公开(公告)号：US08464345B2

公开(公告)日：2013-06-11

申请号：US12769262

申请日：2010-04-28

申请人： Sourabh Satish ,  Shane Pereira

发明人： Sourabh Satish ,  Shane Pereira

IPC分类号： G06F11/00

CPC分类号： G06F21/566 ,  G06F21/552 ,  G06F21/562 ,  H04L63/1416

摘要： A behavioral signature for detecting malware is generated. A computer is used to collect behavior traces of malware in a malware dataset. The behavior traces describe sequential behaviors performed by the malware. The behavior traces are normalized to produce malware behavior sequences. Similar malware behavior sequences are clustered together. The malware behavior sequences in a cluster describe behaviors of a malware family. The cluster is analyzed to identify a behavior subsequence common to the cluster's malware family. A behavior signature for the malware family is generated using the behavior subsequence. A trace of new malware is normalized and aligned with an existing cluster, if possible. The behavioral signature for that cluster is generated based on the behavior sequence of the new malware and the other sequences in the cluster.

摘要翻译： 生成用于检测恶意软件的行为签名。 计算机用于收集恶意软件数据集中恶意软件的行为痕迹。 行为痕迹描述恶意软件执行的顺序行为。 行为轨迹被归一化以产生恶意软件行为序列。 类似的恶意软件行为序列聚集在一起。 集群中的恶意软件行为序列描述恶意软件系列的行为。 分析集群以识别集群恶意软件系列通用的行为子序列。 使用行为子序列生成恶意软件系列的行为签名。 如果可能，新的恶意软件的跟踪将被归一化并与现有集群对齐。 基于新的恶意软件和群集中的其他序列的行为序列生成该群集的行为签名。

公开(公告)号：US08452848B1

公开(公告)日：2013-05-28

申请号：US13018076

申请日：2011-01-31

申请人： Sourabh Satish ,  Atif Mahadik

发明人： Sourabh Satish ,  Atif Mahadik

IPC分类号： G06F15/16

CPC分类号： H04W52/0203 ,  Y02D70/00

摘要： Secure, continuous, on-demand access to services provided by servers internal to a network is facilitated, while minimizing power consumption and power load spikes. Information concerning operation of the network is monitored, and a profile of the network is maintained. Internal network servers being in reduced power consumption states is tracked. Service requests from clients to internal network servers that are in reduced power consumption states are detected. In response, packets are generated to wake servers in reduced power consumption states, without requiring registration or installation of any components on the servers or clients. Frequencies are controlled at which packets are generated to wake servers, thereby minimizing sudden increases in power consumption associated with waking multiple servers. This can comprise waiting for a specific duration of time prior to generating packets, based on server profiles.

摘要翻译： 安全，连续，按需访问由网络内部的服务器提供的服务，同时最大限度地降低功耗和功率负载尖峰。 监视关于网络操作的信息，并且维护网络的简档。 跟踪内部网络服务器处于功耗状态的状态。 检测到客户端到处于降低功耗状态的内部网络服务器的服务请求。 作为响应，生成数据包以以降低的功耗状态唤醒服务器，而不需要在服务器或客户端上注册或安装任何组件。 控制频率来产生分组以唤醒服务器，从而最小化与唤醒多个服务器相关联的功耗的突然增加。 这可以包括基于服务器配置文件在生成分组之前等待特定的持续时间。

公开(公告)号：US08443354B1

公开(公告)日：2013-05-14

申请号：US11393444

申请日：2006-03-29

申请人： Sourabh Satish ,  Brian Hernacki

发明人： Sourabh Satish ,  Brian Hernacki

IPC分类号： G06F9/44 ,  G06F9/45 ,  G06F7/04 ,  G06F17/30 ,  H04N7/16

CPC分类号： G06F8/65 ,  G06F9/44536

摘要： Detecting new or modified portions of executable code is disclosed. An indication is received that a prior version of an executable file has been replaced by a new version. A security response is provided if a process associated with the executable file attempts to perform a restricted action and a new or changed portion of code comprising the new version has executed. If no new or changed portion of code has executed, the restricted action is allowed to an extent determined previously for the prior version of the executable file.

摘要翻译： 公开了检测可执行代码的新的或修改的部分。 接收到可执行文件的先前版本已被新版本替换的指示。 如果与可执行文件相关联的过程尝试执行受限制的操作并且已经执行了包含新版本的新的或改变的部分代码，则提供安全响应。 如果没有执行新的或改变的代码部分，则允许限制的动作到先前为可执行文件的先前版本确定的程度。

公开(公告)号：US08387108B1

公开(公告)日：2013-02-26

申请号：US11590390

申请日：2006-10-31

申请人： Sourabh Satish ,  Brian Hernacki

发明人： Sourabh Satish ,  Brian Hernacki

IPC分类号： H04L29/06

CPC分类号： G06F21/31 ,  H04L63/1441 ,  H04L63/168 ,  H04L63/20

摘要： Controlling identity disclosures is disclosed. A difference between a site policy as received at a first time and the site policy as received at a second time is detected through at least partially automated processing. The existence of the difference is indicated before disclosing to a relying party associated with the site policy, at or subsequent to the second time, an identity information.

摘要翻译： 披露了控制身份披露。 通过至少部分自动化的处理来检测第一次收到的站点策略与第二次接收到的站点策略之间的差异。 差异的存在在第二次或第二次向站点策略关联的依赖方披露身份信息之前被指示。

公开(公告)号：US08347380B1

公开(公告)日：2013-01-01

申请号：US12217071

申请日：2008-06-30

申请人： Sourabh Satish ,  Shreyans Mehta ,  Vijay Anand Seshadri

发明人： Sourabh Satish ,  Shreyans Mehta ,  Vijay Anand Seshadri

IPC分类号： G06F11/00

CPC分类号： G06F11/00 ,  G06F21/53 ,  G06F21/554 ,  G06F2221/031

摘要： A method and system for protecting users from accidentally disclosing personal information in an insecure environment. In one embodiment, the method includes monitoring I/O device input data associated with a guest operating system on a virtualization platform. The guest operating system has less privilege than a privileged operating system on the virtualization platform. The method further includes determining whether the I/O device input data corresponds to personal information of a user, and delaying or blocking the transfer of the I/O device input data to the guest operating system if the I/O device input data corresponds to the personal information of the user.

摘要翻译： 一种防止用户在不安全环境中不小心泄露个人信息的方法和系统。 在一个实施例中，该方法包括在虚拟化平台上监视与客户操作系统相关联的I / O设备输入数据。 客户机操作系统比虚拟化平台上的特权操作系统具有更少的权限。 该方法还包括：如果I / O设备输入数据对应于I / O设备输入数据对应于I / O设备输入数据对应于用户的个人信息，并且延迟或阻止将I / O设备输入数据传送到客户操作系统 用户的个人信息。

公开(公告)号：US08335661B1

公开(公告)日：2012-12-18

申请号：US12130482

申请日：2008-05-30

申请人： Sourabh Satish

发明人： Sourabh Satish

IPC分类号： G06F11/30

CPC分类号： G06F11/302 ,  G06F11/3062 ,  G06F11/3428 ,  G06F2201/865 ,  Y02D10/34

摘要： Various methods and systems for scoring applications are disclosed. One method involves generating a baseline measuring a parameter of a computer system. The parameter is related, directly or indirectly, to the energy consumption of the computer system. The method next involves installing and running an application on the computer system. The previously measured parameter is measured with the application running. Next, a score is calculated for the application based on the two measurements. This score indicates how green the application is.

摘要翻译： 公开了用于评分应用的各种方法和系统。 一种方法涉及生成测量计算机系统的参数的基线。 该参数直接或间接地与计算机系统的能量消耗有关。 该方法接下来涉及在计算机系统上安装和运行应用程序。 以前测量的参数是在应用程序运行时测量的。 接下来，基于两个测量来计算应用的分数。 此分数表示应用程序的绿色。

公开(公告)号：US08321940B1

公开(公告)日：2012-11-27

申请号：US12771433

申请日：2010-04-30

申请人： Shane Pereira ,  Sourabh Satish

发明人： Shane Pereira ,  Sourabh Satish

IPC分类号： G06F11/00

CPC分类号： G06F21/00 ,  G06F21/554 ,  G06F21/566

摘要： A computer-implemented method for detecting data-stealing malware may include: 1) detecting an attempt by an untrusted application to access a storage location that is known to be used by a legitimate application when storing potentially sensitive information, 2) determining that the legitimate application is not installed on the computing device, 3) determining that the untrusted application represents a potential security risk, and then 4) performing a security operation on the untrusted application. Corresponding systems and computer-readable instructions embodied on computer-readable media are also disclosed.

摘要翻译： 用于检测数据窃取恶意软件的计算机实现的方法可以包括：1）当存储潜在敏感信息时，检测不可信应用尝试访问已知由合法应用使用的存储位置，2）确定合法 应用程序未安装在计算设备上，3）确定不可信应用程序表示潜在的安全风险，然后4）对不受信任的应用程序执行安全操作。 还公开了包含在计算机可读介质上的相应系统和计算机可读指令。

公开(公告)号：US08296819B1

公开(公告)日：2012-10-23

申请号：US11590390

申请日：2006-10-31

申请人： Sourabh Satish ,  Brian Hernacki

发明人： Sourabh Satish ,  Brian Hernacki

IPC分类号： H04L29/06

摘要： Controlling identity disclosures is disclosed. A difference between a site policy as received at a first time and the site policy as received at a second time is detected through at least partially automated processing. The existence of the difference is indicated before disclosing to a relying party associated with the site policy, at or subsequent to the second time, an identity information.

公开(公告)号：US08225104B1

公开(公告)日：2012-07-17

申请号：US11245776

申请日：2005-10-06

申请人： Sourabh Satish

发明人： Sourabh Satish

IPC分类号： G06F21/00

CPC分类号： G06F21/00 ,  G06F21/53 ,  G06F21/54 ,  G06F21/62 ,  G06F2221/2141 ,  H04L9/32

摘要： An execution environment of a computer computes an initial effective permissions set for managed code based on user identity evidence, code evidence and/or a security policy and executes the code with this permissions set. If the managed code requests a data access, the execution environment considers data evidence that indicates the trustworthiness of the requested data. The data evidence can be based on the source of the data, the location of the data, the content of the data itself, or other factors. The execution environment computes a new effective permissions set for the managed code based on the data evidence and the security policy. This new effective permissions set is applied to the managed code while the code accesses the data. The execution environment restores the initial permissions set once the managed code completes the data access.

摘要翻译： 计算机的执行环境根据用户身份证据，代码证据和/或安全策略计算托管代码的初始有效权限集，并使用该权限集执行代码。 如果托管代码请求数据访问，则执行环境会考虑指示所请求数据的可信赖性的数据证据。 数据证据可以基于数据的来源，数据的位置，数据本身的内容或其他因素。 执行环境根据数据证据和安全策略计算托管代码的新的有效权限集。 当代码访问数据时，这个新的有效权限集应用于托管代码。 一旦托管代码完成数据访问，执行环境将恢复初始权限集。

公开(公告)号：US08190755B1

公开(公告)日：2012-05-29

申请号：US11645958

申请日：2006-12-27

申请人： Sourabh Satish ,  Brian Hernacki ,  Shane Pereira

发明人： Sourabh Satish ,  Brian Hernacki ,  Shane Pereira

IPC分类号： G06F15/16

CPC分类号： H04L63/102 ,  H04L61/2015

摘要： Method and apparatus for host authentication in a network implementing network access control is described. In an example, a network access control (NAC) server receives network address requests from hosts on a network. If a host is compliant with an established security policy, the NAC server determines a unique indicium for the host and records the unique indicium along with a network address leased to the host by a dynamic host configuration protocol (DHCP) server. When a host requests access to a resource on the network, the host is authenticated by determining whether its asserted network address is valid. If valid, a pre-computed unique indicium for that address is obtained and compared with a unique indicium for the host. If the indicia match, the host is allowed access to the resource. Otherwise, the host is blocked from access to the resource.

摘要翻译： 描述了实现网络访问控制的网络中的主机认证的方法和装置。 在一个示例中，网络访问控制（NAC）服务器从网络上的主机接收网络地址请求。 如果主机符合已建立的安全策略，则NAC服务器为主机确定唯一的标记，并通过动态主机配置协议（DHCP）服务器将唯一标记与租用的主机的网络地址一起记录。 当主机请求访问网络上的资源时，通过确定其断言的网络地址是否有效来验证主机。 如果有效，则获得该地址的预先计算的唯一标记，并与主机的唯一标记进行比较。 如果标记匹配，则允许主机访问资源。 否则，主机被阻止访问资源。