |
US5222134A (en) | 1990-11-07 | 1993-06-22 | Tau Systems Corporation | Secure system for activating personal computer software at remote locations |
US5390314A (en) | 1992-10-09 | 1995-02-14 | American Airlines, Inc. | Method and apparatus for developing scripts that access mainframe resources that can be executed on various computer systems having different interface languages without modification |
US5339261A (en) | 1992-10-22 | 1994-08-16 | Base 10 Systems, Inc. | System for operating application software in a safety critical environment |
US5584009A (en) | 1993-10-18 | 1996-12-10 | Cyrix Corporation | System and method of retiring store data from a write buffer |
JP3042341B2 (ja) | 1994-11-30 | 2000-05-15 | 日本電気株式会社 | クラスタ結合型マルチプロセッサシステムにおけるローカル入出力制御方法 |
US6282712B1 (en) | 1995-03-10 | 2001-08-28 | Microsoft Corporation | Automatic software installation on heterogeneous networked computer systems |
US5699513A (en) | 1995-03-31 | 1997-12-16 | Motorola, Inc. | Method for secure network access via message intercept |
US5787427A (en) | 1996-01-03 | 1998-07-28 | International Business Machines Corporation | Information handling system, method, and article of manufacture for efficient object security processing by grouping objects sharing common control access policies |
US5842017A (en) | 1996-01-29 | 1998-11-24 | Digital Equipment Corporation | Method and apparatus for forming a translation unit |
US5907709A (en) | 1996-02-08 | 1999-05-25 | Inprise Corporation | Development system with methods for detecting invalid use and management of resources and memory at runtime |
US5907708A (en) | 1996-06-03 | 1999-05-25 | Sun Microsystems, Inc. | System and method for facilitating avoidance of an exception of a predetermined type in a digital computer system by providing fix-up code for an instruction in response to detection of an exception condition resulting from execution thereof |
US5787177A (en) | 1996-08-01 | 1998-07-28 | Harris Corporation | Integrated network security access control system |
US5926832A (en) | 1996-09-26 | 1999-07-20 | Transmeta Corporation | Method and apparatus for aliasing memory data in an advanced microprocessor |
US5991881A (en) | 1996-11-08 | 1999-11-23 | Harris Corporation | Network surveillance system |
US5987611A (en) | 1996-12-31 | 1999-11-16 | Zone Labs, Inc. | System and methodology for managing internet access on a per application basis for client computers connected to the internet |
US6141698A (en) | 1997-01-29 | 2000-10-31 | Network Commerce Inc. | Method and system for injecting new code into existing application code |
US6587877B1 (en) | 1997-03-25 | 2003-07-01 | Lucent Technologies Inc. | Management of time and expense when communicating between a host and a communication network |
US6192475B1 (en) | 1997-03-31 | 2001-02-20 | David R. Wallace | System and method for cloaking software |
US6167522A (en) | 1997-04-01 | 2000-12-26 | Sun Microsystems, Inc. | Method and apparatus for providing security for servers executing application programs received via a network |
US6356957B2 (en) | 1997-04-03 | 2002-03-12 | Hewlett-Packard Company | Method for emulating native object oriented foundation classes on a target object oriented programming system using a template library |
US6073142A (en) | 1997-06-23 | 2000-06-06 | Park City Group | Automated post office based rule analysis of e-mail messages and other data objects for controlled distribution in network environments |
US6275938B1 (en) | 1997-08-28 | 2001-08-14 | Microsoft Corporation | Security enhancement for untrusted executable code |
US6192401B1 (en) | 1997-10-21 | 2001-02-20 | Sun Microsystems, Inc. | System and method for determining cluster membership in a heterogeneous distributed system |
US6393465B2 (en) | 1997-11-25 | 2002-05-21 | Nixmail Corporation | Junk electronic mail detector and eliminator |
US5987610A (en) | 1998-02-12 | 1999-11-16 | Ameritech Corporation | Computer virus screening methods and systems |
US6795966B1 (en) | 1998-05-15 | 2004-09-21 | Vmware, Inc. | Mechanism for restoring, porting, replicating and checkpointing computer systems using state extraction |
US6442686B1 (en) | 1998-07-02 | 2002-08-27 | Networks Associates Technology, Inc. | System and methodology for messaging server-based management and enforcement of crypto policies |
US6338149B1 (en) | 1998-07-31 | 2002-01-08 | Westinghouse Electric Company Llc | Change monitoring system for a computer system |
US6546425B1 (en) | 1998-10-09 | 2003-04-08 | Netmotion Wireless, Inc. | Method and apparatus for providing mobile and other intermittent connectivity in a computing environment |
JP3753873B2 (ja) | 1998-11-11 | 2006-03-08 | 株式会社島津製作所 | 分光光度計 |
US6969352B2 (en) | 1999-06-22 | 2005-11-29 | Teratech Corporation | Ultrasound probe with integrated electronics |
US6453468B1 (en) | 1999-06-30 | 2002-09-17 | B-Hub, Inc. | Methods for improving reliability while upgrading software programs in a clustered computer system |
US6567857B1 (en) | 1999-07-29 | 2003-05-20 | Sun Microsystems, Inc. | Method and apparatus for dynamic proxy insertion in network traffic flow |
US6256773B1 (en) | 1999-08-31 | 2001-07-03 | Accenture Llp | System, method and article of manufacture for configuration management in a development architecture framework |
US6990591B1 (en) | 1999-11-18 | 2006-01-24 | Secureworks, Inc. | Method and system for remotely configuring and monitoring a communication device |
US6321267B1 (en) | 1999-11-23 | 2001-11-20 | Escom Corporation | Method and apparatus for filtering junk email |
US6662219B1 (en) | 1999-12-15 | 2003-12-09 | Microsoft Corporation | System for determining at subgroup of nodes relative weight to represent cluster by obtaining exclusive possession of quorum resource |
US6460050B1 (en) | 1999-12-22 | 2002-10-01 | Mark Raymond Pace | Distributed content identification system |
US6769008B1 (en) | 2000-01-10 | 2004-07-27 | Sun Microsystems, Inc. | Method and apparatus for dynamically altering configurations of clustered computer systems |
US7082456B2 (en) | 2000-03-17 | 2006-07-25 | Filesx Ltd. | Accelerating responses to requests made by users to an internet |
US6748534B1 (en) | 2000-03-31 | 2004-06-08 | Networks Associates, Inc. | System and method for partitioned distributed scanning of a large dataset for viruses and other malware |
CA2305078A1 (en) | 2000-04-12 | 2001-10-12 | Cloakware Corporation | Tamper resistant software - mass data encoding |
US7325127B2 (en) | 2000-04-25 | 2008-01-29 | Secure Data In Motion, Inc. | Security server system |
US7089428B2 (en) | 2000-04-28 | 2006-08-08 | Internet Security Systems, Inc. | Method and system for managing computer security information |
US6769115B1 (en) | 2000-05-01 | 2004-07-27 | Emc Corporation | Adaptive interface for a software development environment |
US6847993B1 (en) | 2000-05-31 | 2005-01-25 | International Business Machines Corporation | Method, system and program products for managing cluster configurations |
US6934755B1 (en) | 2000-06-02 | 2005-08-23 | Sun Microsystems, Inc. | System and method for migrating processes on a network |
US6611925B1 (en) | 2000-06-13 | 2003-08-26 | Networks Associates Technology, Inc. | Single point of entry/origination item scanning within an enterprise or workgroup |
US6901519B1 (en) | 2000-06-22 | 2005-05-31 | Infobahn, Inc. | E-mail virus protection system and method |
US8204999B2 (en) | 2000-07-10 | 2012-06-19 | Oracle International Corporation | Query string processing |
US7093239B1 (en) | 2000-07-14 | 2006-08-15 | Internet Security Systems, Inc. | Computer immune system and method for detecting unwanted code in a computer system |
US7350204B2 (en) | 2000-07-24 | 2008-03-25 | Microsoft Corporation | Policies for secure software execution |
AU2001263929A1 (en) | 2000-08-04 | 2002-02-18 | Xtradyne Technologies Ag | Method and system for session based authorization and access control for networked application objects |
US7707305B2 (en) | 2000-10-17 | 2010-04-27 | Cisco Technology, Inc. | Methods and apparatus for protecting against overload conditions on nodes of a distributed network |
US7146305B2 (en) | 2000-10-24 | 2006-12-05 | Vcis, Inc. | Analytical virtual machine |
US7606898B1 (en) | 2000-10-24 | 2009-10-20 | Microsoft Corporation | System and method for distributed management of shared computers |
US6930985B1 (en) | 2000-10-26 | 2005-08-16 | Extreme Networks, Inc. | Method and apparatus for management of configuration in a network |
US6834301B1 (en) | 2000-11-08 | 2004-12-21 | Networks Associates Technology, Inc. | System and method for configuration, management, and monitoring of a computer network using inheritance |
US6766334B1 (en) | 2000-11-21 | 2004-07-20 | Microsoft Corporation | Project-based configuration management method and apparatus |
US20020069367A1 (en) | 2000-12-06 | 2002-06-06 | Glen Tindal | Network operating system data directory |
US6907600B2 (en) | 2000-12-27 | 2005-06-14 | Intel Corporation | Virtual translation lookaside buffer |
JP2002244898A (ja) | 2001-02-19 | 2002-08-30 | Hitachi Ltd | データベース管理プログラム及びデータベースシステム |
US6918110B2 (en) | 2001-04-11 | 2005-07-12 | Hewlett-Packard Development Company, L.P. | Dynamic instrumentation of an executable program by means of causing a breakpoint at the entry point of a function and providing instrumentation code |
US6988101B2 (en) | 2001-05-31 | 2006-01-17 | International Business Machines Corporation | Method, system, and computer program product for providing an extensible file system for accessing a foreign file system from a local data processing system |
US6715050B2 (en) | 2001-05-31 | 2004-03-30 | Oracle International Corporation | Storage access keys |
US6988124B2 (en) | 2001-06-06 | 2006-01-17 | Microsoft Corporation | Locating potentially identical objects across multiple computers based on stochastic partitioning of workload |
US7290266B2 (en) | 2001-06-14 | 2007-10-30 | Cisco Technology, Inc. | Access control by a real-time stateful reference monitor with a state collection training mode and a lockdown mode for detecting predetermined patterns of events indicative of requests for operating system resources resulting in a decision to allow or block activity identified in a sequence of events based on a rule set defining a processing policy |
US7065767B2 (en) | 2001-06-29 | 2006-06-20 | Intel Corporation | Managed hosting server auditing and change tracking |
US7069330B1 (en) | 2001-07-05 | 2006-06-27 | Mcafee, Inc. | Control of interaction between client computer applications and network resources |
US20030023736A1 (en) | 2001-07-12 | 2003-01-30 | Kurt Abkemeier | Method and system for filtering messages |
US20030014667A1 (en) | 2001-07-16 | 2003-01-16 | Andrei Kolichtchak | Buffer overflow attack detection and suppression |
US6877088B2 (en) | 2001-08-08 | 2005-04-05 | Sun Microsystems, Inc. | Methods and apparatus for controlling speculative execution of instructions based on a multiaccess memory condition |
US7007302B1 (en) | 2001-08-31 | 2006-02-28 | Mcafee, Inc. | Efficient management and blocking of malicious code and hacking attempts in a network environment |
US7010796B1 (en) | 2001-09-28 | 2006-03-07 | Emc Corporation | Methods and apparatus providing remote operation of an application programming interface |
US7177267B2 (en) | 2001-11-09 | 2007-02-13 | Adc Dsl Systems, Inc. | Hardware monitoring and configuration management |
US7346781B2 (en) | 2001-12-06 | 2008-03-18 | Mcafee, Inc. | Initiating execution of a computer program from an encrypted version of a computer program |
US7039949B2 (en) | 2001-12-10 | 2006-05-02 | Brian Ross Cartmell | Method and system for blocking unwanted communications |
US7159036B2 (en) | 2001-12-10 | 2007-01-02 | Mcafee, Inc. | Updating data from a source computer to groups of destination computers |
US10033700B2 (en) | 2001-12-12 | 2018-07-24 | Intellectual Ventures I Llc | Dynamic evaluation of access rights |
WO2003050662A1 (fr) | 2001-12-13 | 2003-06-19 | Japan Science And Technology Agency | Systeme d'execution securisee d'un logiciel |
US7398389B2 (en) | 2001-12-20 | 2008-07-08 | Coretrace Corporation | Kernel-based network security infrastructure |
JP3906356B2 (ja) | 2001-12-27 | 2007-04-18 | 独立行政法人情報通信研究機構 | 構文解析方法及び装置 |
US7743415B2 (en) | 2002-01-31 | 2010-06-22 | Riverbed Technology, Inc. | Denial of service attacks characterization |
US20030167399A1 (en) | 2002-03-01 | 2003-09-04 | Yves Audebert | Method and system for performing post issuance configuration and data changes to a personal security device using a communications pipe |
US6941449B2 (en) | 2002-03-04 | 2005-09-06 | Hewlett-Packard Development Company, L.P. | Method and apparatus for performing critical tasks using speculative operations |
US7600021B2 (en) | 2002-04-03 | 2009-10-06 | Microsoft Corporation | Delta replication of source files and packages across networked resources |
US20070253430A1 (en) | 2002-04-23 | 2007-11-01 | Minami John S | Gigabit Ethernet Adapter |
US7370360B2 (en) | 2002-05-13 | 2008-05-06 | International Business Machines Corporation | Computer immune system and method for detecting unwanted code in a P-code or partially compiled native-code program executing within a virtual machine |
US7823148B2 (en) | 2002-05-22 | 2010-10-26 | Oracle America, Inc. | System and method for performing patch installation via a graphical user interface |
US20030221190A1 (en) | 2002-05-22 | 2003-11-27 | Sun Microsystems, Inc. | System and method for performing patch installation on multiple devices |
US7024404B1 (en) | 2002-05-28 | 2006-04-04 | The State University Rutgers | Retrieval and display of data objects using a cross-group ranking metric |
US7512977B2 (en) | 2003-06-11 | 2009-03-31 | Symantec Corporation | Intrustion protection system utilizing layers |
US7823203B2 (en) | 2002-06-17 | 2010-10-26 | At&T Intellectual Property Ii, L.P. | Method and device for detecting computer network intrusions |
US7139916B2 (en) | 2002-06-28 | 2006-11-21 | Ebay, Inc. | Method and system for monitoring user interaction with a computer |
US8924484B2 (en) | 2002-07-16 | 2014-12-30 | Sonicwall, Inc. | Active e-mail filter with challenge-response |
US7522906B2 (en) | 2002-08-09 | 2009-04-21 | Wavelink Corporation | Mobile unit configuration management for WLANs |
US7624347B2 (en) | 2002-09-17 | 2009-11-24 | At&T Intellectual Property I, L.P. | System and method for forwarding full header information in email messages |
US7546333B2 (en) | 2002-10-23 | 2009-06-09 | Netapp, Inc. | Methods and systems for predictive change management for access paths in networks |
US7353501B2 (en) | 2002-11-18 | 2008-04-01 | Microsoft Corporation | Generic wrapper scheme |
US7865931B1 (en) | 2002-11-25 | 2011-01-04 | Accenture Global Services Limited | Universal authorization and access control security measure for applications |
US20040143749A1 (en) | 2003-01-16 | 2004-07-22 | Platformlogic, Inc. | Behavior-based host-based intrusion prevention system |
US20040167906A1 (en) | 2003-02-25 | 2004-08-26 | Smith Randolph C. | System consolidation tool and method for patching multiple servers |
US7024548B1 (en) | 2003-03-10 | 2006-04-04 | Cisco Technology, Inc. | Methods and apparatus for auditing and tracking changes to an existing configuration of a computerized device |
US7529754B2 (en) | 2003-03-14 | 2009-05-05 | Websense, Inc. | System and method of monitoring and controlling application files |
JPWO2004095285A1 (ja) | 2003-03-28 | 2006-07-13 | 松下電器産業株式会社 | 記録媒体およびこれを用いる記録装置並びに再生装置 |
US7607010B2 (en) | 2003-04-12 | 2009-10-20 | Deep Nines, Inc. | System and method for network edge data protection |
US20050108516A1 (en) | 2003-04-17 | 2005-05-19 | Robert Balzer | By-pass and tampering protection for application wrappers |
US20040230963A1 (en) | 2003-05-12 | 2004-11-18 | Rothman Michael A. | Method for updating firmware in an operating system agnostic manner |
DE10324189A1 (de) | 2003-05-28 | 2004-12-16 | Robert Bosch Gmbh | Verfahren zur Steuerung des Zugriffs auf eine Ressource einer Applikation in einer Datenverarbeitungseinrichtung |
US7657599B2 (en) | 2003-05-29 | 2010-02-02 | Mindshare Design, Inc. | Systems and methods for automatically updating electronic mail access lists |
US20050108562A1 (en) | 2003-06-18 | 2005-05-19 | Khazan Roger I. | Technique for detecting executable malicious code using a combination of static and dynamic analyses |
US7283517B2 (en) | 2003-07-22 | 2007-10-16 | Innomedia Pte | Stand alone multi-media terminal adapter with network address translation and port partitioning |
US7886093B1 (en) | 2003-07-31 | 2011-02-08 | Hewlett-Packard Development Company, L.P. | Electronic device network supporting compression and decompression in electronic devices |
US7464408B1 (en) | 2003-08-29 | 2008-12-09 | Solidcore Systems, Inc. | Damage containment by translation |
US20050114672A1 (en) | 2003-11-20 | 2005-05-26 | Encryptx Corporation | Data rights management of digital information in a portable software permission wrapper |
US7600219B2 (en) | 2003-12-10 | 2009-10-06 | Sap Ag | Method and system to monitor software interface updates and assess backward compatibility |
US7546594B2 (en) | 2003-12-15 | 2009-06-09 | Microsoft Corporation | System and method for updating installation components using an installation component delta patch in a networked environment |
US7840968B1 (en) | 2003-12-17 | 2010-11-23 | Mcafee, Inc. | Method and system for containment of usage of language interfaces |
US7272654B1 (en) | 2004-03-04 | 2007-09-18 | Sandbox Networks, Inc. | Virtualizing network-attached-storage (NAS) with a compact table that stores lossy hashes of file names and parent handles rather than full names |
US7783735B1 (en) | 2004-03-22 | 2010-08-24 | Mcafee, Inc. | Containment of network communication |
US8060924B2 (en) | 2004-04-19 | 2011-11-15 | Lumension Security, Inc. | On-line centralized and local authorization of executable files |
US20060004875A1 (en) | 2004-05-11 | 2006-01-05 | Microsoft Corporation | CMDB schema |
US7890946B2 (en) | 2004-05-11 | 2011-02-15 | Microsoft Corporation | Efficient patching |
EP1767031B1 (en) | 2004-05-24 | 2009-12-09 | Computer Associates Think, Inc. | System and method for automatically configuring a mobile device |
US7818377B2 (en) | 2004-05-24 | 2010-10-19 | Microsoft Corporation | Extended message rule architecture |
US7506170B2 (en) | 2004-05-28 | 2009-03-17 | Microsoft Corporation | Method for secure access to multiple secure networks |
US20050273858A1 (en) | 2004-06-07 | 2005-12-08 | Erez Zadok | Stackable file systems and methods thereof |
JP4341517B2 (ja) | 2004-06-21 | 2009-10-07 | 日本電気株式会社 | セキュリティポリシー管理システム、セキュリティポリシー管理方法およびプログラム |
US20050289538A1 (en) | 2004-06-23 | 2005-12-29 | International Business Machines Corporation | Deploying an application software on a virtual deployment target |
US7203864B2 (en) | 2004-06-25 | 2007-04-10 | Hewlett-Packard Development Company, L.P. | Method and system for clustering computers into peer groups and comparing individual computers to their peers |
US7908653B2 (en) | 2004-06-29 | 2011-03-15 | Intel Corporation | Method of improving computer security through sandboxing |
US20060015501A1 (en) | 2004-07-19 | 2006-01-19 | International Business Machines Corporation | System, method and program product to determine a time interval at which to check conditions to permit access to a file |
US7937455B2 (en) | 2004-07-28 | 2011-05-03 | Oracle International Corporation | Methods and systems for modifying nodes in a cluster environment |
US7703090B2 (en) | 2004-08-31 | 2010-04-20 | Microsoft Corporation | Patch un-installation |
US7873955B1 (en) | 2004-09-07 | 2011-01-18 | Mcafee, Inc. | Solidifying the executable software set of a computer |
US20060080656A1 (en) | 2004-10-12 | 2006-04-13 | Microsoft Corporation | Methods and instructions for patch management |
US9329905B2 (en) | 2004-10-15 | 2016-05-03 | Emc Corporation | Method and apparatus for configuring, monitoring and/or managing resource groups including a virtual machine |
US7765538B2 (en) | 2004-10-29 | 2010-07-27 | Hewlett-Packard Development Company, L.P. | Method and apparatus for determining which program patches to recommend for installation |
US20060101277A1 (en) | 2004-11-10 | 2006-05-11 | Meenan Patrick A | Detecting and remedying unauthorized computer programs |
WO2006101549A2 (en) | 2004-12-03 | 2006-09-28 | Whitecell Software, Inc. | Secure system for allowing the execution of authorized computer program code |
US8479193B2 (en) | 2004-12-17 | 2013-07-02 | Intel Corporation | Method, apparatus and system for enhancing the usability of virtual machines |
US7765544B2 (en) | 2004-12-17 | 2010-07-27 | Intel Corporation | Method, apparatus and system for improving security in a virtual machine host |
US7607170B2 (en) | 2004-12-22 | 2009-10-20 | Radware Ltd. | Stateful attack protection |
US7302558B2 (en) | 2005-01-25 | 2007-11-27 | Goldman Sachs & Co. | Systems and methods to facilitate the creation and configuration management of computing systems |
US7395405B2 (en) | 2005-01-28 | 2008-07-01 | Intel Corporation | Method and apparatus for supporting address translation in a virtual machine environment |
US8056138B2 (en) | 2005-02-26 | 2011-11-08 | International Business Machines Corporation | System, method, and service for detecting improper manipulation of an application |
US7836504B2 (en) | 2005-03-01 | 2010-11-16 | Microsoft Corporation | On-access scan of memory for malware |
US7685635B2 (en) | 2005-03-11 | 2010-03-23 | Microsoft Corporation | Systems and methods for multi-level intercept processing in a virtual machine environment |
TW200707417A (en) | 2005-03-18 | 2007-02-16 | Sony Corp | Reproducing apparatus, reproducing method, program, program storage medium, data delivery system, data structure, and manufacturing method of recording medium |
US7552479B1 (en) | 2005-03-22 | 2009-06-23 | Symantec Corporation | Detecting shellcode that modifies IAT entries |
US7770151B2 (en) | 2005-04-07 | 2010-08-03 | International Business Machines Corporation | Automatic generation of solution deployment descriptors |
US7349931B2 (en) | 2005-04-14 | 2008-03-25 | Webroot Software, Inc. | System and method for scanning obfuscated files for pestware |
US8590044B2 (en) | 2005-04-14 | 2013-11-19 | International Business Machines Corporation | Selective virus scanning system and method |
US7603552B1 (en) | 2005-05-04 | 2009-10-13 | Mcafee, Inc. | Piracy prevention using unique module translation |
US7363463B2 (en) | 2005-05-13 | 2008-04-22 | Microsoft Corporation | Method and system for caching address translations from multiple address spaces in virtual machines |
WO2006137057A2 (en) | 2005-06-21 | 2006-12-28 | Onigma Ltd. | A method and a system for providing comprehensive protection against leakage of sensitive information assets using host based agents, content- meta-data and rules-based policies |
US8839450B2 (en) | 2007-08-02 | 2014-09-16 | Intel Corporation | Secure vault service for software components within an execution environment |
US7739721B2 (en) | 2005-07-11 | 2010-06-15 | Microsoft Corporation | Per-user and system granular audit policy implementation |
US7856661B1 (en) | 2005-07-14 | 2010-12-21 | Mcafee, Inc. | Classification of software on networked systems |
US7895651B2 (en) | 2005-07-29 | 2011-02-22 | Bit 9, Inc. | Content tracking in a network security system |
US7962616B2 (en) | 2005-08-11 | 2011-06-14 | Micro Focus (Us), Inc. | Real-time activity monitoring and reporting |
US8327353B2 (en) | 2005-08-30 | 2012-12-04 | Microsoft Corporation | Hierarchical virtualization with a multi-level virtualization mechanism |
US7340574B2 (en) | 2005-08-30 | 2008-03-04 | Rockwell Automation Technologies, Inc. | Method and apparatus for synchronizing an industrial controller with a redundant controller |
US20070074199A1 (en) | 2005-09-27 | 2007-03-29 | Sebastian Schoenberg | Method and apparatus for delivering microcode updates through virtual machine operations |
US8131825B2 (en) | 2005-10-07 | 2012-03-06 | Citrix Systems, Inc. | Method and a system for responding locally to requests for file metadata associated with files stored remotely |
US7725737B2 (en) | 2005-10-14 | 2010-05-25 | Check Point Software Technologies, Inc. | System and methodology providing secure workspace environment |
US20070169079A1 (en) | 2005-11-08 | 2007-07-19 | Microsoft Corporation | Software update management |
US7836303B2 (en) | 2005-12-09 | 2010-11-16 | University Of Washington | Web browser operating system |
US7856538B2 (en) | 2005-12-12 | 2010-12-21 | Systex, Inc. | Methods, systems and computer readable medium for detecting memory overflow conditions |
US20070143851A1 (en) | 2005-12-21 | 2007-06-21 | Fiberlink | Method and systems for controlling access to computing resources based on known security vulnerabilities |
US20070174429A1 (en) | 2006-01-24 | 2007-07-26 | Citrix Systems, Inc. | Methods and servers for establishing a connection between a client system and a virtual machine hosting a requested computing environment |
US7757269B1 (en) | 2006-02-02 | 2010-07-13 | Mcafee, Inc. | Enforcing alignment of approved changes and deployed changes in the software change life-cycle |
WO2007099273A1 (en) | 2006-03-03 | 2007-09-07 | Arm Limited | Monitoring values of signals within an integrated circuit |
US8621433B2 (en) | 2006-03-20 | 2013-12-31 | Microsoft Corporation | Managing version information for software components |
US7895573B1 (en) | 2006-03-27 | 2011-02-22 | Mcafee, Inc. | Execution environment file inventory |
US7752233B2 (en) | 2006-03-29 | 2010-07-06 | Massachusetts Institute Of Technology | Techniques for clustering a set of objects |
US7870387B1 (en) | 2006-04-07 | 2011-01-11 | Mcafee, Inc. | Program-based authorization |
US8015563B2 (en) | 2006-04-14 | 2011-09-06 | Microsoft Corporation | Managing virtual machines with system-wide policies |
US7966659B1 (en) | 2006-04-18 | 2011-06-21 | Rockwell Automation Technologies, Inc. | Distributed learn mode for configuring a firewall, security authority, intrusion detection/prevention devices, and the like |
US8458673B2 (en) | 2006-04-26 | 2013-06-04 | Flexera Software Llc | Computer-implemented method and system for binding digital rights management executable code to a software application |
US7849507B1 (en) | 2006-04-29 | 2010-12-07 | Ironport Systems, Inc. | Apparatus for filtering server responses |
US8291409B2 (en) | 2006-05-22 | 2012-10-16 | Microsoft Corporation | Updating virtual machine with patch on host that does not have network access |
US7761912B2 (en) | 2006-06-06 | 2010-07-20 | Microsoft Corporation | Reputation driven firewall |
US7809704B2 (en) | 2006-06-15 | 2010-10-05 | Microsoft Corporation | Combining spectral and probabilistic clustering |
US8176501B2 (en) | 2006-06-23 | 2012-05-08 | Dell Products L.P. | Enabling efficient input/output (I/O) virtualization |
US20070300215A1 (en) | 2006-06-26 | 2007-12-27 | Bardsley Jeffrey S | Methods, systems, and computer program products for obtaining and utilizing a score indicative of an overall performance effect of a software update on a software host |
US8365294B2 (en) | 2006-06-30 | 2013-01-29 | Intel Corporation | Hardware platform authentication and multi-platform validation |
US8468526B2 (en) | 2006-06-30 | 2013-06-18 | Intel Corporation | Concurrent thread execution using user-level asynchronous signaling |
US8572721B2 (en) | 2006-08-03 | 2013-10-29 | Citrix Systems, Inc. | Methods and systems for routing packets in a VPN-client-to-VPN-client connection via an SSL/VPN network appliance |
US8015388B1 (en) | 2006-08-04 | 2011-09-06 | Vmware, Inc. | Bypassing guest page table walk for shadow page table entries not present in guest page table |
US8161475B2 (en) | 2006-09-29 | 2012-04-17 | Microsoft Corporation | Automatic load and balancing for virtual machines to meet resource requirements |
US9697019B1 (en) | 2006-10-17 | 2017-07-04 | Manageiq, Inc. | Adapt a virtual machine to comply with system enforced policies and derive an optimized variant of the adapted virtual machine |
US7689817B2 (en) | 2006-11-16 | 2010-03-30 | Intel Corporation | Methods and apparatus for defeating malware |
US7996836B1 (en) | 2006-12-29 | 2011-08-09 | Symantec Corporation | Using a hypervisor to provide computer security |
US8336046B2 (en) | 2006-12-29 | 2012-12-18 | Intel Corporation | Dynamic VM cloning on request from application based on mapping of virtual hardware configuration to the identified physical hardware resources |
US8381209B2 (en) | 2007-01-03 | 2013-02-19 | International Business Machines Corporation | Moveable access control list (ACL) mechanisms for hypervisors and virtual machines and virtual port firewalls |
US8254568B2 (en) | 2007-01-07 | 2012-08-28 | Apple Inc. | Secure booting a computing device |
US8332929B1 (en) | 2007-01-10 | 2012-12-11 | Mcafee, Inc. | Method and apparatus for process enforced configuration management |
US8380987B2 (en) | 2007-01-25 | 2013-02-19 | Microsoft Corporation | Protection agents and privilege modes |
US8276201B2 (en) | 2007-03-22 | 2012-09-25 | International Business Machines Corporation | Integrity protection in data processing systems |
US7930327B2 (en) | 2007-05-21 | 2011-04-19 | International Business Machines Corporation | Method and apparatus for obtaining the absolute path name of an open file system object from its file descriptor |
US20080301770A1 (en) | 2007-05-31 | 2008-12-04 | Kinder Nathan G | Identity based virtual machine selector |
US20090007100A1 (en) | 2007-06-28 | 2009-01-01 | Microsoft Corporation | Suspending a Running Operating System to Enable Security Scanning |
US8763115B2 (en) | 2007-08-08 | 2014-06-24 | Vmware, Inc. | Impeding progress of malicious guest software |
US20090138480A1 (en) | 2007-08-29 | 2009-05-28 | Chatley Scott P | Filing system and method for data files stored in a distributed communications network |
US8250641B2 (en) | 2007-09-17 | 2012-08-21 | Intel Corporation | Method and apparatus for dynamic switching and real time security control on virtualized systems |
US8555081B2 (en) | 2007-10-30 | 2013-10-08 | Vmware, Inc. | Cryptographic multi-shadowing with integrity verification |
US8195931B1 (en) | 2007-10-31 | 2012-06-05 | Mcafee, Inc. | Application change control |
JP5238235B2 (ja) | 2007-12-07 | 2013-07-17 | 株式会社日立製作所 | 管理装置及び管理方法 |
US8042190B2 (en) | 2007-12-31 | 2011-10-18 | Intel Corporation | Pre-boot protected memory channel |
US8701189B2 (en) | 2008-01-31 | 2014-04-15 | Mcafee, Inc. | Method of and system for computer system denial-of-service protection |
US20090249471A1 (en) | 2008-03-27 | 2009-10-01 | Moshe Litvin | Reversible firewall policies |
US8321931B2 (en) | 2008-03-31 | 2012-11-27 | Intel Corporation | Method and apparatus for sequential hypervisor invocation |
WO2010016904A2 (en) | 2008-08-07 | 2010-02-11 | Serge Nabutovsky | Link exchange system and method |
US8065714B2 (en) | 2008-09-12 | 2011-11-22 | Hytrust, Inc. | Methods and systems for securely managing virtualization platform |
US9141381B2 (en) | 2008-10-27 | 2015-09-22 | Vmware, Inc. | Version control environment for virtual machines |
US8060722B2 (en) | 2009-03-27 | 2011-11-15 | Vmware, Inc. | Hardware assistance for shadow page table coherence with guest page mappings |
US8359422B2 (en) | 2009-06-26 | 2013-01-22 | Vmware, Inc. | System and method to reduce trace faults in software MMU virtualization |
US8341627B2 (en) * | 2009-08-21 | 2012-12-25 | Mcafee, Inc. | Method and system for providing user space address protection from writable memory area in a virtual environment |
US8381284B2 (en) | 2009-08-21 | 2013-02-19 | Mcafee, Inc. | System and method for enforcing security policies in a virtual environment |
US9552497B2 (en) | 2009-11-10 | 2017-01-24 | Mcafee, Inc. | System and method for preventing data loss using virtual machine wrapped applications |
TW201137660A (en) * | 2009-12-23 | 2011-11-01 | Ibm | Method and system for protecting an operating system against unauthorized modification |
US8925101B2 (en) | 2010-07-28 | 2014-12-30 | Mcafee, Inc. | System and method for local protection against malicious software |
US8938800B2 (en) | 2010-07-28 | 2015-01-20 | Mcafee, Inc. | System and method for network level protection against malicious software |
JP5758914B2 (ja) | 2010-12-21 | 2015-08-05 | パナソニック インテレクチュアル プロパティ コーポレーション オブアメリカPanasonic Intellectual Property Corporation of America | 仮想計算機システム及び仮想計算機システム制御方法 |
US20120179874A1 (en) | 2011-01-07 | 2012-07-12 | International Business Machines Corporation | Scalable cloud storage architecture |
US8984478B2 (en) * | 2011-10-03 | 2015-03-17 | Cisco Technology, Inc. | Reorganization of virtualized computer programs |
US8694738B2 (en) | 2011-10-11 | 2014-04-08 | Mcafee, Inc. | System and method for critical address space protection in a hypervisor environment |
US9069586B2 (en) | 2011-10-13 | 2015-06-30 | Mcafee, Inc. | System and method for kernel rootkit protection in a hypervisor environment |
US8973144B2 (en) | 2011-10-13 | 2015-03-03 | Mcafee, Inc. | System and method for kernel rootkit protection in a hypervisor environment |
US9256552B2 (en) * | 2011-11-21 | 2016-02-09 | Cisco Technology, Inc. | Selective access to executable memory |
-
2011
- 2011-10-11 US US13/271,102 patent/US8694738B2/en active Active
-
2012
- 2012-09-15 CN CN201280053614.5A patent/CN103907098B/zh active Active
- 2012-09-15 WO PCT/US2012/055674 patent/WO2013055502A1/en active Application Filing
- 2012-09-15 JP JP2014535730A patent/JP5763278B2/ja active Active
- 2012-09-15 EP EP12840804.4A patent/EP2766847A4/en not_active Withdrawn
Also Published As
Publication number | Publication date |
---|---|
CN103907098B (zh) | 2018-05-08 |
EP2766847A1 (en) | 2014-08-20 |
CN103907098A (zh) | 2014-07-02 |
US20130091318A1 (en) | 2013-04-11 |
WO2013055502A1 (en) | 2013-04-18 |
JP2014528623A (ja) | 2014-10-27 |
EP2766847A4 (en) | 2015-07-15 |
US8694738B2 (en) | 2014-04-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5763278B2 (ja) | ハイパーバイザ環境におけるクリティカル・アドレス空間保護のためのシステム及び方法 | |
US10447728B1 (en) | Technique for protecting guest processes using a layered virtualization architecture | |
US9530001B2 (en) | System and method for below-operating system trapping and securing loading of code into memory | |
JP6142027B2 (ja) | ハイパーバイザ環境においてカーネルルートキットに対する保護を実行するシステムおよび方法 | |
US9946562B2 (en) | System and method for kernel rootkit protection in a hypervisor environment | |
Riley et al. | Guest-transparent prevention of kernel rootkits with vmm-based memory shadowing | |
US8650642B2 (en) | System and method for below-operating system protection of an operating system kernel | |
US9262246B2 (en) | System and method for securing memory and storage of an electronic device with a below-operating system security agent | |
US8549648B2 (en) | Systems and methods for identifying hidden processes | |
US9384349B2 (en) | Negative light-weight rules | |
US9317690B2 (en) | System and method for firmware based anti-malware security | |
US8341627B2 (en) | Method and system for providing user space address protection from writable memory area in a virtual environment | |
US8959638B2 (en) | System and method for below-operating system trapping and securing of interdriver communication | |
US8863283B2 (en) | System and method for securing access to system calls | |
US8549644B2 (en) | Systems and method for regulating software access to security-sensitive processor resources | |
US20120255003A1 (en) | System and method for securing access to the objects of an operating system | |
US20120255031A1 (en) | System and method for securing memory using below-operating system trapping | |
US20130312099A1 (en) | Realtime Kernel Object Table and Type Protection | |
US20120255001A1 (en) | System and method for below-operating system trapping of driver filter attachment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A977 | Report on retrieval |
Free format text: JAPANESE INTERMEDIATE CODE: A971007 Effective date: 20150423 |
|
TRDD | Decision of grant or rejection written | ||
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20150526 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20150610 |
|
R150 | Certificate of patent or registration of utility model |
Ref document number: 5763278 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
S533 | Written request for registration of change of name |
Free format text: JAPANESE INTERMEDIATE CODE: R313533 |
|
R350 | Written notification of registration of transfer |
Free format text: JAPANESE INTERMEDIATE CODE: R350 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |