Method and system for administration of security services within a virtual execution environment (VEE) infrastructure

US 8,074,276 B1
Filed: 11/03/2006
Issued: 12/06/2011
Est. Priority Date: 04/19/2004
Status: Active Grant

- Alert
- Pin

First Claim

Patent Images

1. A system for managing administration of security services comprising:

a computer system having a processor and a memory;

an operating system running on the processor and using the memory;

a plurality of Virtual Execution Environments (VEEs) running under the operating system of the computer system, wherein the VEEs have private control data sets reflecting security settings of VEE remote users and provide services to a plurality of the remote users;

at least one designated VEE operationally coupled to other VEEs of the plurality of the VEEs, wherein the designated VEE uses the private control data sets of each of the VEEs to provide security services to other VEEs; and

control means within each designated VEE operationally coupled to control panels of the other VEEs for providing administration of the security services to each of the other VEEs.

View all claims

11 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A system and method for managing administration of security services provided to users includes a computer system and an operating system running on the computer system. A plurality of Virtual Execution Environments (VEEs) are executed on the computer system. The VEEs can be any of a Virtual Private Server, a Virtual Machine, a Hypervisor-based Virtual Machine, and a Lightweight Hypervisor-based Virtual Machine, a session of Terminal Server and a session of Presentation Server, Lightweight Hypervisor-based Virtual Machines, VMM-based VMs or hypervisor-based VMs. Each VEE provides a set of services to remote users. One or more designated VEE(s) provide security services to each of the VEEs based on the needs of the remote users of the particular VEEs. The security services provided by the designated VEE can be firewall services, spam filtering and anti-virus protection. The security services are controlled and administered by each of the VEEs requesting a particular service via control means of the designated VEE(s).

40 Citations

View as Search Results

20 Claims

1. A system for managing administration of security services comprising:
- a computer system having a processor and a memory;
  
  an operating system running on the processor and using the memory;
  
  a plurality of Virtual Execution Environments (VEEs) running under the operating system of the computer system, wherein the VEEs have private control data sets reflecting security settings of VEE remote users and provide services to a plurality of the remote users;
  
  at least one designated VEE operationally coupled to other VEEs of the plurality of the VEEs, wherein the designated VEE uses the private control data sets of each of the VEEs to provide security services to other VEEs; and
  
  control means within each designated VEE operationally coupled to control panels of the other VEEs for providing administration of the security services to each of the other VEEs.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein each VEE is any of a Virtual Private Server, a Virtual Machine, a Hypervisor-based Virtual Machine, and a Lightweight Hypervisor-based Virtual Machine.
  - 3. The system of claim 1, wherein each designated VEE provides security services to a plurality of VEEs running on a cluster of computer systems.
  - 4. The system of claim 1, wherein the security services include firewall services.
  - 5. The system of claim 4, wherein the firewall services include any of:
    - intrusion detection;
      
      alarms;
      
      authentication based on user-specific parameters;
      
      authentication based on VEE-specific parameters;
      
      authentication based on a combination of the user-specific parameters and the VEE-specific parameters; and
      
      detection of denial-of-service attack.
  - 6. The system of claim 1, wherein the security services include spam filtering.
  - 7. The system of claim 6, wherein the spam filtering includes any of:
    - filtering content based on user-specific parameters only;
      
      filtering content based on VEE-specific parameters only; and
      
      filtering content based on a combination of the user-specific parameters and the VEE-specific parameters.
  - 8. The system of claim 1, wherein the security services include anti-virus protection.
  - 9. The system of claim 8, wherein anti-virus protection includes any of:
    - detection of known viruses based on matching a virus template from an individual VEE'"'"'s file system;
      
      detection of viruses based on bit pattern analysis;
      
      detection of viruses based on recognition of decryption routines;
      
      detection of viruses based on file extensions;
      
      detection of viruses based on recognition of dummy loops; and
      
      detection of viruses based on hash values calculated from a potential virus code.
  - 10. The system of claim 1, wherein the control panels provide selection of the security services based on the private control data sets of each VEE;
    - andwherein the private control data sets comprise rules and policies specific to each remote user of each VEE.

11. A method for managing administration of security services comprising:
- launching a plurality of Virtual Execution Environments (VEEs) on a computer system;
  
  designating at least one of the plurality of the VEEs for providing security services to other VEEs of the plurality of the VEEs;
  
  controlling deployment of the security services by each designated VEE, wherein each designated VEE is operationally coupled to each of the other VEEs using private control data sets specific to each of the other VEEs,wherein the private control data sets reflect security settings of VEE users; and
  
  using control means within each designated VEE operationally coupled to control panels of the other VEEs for providing administration of the security services to each of the other VEEs.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11, wherein each designated VEE provides security services to the plurality of VEEs running on a plurality of computer systems.
  - 13. The method of claim 11, wherein the security services include firewall services.
  - 14. The method of claim 13, wherein the firewall services include any of:
    - intrusion detection;
      
      alarms;
      
      authentication based on user-specific parameters;
      
      authentication based on VEE-specific parameters;
      
      authentication based on a combination of the user-specific parameters and the VEE-specific parameters; and
      
      detection of denial-of-service attack.
  - 15. The method of claim 11, wherein the security services include spam filtering.
  - 16. The method of claim 15, wherein the spam filtering includes any of:
    - filtering content based on user-specific parameters only;
      
      filtering content based on VEE-specific parameters only; and
      
      filtering content based on a combination of the user-specificparameters and the VEE-specific parameters.
  - 17. The method of claim 11, wherein the security services include anti-virus protection.
  - 18. The method of claim 17, wherein anti-virus protection includes any of:
    - detection of known viruses based on matching a virus template from an individual VEE'"'"'s file system;
      
      detection of viruses based on bit pattern analysis;
      
      detection of viruses based on recognition of decryption routines;
      
      detection of viruses based on file extensions;
      
      detection of viruses based on recognition of dummy loop; and
      
      detection of viruses based on hash values calculated from a potential virus code.
  - 19. The method of claim 11, wherein the private control data sets comprise rules and policies specific to each remote user of the VEEs.

20. A non-transitory computer useable medium having computer program logic stored thereon for executing on a processor for managing administration of security services, the computer program logic comprising:
- computer program code means for launching a plurality of Virtual Execution Environments (VEEs) on a computer system;
  
  computer program code means for designating at least one of the plurality of the VEEs for providing security services to other VEEs of the plurality of the VEEs;
  
  computer program code means for controlling deployment of the security services in each designated VEE, each designated VEE being operationally coupled to each of the plurality of VEEs using private control data sets specific to each VEE; and
  
  computer program code means for using control means within each designated VEE operationally coupled to control panels of the other VEEs for providing administration of the security services to each of the other VEEs.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
MidCap Financial Trust, Virtuozzo International GmbH
Original Assignee
Parallels Holdings Limited (HNA Technology Co. Ltd.)
Inventors
Beloussov, Serguei M., Protassov, Stanislav S., Tormasov, Alexander G.
Primary Examiner(s)
Davis, Zachary A

Application Number

US11/556,233
Time in Patent Office

1,859 Days
Field of Search

726/24, 726/22, 726/23, 726/25, 726/1, 726/11, 726 27- 29, 713/187, 713/188, 718/1
US Class Current

726/22
CPC Class Codes

G06F 21/56   Computer malware detection ...

H04L 41/28   Restricting access to netwo...

H04L 63/20   for managing network securi...

Method and system for administration of security services within a virtual execution environment (VEE) infrastructure

First Claim

11 Assignments

Litigations

0 Petitions

Accused Products

Abstract

40 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for administration of security services within a virtual execution environment (VEE) infrastructure

First Claim

11 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links