-
公开(公告)号:US20190050247A1
公开(公告)日:2019-02-14
申请号:US16073424
申请日:2017-01-26
Inventor: Fadi EL-MOUSSA , Theo DIMITRAKOS
CPC classification number: G06F9/45558 , G06F8/63 , G06F9/4856 , G06F21/53 , G06F21/602 , G06F21/6218 , G06F2009/45562 , G06F2009/45566 , G06F2009/4557 , G06F2221/2107 , H04L63/06
Abstract: A computer implemented method of providing whole disk encryption for a virtualized computer system including providing a software component executing in a first virtual machine for instantiation in a first hypervisor, the software component invoking a second hypervisor within the first virtual machine for instantiating a disk image of the virtualized computer system as a second virtual machine, and the software component being configured to install a software agent in the second virtual machine, the software agent being adapted to: a) encrypt the instantiated disk image; b) encrypt data written, by the second virtual machine, to the instantiated disk image at a runtime of the second virtual machine; and c) decrypt data read, by the second virtual machine, from the instantiated disk image at a runtime of the second virtual machine, wherein the software component is configured to migrate the second virtual machine at a runtime of the second virtual machine to the first hypervisor so as to provide a wholly encrypted disk image for the second virtual machine executing in the first hypervisor.
-
Patent Agency Ranking
公开(公告)号:US20190034645A1
公开(公告)日:2019-01-31
申请号:US16073396
申请日:2017-01-26
Inventor: Fadi EL-MOUSSA , Theo DIMITRAKOS
Abstract: A data storage device providing secure data storage for a software application executed by an operating system in a computer system including a file system operation interceptor that detects requests for file system operations in respect of data for the application; a file system operation analyzer that is responsive to the interceptor and that analyses an intercepted file system operation request to identify attributes associated with the file system operation; a comparator that compares the attributes with a predefined security policy definition; a cryptographic unit that encrypts and/or decrypts data using one or more cryptographic functions; wherein the cryptographic unit is operable in response to the comparator to perform an encryption or decryption operation on the data and effect the performance of the requested file system operation by the operating system.
-
公开(公告)号:US20180225469A1
公开(公告)日:2018-08-09
申请号:US15749338
申请日:2016-07-20
Inventor: Joshua DANIEL , Gery DUCATEL , Theo DIMITRAKOS
CPC classification number: G06F21/629 , G06F21/10 , G06F21/602 , G06F21/62 , G06F2221/2141 , G06Q20/3678 , G06Q20/401 , H04L9/0637 , H04L63/10
Abstract: A computer implemented method of a resource provider for access control for a restricted resource in a network connected computer system, wherein a blockchain data structure accessible via the network stores digitally signed records validated by network connected miner software components including a provider record associated with the resource provider, the method including: identifying an access control role definition for access to the resource, the role including a specification of access permissions; receiving a request from a resource consumer for access to the resource; communicating, to the resource consumer, an indication of a quantity of a cryptocurrency required for access to the resource; and in response to a determination that the required quantity of cryptocurrency is transferred to the provider record in the blockchain, the transfer being caused by a blockchain transaction including an identification of the role and the transaction being validated by a miner component, granting the consumer access to the resource in accordance with the role definition.
-
公开(公告)号:US20180191751A1
公开(公告)日:2018-07-05
申请号:US15857163
申请日:2017-12-28
Inventor: Fadi EL-MOUSSA , Theo DIMITRAKOS
CPC classification number: H04L63/1416 , G06F16/9024 , H04L63/1425 , H04L63/1433 , H04L63/1441
Abstract: A computer implemented method to identify an attacked computing device in a system of network-connected computing devices providing a plurality of computing services, the method including receiving a first data structure including data modeling relationships between vulnerabilities of computing services in a first proper subset of the plurality of computing services and exploitation of such vulnerabilities to identify one or more series of exploits involved in a network attack; receiving a second data structure including data modeling the computing devices in the system including the network connections of each computing device; and comparing the first and second data structures to identify the attacked computing device as an intermediate device in communications between at least two computer services in any of the one or more series of exploits.
-
公开(公告)号:US20180025166A1
公开(公告)日:2018-01-25
申请号:US15548654
申请日:2016-02-10
Inventor: Joshua DANIEL , Theo DIMITRAKOS , Gery DUCATEL
CPC classification number: G06F21/602 , G06F9/5011 , G06Q10/06
Abstract: A computer implemented method for validating use of a computing resource by a requester software component including: validating a characteristic of the requester; generating a first transaction defining criteria for consumption of the resource by the requester, the first transaction being encrypted with a private key from a public key/private key pair and being added as part of a block of transactions to a blockchain data structure; generating a subsequent encrypted transaction corresponding to a request of the requester to consume the resource, the subsequent transaction referring to the first transaction, wherein the subsequent transaction is validated by a transaction miner computing component from a plurality of miners by authenticating the transaction using the public key and verifying compliance with the criteria defined in each transaction.
-
公开(公告)号:US20160139902A1
公开(公告)日:2016-05-19
申请号:US14899760
申请日:2014-06-12
Inventor: Theo DIMITRAKOS , Nektarios GEORGALAS , Fadi EL-MOUSSA , Pramod PAWAR , George VAFIADIS
CPC classification number: G06F8/60 , G06F8/61 , G06F8/70 , G06F9/45533
Abstract: A method of augmenting a deployment specification for a software application to determine a level of compliance of the application with a compliance characteristic, the deployment specification being suitable for identifying a resource required to execute the software application in a virtualised computing environment, the method comprising: receiving a definition of the compliance characteristic as a set of compliance criteria concerning the resource, wherein satisfaction of the compliance criteria during execution of the software application is suitable for determining the level of compliance of the software application with the compliance characteristic; selecting at least one software component from a library of components based on the definition of the compliance characteristic, the software component being operable to determine a state of satisfaction of at least a subset of the set of criteria for the compliance characteristic; and modifying the deployment specification to identify the at least one selected software component such that, on execution of the application, the level of compliance of the application with the compliance characteristic is determined.
Abstract translation: 一种增强软件应用程序的部署规范以确定具有合规特性的应用程序的一致性级别的方法,所述部署规范适合于识别在虚拟化计算环境中执行所述软件应用所需的资源,所述方法包括: 接收关于符合性特征的定义作为关于资源的合规性标准的集合,其中在执行软件应用期间满足遵从标准适合于确定软件应用程序具有合规特性的合规级别; 基于所述合规性特征的定义从组件库中选择至少一个软件组件,所述软件组件可操作以确定所述一致性特征的所述一组标准中的至少一个子集的满足状态; 以及修改所述部署规范以识别所述至少一个所选择的软件组件,使得在执行所述应用时确定所述应用与所述符合性特征的一致性水平。
-
-
-
-
-
Search Results
26
records
(took 0.018 seconds)
