TREA

System and method for preventing data loss using virtual machine wrapped applications

Follow

Information

  • Patent Grant
  • 9552497
  • Patent Number
    9,552,497
  • Date Filed
    Tuesday, November 10, 2009
    14 years ago
  • Date Issued
    Tuesday, January 24, 2017
    7 years ago
Information
Abstract
A method in one example implementation includes selecting at least one criterion for controlling data transmission from within a virtual machine. At least one application is included within the virtual machine, which includes a policy module. The selected criterion corresponds to at least one policy associated with the policy module. The method also includes evaluating the selected criterion of the policy to permit an attempt to transmit the data from within the virtual machine. In more specific embodiments, the policy may include a plurality of criteria with a first selected criterion permitting transmission of the data to a first application and a second selected criterion prohibiting transmission of the data to a second application. In another specific embodiment, the method may include updating the policy module through an administration module to modify the selected criterion.
Description
TECHNICAL FIELD

This disclosure relates in general to the field of security and, more particularly, to preventing data loss in a virtual environment.


BACKGROUND

The field of network security has become increasingly important in today's society. In particular, the ability to effectively protect computers, systems, and the data residing on such computers and systems presents a significant obstacle for component manufacturers, system designers, and network operators. This obstacle is made even more difficult due to continuously evolving security threats. Virtualization is a software technology that allows a complete operating system to run on an isolated virtual environment (typically referred to as a virtual machine), where a platform's physical characteristics and behaviors are reproduced. Virtualization can also provide for execution of a single application within a virtual machine. A virtual machine can represent an isolated, virtual environment (lying on top of a host operating system (OS) or running on bare hardware), equipped with virtual hardware (processor, memory, disks, network interfaces, etc.). Commonly, the virtual machine is managed by a virtualization product. A virtual machine monitor (VMM) is typically the virtualization software layer that manages hardware requests from a guest OS (e.g., simulating answers from real hardware). A hypervisor is typically computer software/hardware platform virtualization software that allows multiple operating systems to run on a host computer concurrently. Applications represent a unique challenge in virtual environments because they can easily be manipulated in order to infect a given computer system. Security professionals and network administrators should account for these issues in order to protect computers and systems from emerging security threats.





BRIEF DESCRIPTION OF THE DRAWINGS

To provide a more complete understanding of the present disclosure and features and advantages thereof, reference is made to the following description, taken in conjunction with the accompanying figures, wherein like reference numerals represent like parts, in which:



FIG. 1 is a simplified block diagram of a system for preventing data loss using virtual machine wrapped applications in accordance with one embodiment;



FIG. 2 is a simplified block diagram of an example embodiment of a system for preventing data loss using virtual machine wrapped applications;



FIG. 3 is a simplified flowchart illustrating a series of example steps associated with the system in accordance with one embodiment; and



FIG. 4 is a simplified flowchart illustrating a series of example steps associated with the system in accordance with another embodiment.





DETAILED DESCRIPTION OF EXAMPLE EMBODIMENTS
Overview

A method in one example implementation includes selecting at least one criterion for controlling data transmission from within a virtual machine. At least one application is included within the virtual machine and the virtual machine includes a policy module. The selected criterion corresponds to at least one policy associated with the policy module. The method also includes evaluating the selected criterion of the policy to permit an attempt to transmit the data from within the virtual machine. In more specific embodiments, the policy includes a plurality of selected criteria, including a first selected criterion that permits transmission of the data to a first other application and a second selected criterion that prohibits transmission of the data to a second other application. In other more specific embodiments, the selected criterion permits transmission of the data to a client device of one of a plurality of users if the client device is requesting access to the application from within a secured network environment. In another more specific embodiment, the method includes updating the policy module through an administration module to modify the selected criterion.


Example Embodiments


FIG. 1 is a simplified block diagram of a system 10 for protecting data from accidental and deliberate leakage in a virtual environment using virtual machine wrapped applications. System 10 may include a plurality of virtual machines 12, 14, 24, and 26, and an operating system 30. System 10 may also include a virtual machine monitor 16 that includes a memory element 18, a policy administration module 20, and a processor 22. Memory element 18 may contain a master image 38 with stored entries corresponding to the most current versions of software used within system 10. Each of virtual machines 12, 14, 24, and 26 includes an associated firewall policy module 34a, 34b, 34c, and 34d, respectively. Not shown in FIG. 1 is additional hardware that may be suitably coupled to operating system 30 and virtual machine monitor 16 (e.g., provided below their logical representations) in the form of memory management units (MMU), symmetric multiprocessing (SMP) elements, physical memory, Ethernet, small computer system interface (SCSI)/integrated drive electronics (IDE) elements, etc.


In example embodiments, system 10 wraps each application or suite of applications within a virtual machine in order to protect data associated with the application from accidental and deliberate leakage. For purposes of illustrating the techniques of system 10, it is important to understand the activities occurring within a given network. The following foundational information may be viewed as a basis from which the present disclosure may be properly explained. Such information is offered earnestly for purposes of explanation only and, accordingly, should not be construed in any way to limit the broad scope of the present disclosure and its potential applications.


Typical network environments including, among others, local area networks (LANs), wide area networks (WANs), Campus Area Networks (CANs), intranets, and extranets are used by businesses, schools, and other organizations to link multiple personal computers or client devices together, along with servers that allow the client devices to access shared data and applications related to the function of the organization. In addition, these networks are often configured to provide internet connections from client devices in the network to the Internet, enabling access to the World Wide Web and possibly other networks. The data maintained by the organizations typically includes varying types and degrees of confidential data, where data such as payroll records and legal documents often requires a high degree of protection, whereas data such as customer sales may require a lesser degree of protection. Network administrators typically configure their networks to allow particular persons (or groups of persons) access to specific applications, depending upon the type and degree of confidential data associated with the applications. For example, persons working within a human resources department would possibly have access to data and applications associated with the human resources department, but not have access to data and applications associated with the legal department. This type of security is typically applied at the operating system level.


Security at the operating system level alone is flawed because it relies on individuals properly controlling the data and applications to avoid accidental and deliberate misuse of confidential data. When multiple applications are running on an operating system, it is possible to share data between them using the operating system clipboard, a file system, and the like (e.g., using copy and paste functions, save, move, send to, import and export type functions, etc.). Thus, an authorized user accessing legal department data could mistakenly (or deliberately) share a confidential legal file or data with another user who is not authorized to access such information. This could be accomplished, for example, by using copy and paste functions between the legal application and another application to store the confidential data in an unprotected memory space to which unauthorized users in the organization have access. In another example, a user could email a message from the legal application containing confidential data that was copied into the message, or included as an attachment, to an unauthorized user. In addition, temporary files may also be at risk for leaking confidential data as they are normally available within the operating system. If an application terminates before all temporary files are deleted, then those remaining temporary files could be accessed by a savvy user, or by malicious third party software. Temporary files could contain confidential data from an application being run by an authorized user, or other information that was downloaded, such as, for example, details of a user's bank account. Such temporary files are at risk of exposure because they are often not protected.


Data leakage problems can also occur when authorized users access their organization's network from an unsecured or less secure environment. For example, users often take their laptops home or otherwise outside the corporate environment and remotely logon to their organization's network. Such networks typically have a firewall, which is a device or set of devices configured to control computer traffic sent to/from the network. Firewalls are usually designed to block unauthorized access, while permitting authorized communications based upon a set of rules and other criteria. Even with appropriate firewall protections, data leakage can occur, for example, if an authorized user accesses the network from a less secure (remote) location and begins retrieving confidential data. The confidential data may travel from the firewall-protected network to the user's computer through various communication paths and networking devices such as telephone lines, cable modems, fiber optic cables, satellites, microwaves, routers, gateways, switches, etc. Furthermore, the user's computer may no longer be protected by a firewall when it is remotely accessing the organization's network, thereby exposing the user's computer to various forms of malware, which could put the confidential data at risk.


A system for preventing data loss as outlined by FIG. 1 can resolve many of these issues. In accordance with one example implementation, an application is provided to encapsulate or wrap each application or suite of applications used in a network within a virtual machine. Access to and from each virtual machine can be controlled by an associated firewall (i.e., security) policy, or any other suitable security safeguard. Confidential data, as potentially defined by the associated firewall policy, may be contained within the virtual machine wrapped application such that copy and paste buffers and temporary files would not be accessible through the main operating system underlying the virtual machine. In addition, the virtual machine wrap provides an additional layer of security on top of the operating system, which could prevent direct access to the memory where the confidential data is stored. The associated firewall policy may be evaluated to determine whether the virtual machine wrapped application is allowed to share data (e.g., using copy and paste buffers, save, move, send to, and import/export type functions, email, etc.). For example, a first virtual machine wrapped application may be allowed to share confidential data with a second virtual machine wrapped application, but not with a third virtual machine wrapped application and not with a fourth application, which may not have a virtual machine wrap. Thus, system 10 can provide focused, specific security around each application or suite of applications to control access by users and other virtual machines. Such a system could allow for any application running on the main operating system or running on an operating system of a specific device, such as an end user's client device, to be wrapped within a virtual machine. Also, system 10 could automatically generate and maintain, or a network administrator could configure and maintain, master image 38 representing particular versions (e.g., the most current version) of software, so that each virtual machine wrapped application could be updated as needed.


Generally, virtual machines can be implemented to run complete operating systems and their associated applications (system virtual machines), or to run a single application or suite of applications (process virtual machines). Virtual machines can be implemented as Type 1, running below the host operating system directly on the hardware or as Type 2, running on top of a host operating system. Both system and process virtual machines can have some type of virtualization software that manages virtual machines and any guest operating systems. As used herein in this Specification, the term ‘virtual machine monitor’ is meant to include hypervisors, or other software or objects that can operate to manage one or more virtual machines and allow desired policy administration as detailed below.


Note that in computing, an executable (file) can cause a computer to perform indicated tasks according to encoded instructions, as opposed to a file that only contains data. Files that contain instructions for an interpreter or virtual machine may be considered ‘executables’ or ‘binaries’ in contrast to program source code. The more generic term ‘object’ (as used herein in this Specification) is meant to include any such executables, binaries, kernel modules, etc., which are sought to be invoked, initiated, or otherwise executed.


Turning to the infrastructure of FIG. 1, virtual machine monitor 16 can be implemented to manage multiple applications that are each wrapped separately by a virtual machine 12, 14, 24, and 26. In one example implementation, virtual machine monitor 16 can be thought of as virtualization software running on top of main operating system 30, with the plurality of virtual machines 12, 14, 24, and 26 also running on top of existing operating system 30. Based on the particular environment or according to specific user needs, however, virtual machine monitor 16 could be implemented as a hypervisor to run on bare hardware with each virtual machine 12, 14, 24, and 26 running its own operating system. Virtual machine monitor 16 can be part of a server, a firewall, or more generically, a computer. In addition, it is within the broad teachings of this disclosure that virtual machine monitor 16, including policy administration module 20 and master image 38, may be located in a central base of the network (e.g., IT headquarters), for direct access by a network administrator to configure and maintain the system. In one example embodiment shown in FIG. 1, there is a human resources application 28 wrapped in virtual machine 12, a customer sales application 32 wrapped in virtual machine 14, an application suite 40 having multiple applications wrapped in virtual machine 24, and an Adobe® application 44 wrapped in virtual machine 26. Application suite 40 may include, for example, bundled software applications such as Microsoft® Word, Excel®, and PowerPoint®.


In this example embodiment, a user with appropriate authority such as a network administrator is provided with an interface to manage the complete setup of virtual machines 12, 14, 24, and 26 and associated firewall policy modules 34a, 34b, 34c, and 34d. This management can include configurations of the virtual machine monitor and the virtual machines, creation, deletion, modification, shutdown, updating, and startup of the virtual machines, etc. The interface may allow the network administrator to initially configure and maintain master image 38 comprising entries that correspond to particular versions of the applications within the network. Alternatively, system 10 may automatically generate and update master image 38. Through policy administration module 20, the network administrator can select desired specific criteria for the policies to be applied to each virtual machine 12, 14, 24, and 26, through respective firewall policy modules 34a, 34b, 34c, and 34d. The policies can be tailored to meet particular desired security for data depending upon, for example, the confidentiality of the data accessible through the virtual machine wrapped application, the particular users seeking access to the data, particular job titles, particular department types, particular timestamps of information, particular locations in which a request for data access originates, particular days and times of days a request for data access originates, specifically configured permissions, etc. Once virtual machines 12, 14, 24, and 26 are configured with associated firewall policy modules 34a, 34b, 34c, and 34d, the virtual machines can be deployed to targeted computers, such as an end user's client device, a server, or any other device configured to host the virtual machine wrapped applications, which can be made accessible to authorized users. Policy administration module 20 is also configured to allow the network administrator to maintain virtual machines 12, 14, 24, and 26 and to update or change the security policies on firewall policy modules 34a, 34b, 34c, and 34d, as needed.


A first level of security associated with system 10 can relate to authentication. Authentication determines whether a user is authorized to access the network and within the network, which particular applications or data the user is allowed to access. Although authentication is typically applied at the operating system level, at least a portion of the authentication process may also be applied through firewall policy modules 34a, 34b, 34c, and 34d. Once an authorized user is granted access to an application within virtual machine 12, 14, 24, or 26, the associated firewall policy module 34a, 34b, 34c, or 34d may restrict what the user can do within the application. In one example embodiment, a policy may be applied to firewall policy module 34a for human resources virtual machine 12, preventing an authorized user from transmitting (e.g., copying, pasting, moving, sending, exporting, emailing, etc.) confidential data, such as employee salary data, from human resources virtual machine 12 to another application or user, such as, for example, application suite virtual machine 24. Alternatively, if the user has a higher approved level of authorization, then the policy may be tailored to allow data transmission with data tracking. In this situation, when the user is allowed to transmit confidential data from human resources application virtual machine 12 to another application or user, the transmitted confidential data may be recorded in a data log stored in a memory element. As used herein in this Specification, the terms ‘transmit’ and ‘transmission’ are meant to encompass any operations associated with copying, cutting, pasting, saving, moving, sending, importing, exporting, emailing, or otherwise manipulating data.


Another form of policy that may be used within firewall policy modules 34a, 34b, 34c, and 34d, includes policies related to the environment from which a user requests access to particular applications. For example, if a user requests access to human resources virtual machine 12 from a client device (e.g., a laptop, etc.) when the user is physically located within the network's secure environment, then firewall policy module 34a can perform a check to determine if the user is within a secure environment and allow access accordingly. However, if the user is out of the office, such as on a commuter train, and is therefore outside of the network's secure environment, then because of the confidential nature of the information within human resources virtual machine 12, the policies of firewall policy module 34a may be configured to prohibit the user from accessing the human resources application within virtual machine 12. Thus, the protocol can prevent the user from potentially leaking data when the user is in a less secure environment. The scope of this disclosure is intended to encompass any type or combination of firewall policies desired by a particular organization for controlling data leakage from one or more of its applications within its network. Such policies include, but are not limited to, policies restricting data movement between particular applications, policies restricting application access depending upon the user's environment, policies restricting application access depending upon the time of day or particular days access is requested, and policies restricting data movement from particular applications to particular individuals or groups of individuals.


Turning to FIG. 2, FIG. 2 is a simplified block diagram illustrating one implementation of a data loss prevention system 50 using virtual machine wrapped applications in accordance with the present disclosure. In this example implementation, a network of an organization, such as a corporation or other business entity, is provided with a machine 60 being logically connected to a central human resources system 52, a central intellectual property store 54, and a mail server 56, which can be part of the organization's network infrastructure. It should be noted that the term “machine” is interchangeable with the term “computer.” Machine 60 includes applications in a common operating environment 72 (e.g., an operating system). These applications include a mail client 64 connected to mail server 56 for sending and receiving email communications that are not associated or linked to data or applications secured within the virtual environment. Machine 60 also includes a virtual machine 66 for accessing central intellectual property store 54. Virtual machine 66 includes a firewall policy module 68 and a mail client 70 for sending and receiving emails from virtual machine 66. A secure mail proxy 58 connects mail client 70 in virtual machine 66 to mail server 56 on the network. Machine 60 may also be configured with a USB drive 62.


In the implementation shown in FIG. 2, machine 60 may be operated by a user who is the head of research of the organization. System 50 may require authentication that the user is authorized to use machine 60 to access various resources within the network. Such an authentication could be performed by the operating system, where a unique user ID and password are validated. Once the user is properly authenticated, he/she may be allowed to access certain resources within the organization. For example, as the head of research, the user may be allowed to access central intellectual property store 54, but not central human resources system 52, as exemplified by the dashed lines connecting machine 60 to central human resources system 52 in FIG. 2. In an alternate embodiment, the user may be allowed to access central human resources system 52 for particular confidential data only, such as data corresponding to employees in the Research Department who report to the user. Allowing or blocking access to a particular resource or application may be accomplished through the operating system using the authentication mechanism described above. However, it is within the broad teachings of this disclosure to configure the system to perform authentication for access to a particular virtual machine wrapped application within its associated firewall policy module. Specifically a policy may be applied to a firewall policy module having selected criteria that is evaluated to determine whether the user is allowed to access the specific virtual machine wrapped application. If authorized, the user may access central intellectual property store 54 through virtual machine 66. Firewall policy module 68 associated with virtual machine 66 may be configured with a policy having selected criteria to control data transmissions from central intellectual property store 54. For example, the selected criteria may allow the user to access confidential data within central intellectual property store 54, but not allow the data to be copied and pasted, moved, exported, emailed or otherwise transmitted to another application. In the alternate embodiment described above, in which the user is given limited access to central human resources system 52, the selected criteria in the policy of associated firewall policy module 68 could only allow confidential data related to particular employees to be accessed by the user. The selected criteria may or may not allow the user to transmit the accessible data to other applications. As previously noted herein, it is within the broad teachings of this disclosure that the selected criteria can be configured to allow data transmission to certain applications and to prohibit data transmission to other applications.


In the particular example implementation shown in FIG. 2, the user is allowed access to email from within virtual machine 66. In this situation, any email being sent from virtual machine 66 is transmitted to secure mail proxy 58, before being sent to mail server 56. In secure mail proxy 58, the email may be screened for any confidential data protected by that particular application. Thus, the selected criteria of firewall policy module 68 would be applied to the content, attachments, and routing of the email. It is also within the broad teaching of this disclosure that a log be kept for recording entries corresponding to data that is allowed to be sent from secure mail proxy 58, thus allowing the organization to track particular data that is shared between applications and users in the organization. Finally, USB drive 62 is accessible to common operating environment 72 of machine 60, where firewall policy module 68 may include a policy with selected criteria that prevents virtual machine 66 from communicating with the USB port. This prevents users from copying protected data to a flash drive on USB drive 62, and it also protects the virtual machine wrapped application from communicating with any software application introduced to machine 60 through USB drive 62. This virtualization of individual applications with an associated firewall policy module is particularly useful for protecting data from infected software introduced to machine 60 through USB drive 62. The user of virtual machine 66 could, therefore, be limited to specific tasks within the virtual machine wrapped application in order to reduce the ability of obfuscating, or compromising confidential data.


Turning to FIG. 3, FIG. 3 is a simplified flowchart 100 illustrating a number of example steps associated with one implementation of a data loss prevention system. The flow may begin at step 110, where a request to access restricted data is received. At step 120, the query is answered as to whether the request to access restricted data is allowed. If the request to access restricted data is not authorized, then the flow moves to step 122 where the request is denied. If the request to access restricted data is authorized, the flow moves to step 124 where a query is made as to whether the central base is available for a master image check. If the central base is not available, the flow moves to step 126 where access will depend on the criteria of the policy, where the criteria was previously selected by the network administrator. For example, if the data is highly confidential, then the selected criteria might require the virtual machine to be disabled from operation until the central base is available for a master image check. However, if the data has a lesser degree of confidentiality, then the selected criteria may allow access to the virtual machine even without the central base checking the master image. If the central base is available for a master image check in step 124, the flow moves to step 130 where a query is made as to whether the client has an approved (i.e., a current version) virtual machine. This check is performed by searching the master image 38 to determine if the software is current, including, but not limited to, the application, the virtual machine, and the firewall policy module. If the client does not have an approved virtual machine, the flow passes to step 140 where the virtual machine is downloaded or updated to contain the correct software and the flow passes back to the query in step 130. If the client does have an approved virtual machine as queried in step 130, the flow passes to step 150 to allow access to the virtual machine. In the situation where the central base is not available for a master image check at step 124 but the selected criteria nevertheless allows access to the restricted data, then the next time the central base is available for a master image check during a request to access restricted data, the virtual machine wrapped application will be updated at step 140 if it is not current. In accordance with the teachings in this disclosure, as detailed above, the user's ability to transmit data may be restricted within the virtual machine depending upon the selected criteria in the policies of the particular firewall policy module associated with the virtual machine.


Software for configuring and maintaining the virtual machine wrapped applications and associated firewall policy modules can be provided at various locations (e.g., the central base or IT headquarters). In other embodiments, this software could be received or downloaded from a web server (e.g., in the context of purchasing individual end-user licenses for separate networks, devices, virtual machines, servers, etc.) in order to provide this system for preventing data loss using virtual machine wrapped applications. Software for controlling data transmission from within virtual machine wrapped applications in a network can also be provided at various locations (e.g., within firewall policy modules 34a, 34b, 34c, and 34d) once the virtual machine wrapped applications and associated firewall policy modules have been initially configured. In one example implementation, this software is resident in a computer sought to be protected from a security attack (or protected from unwanted, or unauthorized manipulations of data). In a more detailed configuration, this software is specifically resident in a security layer of a virtual machine and provides an interface between the virtual machine and the underlying operating system and between the virtual machine and other virtual machines within the system, which also may include (or otherwise interface with) the components depicted by FIG. 1.


In other examples, the data loss prevention software could involve a proprietary element (e.g., as part of a network security authentication solution), which could be provided in (or be proximate to) these identified elements, or be provided in any other device, server, network appliance, console, firewall, switch, information technology (IT) device, etc., or be provided as a complementary solution (e.g., in conjunction with a firewall), or provisioned somewhere in the network. As used herein in this Specification, the term ‘computer’ is meant to encompass these possible elements (VMMs, hypervisors, Xen devices, virtual machines or other devices, network appliances, routers, switches, gateways, processors, servers, loadbalancers, firewalls, or any other suitable device, machine, component, element, or object) operable to affect or process electronic information in a security environment. Moreover, this computer may include any suitable hardware, software, components, modules, interfaces, or objects that facilitate the operations thereof. This may be inclusive of appropriate algorithms and communication protocols that allow for the effective protection of data. In addition, the data loss prevention system can be consolidated in any suitable manner. Along similar design alternatives, any of the illustrated modules and components of FIGS. 1 and 2 may be combined in various possible configurations, all of which are clearly within the broad scope of this Specification.


In certain example implementations, the data loss prevention system outlined herein may be implemented by logic encoded in one or more tangible media (e.g., embedded logic provided in an application specific integrated circuit (ASIC), digital signal processor (DSP) instructions, software (potentially inclusive of object code and source code) to be executed by a processor, or other similar machine, etc.). In some of these instances, a memory element (as shown in FIG. 1) can store data used for the operations described herein. This includes the memory element being able to store software, logic, code, or processor instructions that are executed to carry out the activities described in this Specification. A processor can execute any type of instructions associated with the data to achieve the operations detailed herein in this Specification. In one example, the processor (as shown in FIG. 1) could transform an element or an article (e.g., data) from one state or thing to another state or thing. In another example, the activities outlined herein may be implemented with fixed logic or programmable logic (e.g., software/computer instructions executed by a processor) and the elements identified herein could be some type of a programmable processor, programmable digital logic (e.g., a field programmable gate array (FPGA), an erasable programmable read only memory (EPROM), an electrically erasable programmable read only memory (EEPROM)) or an ASIC that includes digital logic, software, code, electronic instructions, or any suitable combination thereof.


Any of these elements (e.g., a computer, a server, a network appliance, a firewall, a virtual machine monitor, any other type of virtual element, etc.) can include memory elements for storing information to be used in achieving the data loss prevention system operations as outlined herein. Additionally, each of these devices may include a processor that can execute software or an algorithm to perform the data loss prevention activities as discussed in this Specification. These devices may further keep information in any suitable memory element (random access memory (RAM), ROM, EPROM, EEPROM, ASIC, etc.), software, hardware, or in any other suitable component, device, element, or object where appropriate and based on particular needs. Any of the memory items discussed herein (e.g., data log, master image, etc.) should be construed as being encompassed within the broad term ‘memory element.’ Similarly, any of the potential processing elements, modules, and machines described in this Specification should be construed as being encompassed within the broad term ‘processor.’ Each of the computers, network appliances, virtual elements, etc. can also include suitable interfaces for receiving, transmitting, and/or otherwise communicating data or information in a secure environment.



FIG. 4 is a simplified flowchart 200 illustrating a number of example steps associated with another implementation of a data loss prevention system in which the application is a browser. In this particular example, an online institution asks users seeking access to the online institution to use the browser wrapped by a virtual machine. The flow may begin at step 210, where a user contacts an online institution, such as, for example, an online bank. In step 220, a query is made as to whether the user is using a virtual machine browser. If a virtual machine browser is being used, the flow passes to step 240. However, if it is determined that the user is not using a virtual machine browser, the flow passes to step 230 where a virtual machine browser is downloaded to the user, and flow then passes to 240. In step 240 a query is made to determine whether the virtual machine browser is current. If it is current, the flow passes to step 260. However, if the virtual machine browser is not current, then flow passes to step 250 where the virtual machine browser is updated or downloaded with the most current components. Flow then passes to step 260. In step 260, self-integrity checks are performed and if the user does not pass, then the session ends. However, if the user passes the self-integrity checks in step 260, the flow passes to step 270 and the user is allowed to connect to the online bank through the updated virtual machine wrapped browser.


Note that with the examples provided herein, interaction may be described in terms of two, three, four, or more network elements. However, this has been done for purposes of clarity and example only. In certain cases, it may be easier to describe one or more of the functionalities of a given set of flows by only referencing a limited number of components or network elements. It should be appreciated that the systems of FIGS. 1 and 2 (and their teachings) are readily scalable. System 10 can accommodate a large number of components, as well as more complicated or sophisticated arrangements and configurations. Accordingly, the examples provided should not limit the scope or inhibit the broad teachings of system 10 as potentially applied to a myriad of other architectures.


It is also important to note that the steps described with reference to the preceding FIGURES illustrate only some of the possible scenarios that may be executed by, or within, system 10. Some of these steps may be deleted or removed where appropriate, or these steps may be modified or changed considerably without departing from the scope of the discussed concepts. In addition, the timing of these operations may be altered considerably and still achieve the results taught in this disclosure. The preceding operational flows have been offered for purposes of example and discussion. Substantial flexibility is provided by system 10 in that any suitable arrangements, chronologies, configurations, and timing mechanisms may be provided without departing from the teachings of the discussed concepts.

Claims
  • 1. A method, comprising: receiving a request from a host operating system outside a virtual machine for access to a data from a browser within the virtual machine;evaluating a criterion of a policy to determine whether to permit the access to the data, wherein the evaluating is performed in response to a determination that a master image is not available, the master image corresponding to a version of the virtual machine;downloading the browser, in response to a determination that the browser is not being used;comparing the browser to the master image to determine if the browser is current;updating the browser if the browser is determined, based on the master image, to not be current, wherein the browser is part of an application suite wrapped in the virtual machine; andcreating a buffer for manipulating the data within the virtual machine, based on the criterion of the policy, wherein the buffer cannot be accessed by the host operating system.
  • 2. The method of claim 1, further comprising: updating the policy through an administration module included in a virtual machine monitor to modify the criterion.
  • 3. The method of claim 1, wherein the policy includes a criterion permitting an attempt to transmit the data to another application.
  • 4. The method of claim 1, wherein a criterion of the policy permits a transmission of the data to a client device if the client device is requesting the access to the browser from within a secured network environment, and prohibits the transmission of the data to the client device if the client device is requesting the access to the browser from an unsecured network environment.
  • 5. The method of claim 1, further comprising: creating a log for recording an entry corresponding to data transmitted from the virtual machine.
  • 6. The method of claim 1, further comprising: sending an email message from a mail client within a virtual machine to a secure mail proxy; andextracting data from the email message if a criterion of the policy indicates that a recipient of the email message is not authorized to receive the extracted data.
  • 7. One or more non-transitory computer readable storage media that include codes for execution that, when executed by a processor, are operable to perform operations comprising: receiving a request from a host operating system outside a virtual machine for access to a data from a browser within the virtual machine;evaluating a criterion of a policy to determine whether to permit the access to the data, wherein the evaluating is performed in response to a determination that a master image is not available, the master image corresponding to a version of the virtual machine;downloading the browser, in response to a determination that the browser is not being used;comparing the browser to the master image to determine if the browser is current;updating the browser if the browser is determined, based on the master image, to not be current, wherein the browser is part of an application suite wrapped in the virtual machine; andcreating a buffer for manipulating the data within the virtual machine, based on the criterion of the policy, wherein the buffer cannot be accessed by the host operating system.
  • 8. The media of claim 7, the operations further comprising: updating the policy through an administration module included in a virtual machine monitor to modify the criterion.
  • 9. The media of claim 7, wherein the policy includes a criterion permitting an attempt to transmit the data to another application.
  • 10. The media of claim 7, wherein a criterion of the policy permits a transmission of the data to a client device if the client device is requesting the access to the browser from within a secured network environment, and prohibits the transmission of the data to the client device if the client device is requesting the access to the browser from an unsecured network environment.
  • 11. An apparatus, comprising: a memory element; anda processor that executes instructions associated with the memory element, wherein the apparatus is configured for receiving a request from a host operating system outside a virtual machine for access to a data from at least one browser within the virtual machine;evaluating, in response to a determination that a master image is not available, a criterion of a policy to determine whether to permit the access to the data, the master image corresponding to a version of the virtual machine;downloading the at least one browser, in response to a determination that the at least one browser is not being used;comparing the at least one browser to the master image to determine if the at least one browser is current;updating the at least one browser if the at least one browser is determined, based on the master image, to not be current, wherein the at least one browser is part of an application suite wrapped in the virtual machine; andcreating a buffer for manipulating the data within the virtual machine, based on the criterion of the policy, wherein the buffer cannot be accessed by the host operating system.
  • 12. The apparatus of claim 11, wherein the policy includes a criterion permitting an attempt to transmit the data to another application.
  • 13. The apparatus of claim 11, wherein a criterion of the policy permits a transmission of the data to a client device if the client device is requesting the access to the at least one browser from within a secured network environment, and prohibits the transmission of the data to the client device if the client device is requesting the access to the at least one browser from an unsecured network environment.
  • 14. The apparatus of claim 11, wherein the buffer is within the virtual machine.
  • 15. The apparatus of claim 11, wherein the processor is configured to send an email message from a mail client within a virtual machine to a secure mail proxy; andextract data from the email message if a criterion of the policy indicates that a recipient of the email message is not authorized to receive the extracted data.
  • 16. The media of claim 7, wherein the policy is configured in the virtual machine before the virtual machine is deployed.
  • 17. The media of claim 7, wherein if a client has the version of the virtual machine, access to the virtual machine is allowed.
US Referenced Citations (239)
Number Name Date Kind
4688169 Joshi Aug 1987 A
4982430 Frezza et al. Jan 1991 A
5155847 Kirouac et al. Oct 1992 A
5222134 Waite et al. Jun 1993 A
5390314 Swanson Feb 1995 A
5521849 Adelson et al. May 1996 A
5560008 Johnson et al. Sep 1996 A
5699513 Feigen et al. Dec 1997 A
5778226 Adams et al. Jul 1998 A
5778349 Okonogi Jul 1998 A
5787427 Benantar et al. Jul 1998 A
5842017 Hookway et al. Nov 1998 A
5907709 Cantey et al. May 1999 A
5907860 Garibay et al. May 1999 A
5926832 Wing et al. Jul 1999 A
5974149 Leppek Oct 1999 A
5987610 Franczek et al. Nov 1999 A
5987611 Freund Nov 1999 A
5991881 Conklin et al. Nov 1999 A
6064815 Hohensee et al. May 2000 A
6073142 Geiger et al. Jun 2000 A
6141698 Krishnan et al. Oct 2000 A
6192401 Modiri et al. Feb 2001 B1
6192475 Wallace Feb 2001 B1
6256773 Bowman-Amuah Jul 2001 B1
6275938 Bond et al. Aug 2001 B1
6321267 Donaldson Nov 2001 B1
6338149 Ciccone, Jr. et al. Jan 2002 B1
6356957 Sanchez, II et al. Mar 2002 B2
6393465 Leeds May 2002 B2
6433794 Beadle Aug 2002 B1
6442686 McArdle et al. Aug 2002 B1
6449040 Fujita Sep 2002 B1
6453468 D'Souza Sep 2002 B1
6460050 Pace et al. Oct 2002 B1
6587877 Douglis et al. Jul 2003 B1
6611925 Spear Aug 2003 B1
6662219 Nishanov et al. Dec 2003 B1
6748534 Gryaznov et al. Jun 2004 B1
6769008 Kumar et al. Jul 2004 B1
6769115 Oldman Jul 2004 B1
6795966 Lim et al. Sep 2004 B1
6832227 Seki et al. Dec 2004 B2
6834301 Hanchett Dec 2004 B1
6847993 Novaes et al. Jan 2005 B1
6907600 Neiger et al. Jun 2005 B2
6918110 Hundt et al. Jul 2005 B2
6930985 Rathi et al. Aug 2005 B1
6934755 Saulpaugh et al. Aug 2005 B1
6988101 Ham et al. Jan 2006 B2
6988124 Douceur et al. Jan 2006 B2
7007302 Jagger et al. Feb 2006 B1
7010796 Strom et al. Mar 2006 B1
7024548 O'Toole, Jr. Apr 2006 B1
7039949 Cartmell et al. May 2006 B2
7065767 Kambhammettu et al. Jun 2006 B2
7069330 McArdle et al. Jun 2006 B1
7082456 Mani-Meitav et al. Jul 2006 B2
7093239 van der Made Aug 2006 B1
7124409 Davis et al. Oct 2006 B2
7139916 Billingsley et al. Nov 2006 B2
7152148 Williams et al. Dec 2006 B2
7159036 Hinchliffe et al. Jan 2007 B2
7177267 Oliver et al. Feb 2007 B2
7203864 Goin et al. Apr 2007 B2
7251655 Kaler et al. Jul 2007 B2
7290266 Gladstone et al. Oct 2007 B2
7302558 Campbell et al. Nov 2007 B2
7330849 Gerasoulis et al. Feb 2008 B2
7346781 Cowie et al. Mar 2008 B2
7349931 Horne Mar 2008 B2
7350204 Lambert et al. Mar 2008 B2
7353501 Tang et al. Apr 2008 B2
7363022 Whelan et al. Apr 2008 B2
7370360 van der Made May 2008 B2
7406517 Hunt et al. Jul 2008 B2
7441265 Staamann et al. Oct 2008 B2
7464408 Shah et al. Dec 2008 B1
7506155 Stewart et al. Mar 2009 B1
7506170 Finnegan Mar 2009 B2
7506364 Vayman Mar 2009 B2
7546333 Alon et al. Jun 2009 B2
7546594 McGuire et al. Jun 2009 B2
7552479 Conover et al. Jun 2009 B1
7577995 Chebolu et al. Aug 2009 B2
7607170 Chesla Oct 2009 B2
7657599 Smith Feb 2010 B2
7669195 Qumei Feb 2010 B1
7685635 Vega et al. Mar 2010 B2
7698744 Fanton et al. Apr 2010 B2
7703090 Napier et al. Apr 2010 B2
7757269 Roy-Chowdhury et al. Jul 2010 B1
7765538 Zweifel et al. Jul 2010 B2
7809704 Surendran et al. Oct 2010 B2
7818377 Whitney et al. Oct 2010 B2
7823148 Deshpande et al. Oct 2010 B2
7836504 Ray et al. Nov 2010 B2
7849507 Bloch et al. Dec 2010 B1
7856661 Sebes et al. Dec 2010 B1
7865931 Stone et al. Jan 2011 B1
7870387 Bhargava et al. Jan 2011 B1
7895573 Bhargava et al. Feb 2011 B1
7908653 Brickell et al. Mar 2011 B2
7937455 Saha et al. May 2011 B2
7966659 Wilkinson et al. Jun 2011 B1
7996836 McCorkendale et al. Aug 2011 B1
8015388 Rihan et al. Sep 2011 B1
8015563 Araujo et al. Sep 2011 B2
8234713 Roy-Chowdhury et al. Jul 2012 B2
8307437 Sebes et al. Nov 2012 B2
8321932 Bhargava et al. Nov 2012 B2
8341627 Mohinder Dec 2012 B2
8381284 Dang et al. Feb 2013 B2
20020056076 van der Made May 2002 A1
20020069367 Tindal et al. Jun 2002 A1
20020083175 Afek et al. Jun 2002 A1
20020099671 Mastin et al. Jul 2002 A1
20030014667 Kolichtchak Jan 2003 A1
20030023736 Abkemeier Jan 2003 A1
20030033510 Dice Feb 2003 A1
20030073894 Chiang et al. Apr 2003 A1
20030074552 Olkin et al. Apr 2003 A1
20030093508 Li May 2003 A1
20030115222 Oashi et al. Jun 2003 A1
20030120601 Ouye et al. Jun 2003 A1
20030120811 Hanson et al. Jun 2003 A1
20030120935 Teal et al. Jun 2003 A1
20030139975 Perkowski Jul 2003 A1
20030145232 Poletto et al. Jul 2003 A1
20030163718 Johnson et al. Aug 2003 A1
20030167292 Ross Sep 2003 A1
20030167399 Audebert et al. Sep 2003 A1
20030200332 Gupta et al. Oct 2003 A1
20030212902 van der Made Nov 2003 A1
20030220944 Schottland et al. Nov 2003 A1
20030221190 Deshpande et al. Nov 2003 A1
20040003258 Billingsley et al. Jan 2004 A1
20040015554 Wilson Jan 2004 A1
20040051736 Daniell Mar 2004 A1
20040054928 Hall Mar 2004 A1
20040143749 Tajali et al. Jul 2004 A1
20040167906 Smith et al. Aug 2004 A1
20040230963 Rothman et al. Nov 2004 A1
20040243678 Smith Dec 2004 A1
20040255161 Cavanaugh Dec 2004 A1
20050018651 Yan et al. Jan 2005 A1
20050086047 Uchimoto et al. Apr 2005 A1
20050108516 Balzer et al. May 2005 A1
20050108562 Khazan et al. May 2005 A1
20050114672 Duncan et al. May 2005 A1
20050132346 Tsantilis Jun 2005 A1
20050228990 Kato et al. Oct 2005 A1
20050235360 Pearson Oct 2005 A1
20050257207 Blumfield et al. Nov 2005 A1
20050257265 Cook et al. Nov 2005 A1
20050260996 Groenendaal Nov 2005 A1
20050262558 Usov Nov 2005 A1
20050273858 Zadok et al. Dec 2005 A1
20050283823 Okajo et al. Dec 2005 A1
20050289538 Black-Ziegelbein et al. Dec 2005 A1
20060004875 Baron et al. Jan 2006 A1
20060015501 Sanamrad et al. Jan 2006 A1
20060021029 Brickell Jan 2006 A1
20060037016 Saha et al. Feb 2006 A1
20060080656 Cain et al. Apr 2006 A1
20060085785 Garrett Apr 2006 A1
20060101277 Meenan et al. May 2006 A1
20060133223 Nakamura et al. Jun 2006 A1
20060136910 Brickell et al. Jun 2006 A1
20060136911 Robinson et al. Jun 2006 A1
20060195906 Jin et al. Aug 2006 A1
20060200863 Ray et al. Sep 2006 A1
20060230314 Sanjar et al. Oct 2006 A1
20060236398 Trakic et al. Oct 2006 A1
20060259734 Sheu et al. Nov 2006 A1
20070011746 Malpani et al. Jan 2007 A1
20070028303 Brennan Feb 2007 A1
20070039049 Kupferman et al. Feb 2007 A1
20070050579 Hall et al. Mar 2007 A1
20070050764 Traut Mar 2007 A1
20070074199 Schoenberg Mar 2007 A1
20070083522 Nord et al. Apr 2007 A1
20070101435 Konanka et al. May 2007 A1
20070136579 Levy Jun 2007 A1
20070143851 Nicodemus et al. Jun 2007 A1
20070169079 Keller et al. Jul 2007 A1
20070192329 Croft et al. Aug 2007 A1
20070220061 Tirosh et al. Sep 2007 A1
20070220507 Back et al. Sep 2007 A1
20070253430 Minami et al. Nov 2007 A1
20070256138 Gadea et al. Nov 2007 A1
20070271561 Winner et al. Nov 2007 A1
20070300215 Bardsley Dec 2007 A1
20080005737 Saha et al. Jan 2008 A1
20080005798 Ross Jan 2008 A1
20080010304 Vempala et al. Jan 2008 A1
20080022384 Yee et al. Jan 2008 A1
20080034416 Kumar et al. Feb 2008 A1
20080052468 Speirs et al. Feb 2008 A1
20080082977 Araujo et al. Apr 2008 A1
20080120499 Zimmer et al. May 2008 A1
20080141371 Bradicich et al. Jun 2008 A1
20080163207 Reumann et al. Jul 2008 A1
20080163210 Bowman et al. Jul 2008 A1
20080165952 Smith et al. Jul 2008 A1
20080184373 Traut et al. Jul 2008 A1
20080235534 Schunter et al. Sep 2008 A1
20080294703 Craft et al. Nov 2008 A1
20080301770 Kinder Dec 2008 A1
20090007100 Field et al. Jan 2009 A1
20090038017 Durham et al. Feb 2009 A1
20090043993 Ford et al. Feb 2009 A1
20090055693 Budko et al. Feb 2009 A1
20090113110 Chen et al. Apr 2009 A1
20090144300 Chatley et al. Jun 2009 A1
20090150639 Ohata Jun 2009 A1
20090249053 Zimmer et al. Oct 2009 A1
20090249438 Litvin et al. Oct 2009 A1
20100071035 Budko et al. Mar 2010 A1
20100100970 Chowdhury et al. Apr 2010 A1
20100114825 Siddegowda May 2010 A1
20100250895 Adams et al. Sep 2010 A1
20100281083 Purtell et al. Nov 2010 A1
20100281133 Brendel Nov 2010 A1
20100293225 Sebes et al. Nov 2010 A1
20100332910 Ali et al. Dec 2010 A1
20110029772 Fanton et al. Feb 2011 A1
20110035423 Kobayashi et al. Feb 2011 A1
20110047543 Mohinder Feb 2011 A1
20110078550 Nabutovsky Mar 2011 A1
20110138461 Bhargava et al. Jun 2011 A1
20120030731 Bhargava et al. Feb 2012 A1
20120030750 Bhargava et al. Feb 2012 A1
20120278853 Chowdhury et al. Nov 2012 A1
20130024934 Sebes et al. Jan 2013 A1
20130091318 Bhattacharjee et al. Apr 2013 A1
20130097355 Dang et al. Apr 2013 A1
20130097356 Dang et al. Apr 2013 A1
20130117823 Dang et al. May 2013 A1
Foreign Referenced Citations (11)
Number Date Country
101399835 Apr 2009 CN
1 482 394 Dec 2004 EP
2 037 657 Mar 2009 EP
WO 9844404 Oct 1998 WO
WO 0184285 Nov 2001 WO
WO 2006012197 Feb 2006 WO
WO 2006124832 Nov 2006 WO
WO 2008054997 May 2008 WO
WO 2011059877 May 2011 WO
WO 2012015485 Feb 2012 WO
WO 2012015489 Feb 2012 WO
Non-Patent Literature Citations (58)
Entry
Derek Bem et al., “Computer Forensic Analysis in a Virtual Environment,” International Journal of Digital Evidence, Fall 2007, vol. 6, Issue 2, pp. 1-13.
Wesley Emeneker et al., “Dynamic Virtual Clustering,” 2007 IEEE International Conference on Cluster Computing, pp. 84-90.
U.S. Appl. No. 12/946,081, entitled “Method and System for Containment of Usage of Language Interfaces,” filed Nov. 15, Inventor(s) Rosen Sharma, et al. (SCOR-00700-DIV2).
U.S. Appl. No. 12/636,414, entitled “System and Method for Managing Virtual Machine Configurations,” filed Dec. 11, 2009, Inventor(s): Harvinder Singh Sawhney, et al.
Kurt Gutzmann, “Access Control and Session Management in the HTTP Environment,” Jan./Feb. 2001, pp. 26-35, IEEE Internet Computing.
U.S. Appl. No. 11/379,953, entitled “Software Modification by Group to Minimize Breakage,” filed Apr. 24, 2006, Inventor(s): E. John Sebes et al.
U.S. Appl. No. 11/277,596, entitled “Execution Environment File Inventory,” filed Mar. 27, 2006, Inventor(s): Rishi Bhargava et al.
U.S. Appl. No. 10/651,591, entitled “Method and System for Containment of Networked Application Client Software by Explicit Human Input,” filed Aug. 29, 2003, Inventor(s): Rosen Sharma et al.
U.S. Appl. No. 10/806,578, entitled Containment of Network communication, filed Mar. 22, 2004, Inventor(s): E. John Sebes et al.
U.S. Appl. No. 10/739,230, entitled “Method and System for Containment of Usage of Language Interfaces,” filed Dec. 17, 2003, Inventor(s): Rosen Sharma et al.
U.S. Appl. No. 10/935,772, entitled “Solidifying the Executable Software Set of a Computer,” filed Sep. 7, 2004, Inventor(s): E. John Sebes et al.
U.S. Appl. No. 11/060,683, entitled “Distribution and Installation of Solidified Software on a Computer,” Filed Feb. 16, 2005, Inventor(s): Bakul Shah et al.
U.S. Appl. No. 11/122,872, entitled “Piracy Prevention Using Unique Module Translation,” filed May 4, 2005, Inventor(s): E. John Sebes et al.
U.S. Appl. No. 11/346,741, entitled “Enforcing Alignment of Approved Changes and Deployed Changes in the Software Change Life-Cycle,” filed Feb. 2, 2006, Inventor(s): Rahul Roy-Chowdhury et al.
U.S. Appl. No. 11/182,320, entitled “Classification of Software on Networked Systems,” filed Jul. 14, 2005, Inventor(s): E. John Sebes et al.
U.S. Appl. No. 11/400,085, entitled “Program-Based Authorization,” filed Apr. 7, 2006, Inventor(s): Rishi Bhargava et al.
U.S. Appl. No. 11/437,317, entitled “Connectivity-Based Authorization,” filed May 18, 2006, Inventor(s): E. John Sebes et al.
U.S. Appl. No. 12/290,380, entitled “Application Change Control,” filed Oct. 29, 2008, Inventor(s): Rosen Sharma et al.
U.S. Appl. No. 12/008,274, entitled Method and Apparatus for Process Enforced Configuration Management, filed Jan. 9, 2008, Inventor(s): Rishi Bhargava et al.
U.S. Appl. No. 12/291,232, entitled “Method of and System for Computer System State Checks,” filed Nov. 7, 2008, inventor(s): Rishi Bhargava et al.
U.S. Appl. No. 12/322,220, entitled “Method of and System for Malicious Software Detection Using Critical Address Space Protection,” filed Jan. 29, 2009, Inventor(s): Suman Saraf et al.
U.S. Appl. No. 12/322,321, entitled “Method of and System for Computer System Denial-of-Service Protection,” filed Jan. 29, 2009, Inventor(s): Suman Saraf et al.
U.S. Appl. No. 12/426,859, entitled “Method of and System for Reverse Mapping Vnode Pointers,” filed Apr. 20, 2009, Inventor(s): Suman Saraf et al.
U.S. Appl. No. 12/545,609, entitled “System and Method for Enforcing Security Policies in a Virtual Environment,” filed Aug. 21, 2009, Inventor(s): Amit Dang et al.
U.S. Appl. No. 12/545,745, entitled “System and Method for Providing Address Protection in a Virtual Environment,” filed Aug. 21, 2009, Inventor(s): Preet Mohinder.
Eli M. Dow, et al., “The Xen Hypervisor,” INFORMIT, dated Apr. 10, 2008, http://www.informit.com/articles/printerfriendly.aspx?p=1187966, printed Aug. 11, 2009 (13 pages).
“Xen Architecture Overview,” Xen, dated Feb. 13, 2008, Version 1.2, http://wiki.xensource.com/xenwiki/XenArchitecture?action=AttachFile&do=get&target=Xen+archit ecture—Q1+2008.pdf, printed Aug. 18, 2009 (9 pages).
U.S. Appl. No. 12/551,673, entitled “Piracy Prevention Using Unique Module Translation,” filed Sep. 1, 2009, Inventor(s): E. John Sebes et al.
“Desktop Management and Control,” Website: http://www.vmware.com/solutions/desktop/, Retrieved and printed Oct. 12, 2009, 1 page.
“Secure Mobile Computing,” Website: http://www.vmware.com/solutions/desktop/mobile.html, Retrieved and printed Oct. 12, 2009, 2 pages.
Check Point Software Technologies Ltd.: “ZoneAlarm Security Software User Guide Version 9”, Aug. 24, 2009, XP002634548, 259 pages, retrieved from Internet: URL:http://download.zonealarm.com/bin/media/pdf/zaclient91—user—manual.pdf.
IA-32 Intel® Architecture Software Developer's Manual, vol. 3B; Jun. 2006; pp. 13, 15, 22 and 145-146.
Notification of Transmittal of the International Search Report and the Written Opinion of the International Searching Authority, or the Declaration (1 page), International Search Report (6 pages), and Written Opinion of the International Searching Authority (10 pages) for International Application No. PCT/US2011/020677 mailed Jul. 22, 2011.
Notification of Transmittal of the International Search Report and Written Opinion of the International Searching Authority, or the Declaration (1 page), International Search Report (3 pages), and Written Opinion of the International Search Authority (6 pages) for International Application No. PCT/US2011/024869 mailed Jul. 14, 2011.
Sailer et al., sHype: Secure Hypervisor Approach to Trusted Virtualized Systems, IBM research Report, Feb. 2, 2005, 13 pages.
U.S. Application U.S. Appl. No. 13/558,181, entitled “Method and Apparatus for Process Enforced Configuration Management,” filed Jul. 25, 2012, Inventor(s) Rishi Bhargava et al. (SCOR-01601- DIV1).
U.S. Appl. No. 13/558,227, entitled “Method and Apparatus for Process Enforced Configuration Management,” filed Jul. 25, 2012, Inventor(s) Rishi Bhargava et al. (SCOR-01601-DIV2).
U.S. Appl. No. 13/558,277, entitled “Method and Apparatus for Process Enforced Configuration Management,” filed Jul. 25, 2012, Inventor(s) Rishi Bhargava et al. (SCOR-01601-DIV3).
Office Action received for Chinese Patent Application No. 201080051085.6, mailed on Jun. 18, 2014, 9 pages of Chinese Office Action and 13 pages of English Translation.
Second Office Action received for Chinese Patent Application No. 201080051085.6, mailed on Nov. 15, 2014, 12 pages of English translation.
Communication in EP Application No. 10 777 195.8-1870, mailed on Aug. 19, 2016, 3 pages.
U.S. Appl. No. 12/844,892, entitled “System and Method for Protecting Computer Networks Against Malicious Software,” filed Jul. 28, 2010, Inventor(s) Rishi Bhargava, et al.
U.S. Appl. No. 12/844,964, entitled “System and Method for Network Level Protection Against Malicious Software,” filed Jul. 28, 2010, Inventor(s) Rishi Bhargava, et al.
U.S. Appl. No. 12/880,125, entitled “System and Method for Clustering Host Inventories,” filed Sep. 12, 2010, Inventor(s) Rishi Bhargava, et al.
U.S. Appl. No. 12/944,567, entitled “Classification of Software on Networked Systems,” filed Nov. 11, 2010, Inventor(s) E. John Sebes, et al. (SCOR-01200-DIV).
U.S. Appl. No. 12/903,993, entitled “Method and System for Containment of Usage of Language Interfaces,” filed Oct. 13, 2010, Inventor(s) Rosen Sharma, et al. (SCOR-00700-DIV).
U.S. Appl. No. 12/946,081, entitled “Method and System for Containment of Usage of Language Interfaces,” filed Nov. 15, Inventor(s) Rosen Sharma, et al. (SCOR-00700- DIV2).
U.S. Appl. No. 12/946,344, entitled “Method and System for Containment of Usage of Language Interfaces,” filed Nov. 15, 2010, Inventor(s) Rosen Sharma, et al. (SCOR-00700-DIV3).
U.S. Appl. No. 13/022,148, entitled “Execution Environment File Inventory,” filed Feb. 7, 2011, Inventor(s) Rishi Bhargava, et al. (SCOR-00300-CON).
U.S. Appl. No. 13/012,138, entitled “System and Method for Selectively Grouping and Managing Program Files,” filed Jan. 24, 2011, Inventor(s) Rishi Bhargava, et al.
U.S. Appl. No. 12/975,745, entitled “Program-Based Authorization,” filed Dec. 22, 2010, Inventor(s) Rishi Bhargava, et al. (SCOR-01300-CON).
U.S. Appl. No. 12/976,159, entitled “Solidifying the Executable Software Set of a Computer,” filed Dec. 22, 2010, Inventor E. John Sebes (SCOR-00800-CON).
Gaurav et al., “Countering Code-Injection Attacks with Instruction-Set Randomization,” Oct. 27-31, 2003, ACM, pp. 272-280.
Barrantes et al., “Randomized Instruction Set Emulation to Dispurt Binary Code Injection Attacks,” Oct. 27-31, 2003, ACM, pp. 281-289.
U.S. Appl. No. 13/037,988, entitled “System and Method for Botnet Detection by Comprehensive Email Behavioral Analysis,” filed Mar. 1, 2011, Inventor(s) Sven Krasser, et al.
Notification of Transmittal of the International Search Report and the Written Opinion of the International Searching Authority (1 page), International Search Report (4 pages), and Written Opinion (3 pages), mailed Mar. 2, 2011, International Application No. PCT/US2010/055520.
Tal Garfinkel, et al., “Terra: A Virtual Machine-Based Platform for Trusted Computing,” XP-002340992, SOSP'03, Oct. 19-22, 2003, 14 pages.
Notification of International Preliminary Report on Patentability and Written Opinion mailed May 24, 2012 for International Application No. PCT/US2010/055520, 5 pages.
Related Publications (1)
Number Date Country
20110113467 A1 May 2011 US