-
公开(公告)号:US10311122B1
公开(公告)日:2019-06-04
申请号:US14466547
申请日:2014-08-22
申请人: Bromium, Inc.
发明人: Gaurav Banga , Ian Pratt , Vikram Kapoor , Kiran Bondalapati
IPC分类号: G06F3/14 , G06F16/957 , G06F3/0484
摘要: Migrating support for a web browsing session between a virtual machine and a host operating system. A web session is supported by a first virtual machine which executes on a computer system. Upon receiving a request for the web session to enter an unprotected mode, support for the web session is migrated from the first virtual machine to a host operating system of the computer system. In unprotected mode, web sessions are supported by the host operating system rather than by a virtual machine. After migrating support for the web session to the host operating system, a visual cue indicating that the unprotected mode is active is displayed. After receiving a request to exit the unprotected mode, support for the web session is migrated from the host operating system to a second virtual machine executing on the computer system and the visual cue is removed.
-
公开(公告)号:US10275269B1
公开(公告)日:2019-04-30
申请号:US15167853
申请日:2016-05-27
申请人: Bromium, Inc.
发明人: Ian Pratt , James Misra McKenzie
IPC分类号: G06F9/455
摘要: Approaches for performing nested virtualization using a hypervisor which does not support nested virtualization. A first hypervisor is loaded upon booting a computing device. The first hypervisor instantiates a first virtual machine, exposes an emulated hardware virtualization support interface to the first virtual machine, and executes a second hypervisor, which does not support nested virtualization, within the first virtual machine. The first hypervisor provides nested virtualization support to the second hypervisor to allow the second hypervisor to execute a third hypervisor within a second virtual machine by the first hypervisor abstracting hardware virtualization support to the third hypervisor.
-
公开(公告)号:US20170201507A1
公开(公告)日:2017-07-13
申请号:US15200989
申请日:2016-07-01
申请人: Bromium, Inc.
发明人: Ian Pratt
CPC分类号: H04L63/08 , G06F9/45545 , G06F9/45558 , G06F9/5077 , G06F2009/45562 , G06F2009/45587 , G06F2009/45595 , H04L63/0209 , H04L63/10
摘要: Approaches for providing operating environments selective access to network resources. A guest operating system, executing on a device, may issue a request to a network device for access to a set of network resources. Once the guest operating system authenticates itself to the network device, the network device provides, to the guest operating system, access to the set of network resources. Note that the host operating system, executing on the device, does not have access to the set of network resources. A guest operating system may be provided access to an untrusted network in a manner that denies the host operating system access to the untrusted network. In this way, any malicious code inadvertently introduced into the host operating system cannot access the untrusted network for unscrupulous purposes.
-
公开(公告)号:US20150178198A1
公开(公告)日:2015-06-25
申请号:US14140438
申请日:2013-12-24
申请人: Bromium, Inc.
发明人: Ian Pratt , Christian Limpach
CPC分类号: G06F12/08 , G06F9/45558 , G06F12/0223 , G06F2009/45583 , G06F2009/45587 , G06F2212/652
摘要: Approaches for performing memory management by a hypervisor. A host operating system and a hypervisor are executed on a device. The host operating system is not configured to access physical memory addressed above four gigabytes. The hypervisor manages memory for a device, including memory addressed above four gigabytes. When the hypervisor instantiates a virtual machine, the hypervisor may allocate memory pages for the newly instantiated virtual machine by preferentially using any unassigned memory addressed above four gigabytes before using memory allocated from the host (and hence addressed below four gigabytes).
摘要翻译: 管理程序执行内存管理的方法。 在设备上执行主机操作系统和管理程序。 主机操作系统未配置为访问四千兆字节以上的物理内存。 虚拟机管理程序管理设备的内存,包括四吉字节以上的内存。 当虚拟机管理程序实例化虚拟机时,虚拟机管理程序可以在使用从主机分配的内存之前优先使用四千兆字节以上的任何未分配的存储器(并因此在四千兆字节以下寻址)来为新实例化的虚拟机分配存储器页面。
-
公开(公告)号:US10348711B2
公开(公告)日:2019-07-09
申请号:US15200989
申请日:2016-07-01
申请人: Bromium, Inc.
发明人: Ian Pratt
摘要: Approaches for providing operating environments selective access to network resources. A guest operating system, executing on a device, may issue a request to a network device for access to a set of network resources. Once the guest operating system authenticates itself to the network device, the network device provides, to the guest operating system, access to the set of network resources. Note that the host operating system, executing on the device, does not have access to the set of network resources. A guest operating system may be provided access to an untrusted network in a manner that denies the host operating system access to the untrusted network. In this way, any malicious code inadvertently introduced into the host operating system cannot access the untrusted network for unscrupulous purposes.
-
公开(公告)号:US09348636B2
公开(公告)日:2016-05-24
申请号:US14478889
申请日:2014-09-05
申请人: Bromium, Inc.
发明人: Deepak Khajuria , Kiran Bondalapati , Vikram Kapoor , Gaurav Banga , Ian Pratt
CPC分类号: G06F9/45558 , G06F17/30233 , G06F2009/45595
摘要: Approaches for transferring a file using a virtualized application. A virtualized application executes within a virtual machine residing on a physical machine. When the virtualized application is instructed to download a file stored external to the physical machine, the virtualized application displays an interface which enables at least a portion of a file system, maintained by a host OS, to be browsed while preventing files stored within the virtual machine to be browsed. Upon the virtualized application receiving input identifying a target location within the file system, the virtualized application stores the file at the target location. The virtualized application may also upload a file stored on the physical machine using an interface which enables at least a portion of a file system of a host OS to be browsed while preventing files in the virtual machine to be browsed.
摘要翻译: 使用虚拟化应用程序传输文件的方法。 虚拟化应用程序在驻留在物理机器上的虚拟机中执行。 当指示虚拟化应用程序下载存储在物理机外部的文件时,虚拟化应用程序显示一个接口,该接口使得能够浏览由主机OS维护的文件系统的至少一部分,同时防止存储在虚拟机中的文件 机器被浏览。 在虚拟化应用程序接收到识别文件系统中的目标位置的输入时,虚拟应用程序将文件存储在目标位置。 虚拟化应用还可以使用允许在主机OS的文件系统的至少一部分被浏览的同时上传存储在物理机上的文件,同时防止虚拟机中的文件被浏览。
-
公开(公告)号:US10430614B2
公开(公告)日:2019-10-01
申请号:US15133077
申请日:2016-04-19
申请人: Bromium, Inc.
发明人: Ian Pratt , Rahul C. Kashyap , Gaurav Banga
摘要: Approaches for transferring control to a bit set. Execution of a bit set upon a host operating system is monitored. A determination is made that the execution of the bit set exhibits a suspicious characteristic. In response, the execution of the bit set on the host operating system is ceased. Then, the bit set is copied into an isolated environment and control to the bit set is transferred within the isolated environment. Thereafter, execution analysis upon the bit set is initiated in the isolated environment. The isolated environment may, but need not, reside on a different physical device than upon which executes the host operating system.
-
公开(公告)号:US20190065236A1
公开(公告)日:2019-02-28
申请号:US16177084
申请日:2018-10-31
申请人: Bromium, Inc.
发明人: Ian Pratt
摘要: Approaches for ensuring the privacy and integrity of a hypervisor. A host operating system manages a set of resources. The host operating system is prevented from accessing a portion of the resources belonging to or allocated by the hypervisor. The host operating system may be prevented from accessing resources belonging to or allocated by the hypervisor by transferring execution of the host operating system into a virtual machine container that does not have sufficient privilege to access any portion of the memory pages in which the hypervisor is executing. After the host operating system provides a requested resource to the hypervisor, the hypervisor may use a hardware component that establishes and enforces constraints on what portions of memory the host operating system is allowed to access to protect the requested resource from the host operating system.
-
公开(公告)号:US10140139B1
公开(公告)日:2018-11-27
申请号:US14741147
申请日:2015-06-16
申请人: Bromium, Inc.
发明人: Ian Pratt
摘要: Approaches for ensuring the privacy and integrity of a hypervisor. A host operating system manages a set of resources. The host operating system is prevented from accessing a portion of the resources belonging to or allocated by the hypervisor. The host operating system may be prevented from accessing resources belonging to or allocated by the hypervisor by transferring execution of the host operating system into a virtual machine container that does not have sufficient privilege to access any portion of the memory pages in which the hypervisor is executing. After the host operating system provides a requested resource to the hypervisor, the hypervisor may use a hardware component that establishes and enforces constraints on what portions of memory the host operating system is allowed to access to protect the requested resource from the host operating system.
-
公开(公告)号:US20170180427A1
公开(公告)日:2017-06-22
申请号:US15448254
申请日:2017-03-02
申请人: Bromium, Inc.
发明人: Rahul C. Kashyap , Rafal Wojtczuk , Ian Pratt
IPC分类号: H04L29/06
CPC分类号: H04L63/205 , G06F21/6209 , H04L63/02 , H04L63/1491
摘要: A software module executes in a first isolated execution environment. The module determines the first environment has caused data to the written to a first clipboard maintained by the first environment. The module consults policy data to determine whether the data should additionally be written to a second clipboard maintained by a second isolated execution environment. The policy data does not allow one or more types of clipboard objects to be written to the second clipboard even if they were written to the first clipboard at the initiation of or approved by a user to prevent the user from introducing a potentially hazardous type of object into the second clipboard. Upon the module determining that the policy data allows the data to be written to the second clipboard, the software module causes the data to written to the second clipboard.
-
-
-
-
-
-
-
-
-
搜索结果
30 条记录 (耗时 0.016 秒)
