Patent application number | Description | Published |
20090122988 | METHOD AND APPARATUS FOR SECURELY REGISTERING HARDWARE AND/OR SOFTWARE COMPONENTS IN A COMPUTER SYSTEM - A system that securely registers components in a first system is presented. During operation, the first system receives a request from an intermediary system to obtain configuration information related to the components in the first system. In response to the request, the first system: (1) encrypts configuration information for the first system using a first encryption key; (2) encrypts the first encryption key using a second encryption key; and (3) sends the encrypted configuration information and the encrypted first encryption key to the intermediary system so that the intermediary system can forward the encrypted configuration information and the encrypted first encryption key to the second system, whereby the encrypted configuration information is cryptographically opaque to the intermediary system. Next, the second system uses the configuration information to register the components in the first system. | 05-14-2009 |
20090125715 | METHOD AND APPARATUS FOR REMOTELY AUTHENTICATING A COMMAND - A system that remotely authenticates a command is presented. During operation, an authentication system receives the command from an intermediary system, wherein the command is to be executed on a target system. Next, the authentication system authenticates the intermediary system. If the intermediary system is successfully authenticated, the authentication system authenticates the command using a private key for the authentication system to produce an authenticated command. Next, the authentication system sends the authenticated command to the intermediary system, thereby enabling the intermediary system to send the authenticated command to the target system so that the target system can use a public key for the authentication system to verify and execute the command. | 05-14-2009 |
20090313446 | METHOD AND SYSTEM FOR CROSS-DOMAIN DATA SHARING - A method for sharing data between a first domain and a second domain, including issuing a first request for data from a storage pool by the first domain, receiving the first request by a control domain driver in a control domain, obtaining the data by the control domain driver, storing a first copy of the data in shared memory at a first physical address, updating a hypervisor page map to include an entry associating a first pseudo-physical page number with the first physical address, notifying the first domain that the first request has been completed, issuing a second request for the data by the second domain, receiving the second request by the control domain driver, determining that the first copy of the data is present in the shared memory, and updating the hypervisor page map to include an entry associating the second pseudo-physical page number with the first physical address. | 12-17-2009 |
20100251004 | VIRTUAL MACHINE SNAPSHOTTING AND DAMAGE CONTAINMENT - Some embodiments provide a system that manages the execution of a virtual machine. During operation, the system takes a series of snapshots of the virtual machine during execution of the virtual machine. If an abnormal operation of the virtual machine is detected, the system spawns a set of snapshot instances from one of the series of snapshots, wherein each of the snapshot instances is executed with one of a set of limitations. Next, the system determines a source of the abnormal operation using a snapshot instance from the snapshot instances that does not exhibit the abnormal operation. Finally, the system updates a state of the virtual machine using the snapshot instance. | 09-30-2010 |
20100251238 | FACILITATED INTROSPECTION OF VIRTUALIZED ENVIRONMENTS - Some embodiments provide a system that manages the execution of a software component in a virtualized environment. During operation, the system monitors the execution of the software component from an external location to the virtualized environment. Next, the system assesses an integrity of the software component by comparing the monitored execution to an expected operation of the software component, wherein the expected operation is determined based on source code for the software component. Finally, the system uses the assessed integrity of the software component to facilitate the execution of the software component. | 09-30-2010 |
20110067107 | INTEGRATED INTRUSION DEFLECTION, DETECTION AND INTROSPECTION - Methods and apparatus are provided for integrated deflection, detection and intrusion. Within a single computer system configured for operating system virtualization (e.g., Solaris, OpenSolaris), multiple security functions execute in logically independent zones or containers, under the control and administration of a global zone. Such functions may illustratively include a demilitarized zone (DMZ) and a honeypot. Management is facilitated because all functions work within a single operating system, which promotes the ability to configure, monitor and control each function. Any given zone can be configured with limited resources, a virtual network interface circuit and/or other features. | 03-17-2011 |