Methods and apparatus to provide network traffic support and physical security support

US 7,496,961 B2
Filed: 10/15/2003
Issued: 02/24/2009
Est. Priority Date: 10/15/2003
Status: Active Grant

First Claim

Patent Images

1. A method to provide network traffic support and physical security support comprising:

initializing a plurality of virtual machines, wherein each of the plurality of virtual machines operates like a complete physical machine that can run its own operating system;

initializing a virtual machine monitor in a processor system during a pre-boot phase, wherein the virtual machine monitor is configured to manage the operation of the plurality of virtual machines;

identifying at least one of a network traffic intrusion event and a physical security intrusion event with the virtual machine monitor,wherein identifying the network traffic intrusion event includes;

detecting an incoming network packet;

determining whether the incoming network packet is attempting to access a restricted port;

discarding the network packet if the network packet is attempting to access a restricted port;

performing packet level virus scanning on the network packet to determine if the network packet is associated with a virus;

discarding the network packet if the network packet if the network packet is associated with a virus;

determining whether the incoming network packet is a denial of service attack;

discarding the incoming network packet if the incoming network packet is a denial of service attack;

determining whether the incoming network packet is an alert standard format packet; and

invoking a system manageability agent and performing a task if the incoming network packet is an alert standard format packet; and

wherein identifying the physical security intrusion event includes;

detecting a physical intrusion;

determining whether a user has authorization to initiate the physical intrusion;

determining which components of the processor system are vulnerable to the physical intrusion; and

disabling the components of the processor system that are vulnerable to the physical intrusion if the user does not have authorization to initiate the physical intrusion.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus to provide network traffic support and physical security support are described herein. In an example method, a virtual machine monitor (VMM) in a processor system is initialized. At least one of a network traffic intrusion event and a physical security intrusion event is identified by the VMM. At least one of a network traffic support and a physical security support is implemented in response to at least one of the network traffic intrusion event and the physical security intrusion event.

319 Citations

11 Claims

1. A method to provide network traffic support and physical security support comprising:
- initializing a plurality of virtual machines, wherein each of the plurality of virtual machines operates like a complete physical machine that can run its own operating system;
  
  initializing a virtual machine monitor in a processor system during a pre-boot phase, wherein the virtual machine monitor is configured to manage the operation of the plurality of virtual machines;
  
  identifying at least one of a network traffic intrusion event and a physical security intrusion event with the virtual machine monitor,wherein identifying the network traffic intrusion event includes;
  
  detecting an incoming network packet;
  
  determining whether the incoming network packet is attempting to access a restricted port;
  
  discarding the network packet if the network packet is attempting to access a restricted port;
  
  performing packet level virus scanning on the network packet to determine if the network packet is associated with a virus;
  
  discarding the network packet if the network packet if the network packet is associated with a virus;
  
  determining whether the incoming network packet is a denial of service attack;
  
  discarding the incoming network packet if the incoming network packet is a denial of service attack;
  
  determining whether the incoming network packet is an alert standard format packet; and
  
  invoking a system manageability agent and performing a task if the incoming network packet is an alert standard format packet; and
  
  wherein identifying the physical security intrusion event includes;
  
  detecting a physical intrusion;
  
  determining whether a user has authorization to initiate the physical intrusion;
  
  determining which components of the processor system are vulnerable to the physical intrusion; and
  
  disabling the components of the processor system that are vulnerable to the physical intrusion if the user does not have authorization to initiate the physical intrusion.
- View Dependent Claims (2, 3, 4)
- - 2. A method as defined in claim 1, wherein detecting a physical intrusion comprises detecting opening of a chassis of the processor system via a chassis intrusion switch.
  - 3. A method as defined in claim 1, wherein disabling the components of the processor system that are vulnerable to the physical intrusion if the user does not have authorization to initiate the physical intrusion comprises disabling the processor system in response to identifying the physical security intrusion event.
  - 4. A method as defined in claim 1, wherein the processor system is associated with at least one of a private internal network or the Internet.

5. A machine readable medium storing instructions, which when executed, cause a machine to:
- initialize a plurality of virtual machines, wherein each of the plurality of virtual machines operates like a complete physical machine that can run its own operating system;
  
  initialize a virtual machine monitor in a processor system during a pre-boot phase, wherein the virtual machine monitor is configured to manage the operation of the plurality of virtual machines;
  
  identify at least one of a network traffic intrusion event and a physical security intrusion event with the VMM virtual machine monitor,wherein the instructions cause the machine to identify the at least one of the network traffic intrusion event within the virtual machine monitor by;
  
  detecting an incoming network packet;
  
  determining whether the incoming network packet is attempting to access a restricted port;
  
  discarding the network packet if the network packet is attempting to access a restricted port;
  
  performing packet level virus scanning on the network packet to determine if the network packet is associated with a virus;
  
  discarding the network packet if the network packet if the network packet is associated with a virus;
  
  determining whether the incoming network packet is a denial of service attack;
  
  discarding the incoming network packet if the incoming network packet is a denial of service attack;
  
  determining whether the incoming network packet is an alert standard format packet; and
  
  invoking a system manageability agent and performing a task if the incoming network packet is an alert standard format packet; and
  
  wherein the instructions cause the machine to identify the at least one of the physical security intrusion event within the virtual machine monitor by;
  
  detecting a physical intrusion;
  
  determining whether a user has authorization to initiate the physical intrusion;
  
  determining which components of the processor system are vulnerable to the physical intrusion; and
  
  disabling the components of the processor system that are vulnerable to the physical intrusion if the user does not have authorization to initiate the physical intrusion.
- View Dependent Claims (6, 7, 8)
- - 6. A machine readable medium as defined in claim 5, wherein the instructions cause the machine to identify the physical security intrusion event within the virtual machine monitor by detecting opening of a chassis of the processor system via a chassis intrusion switch.
  - 7. A machine readable medium as defined in claim 5, wherein the processor system is associated with at least one of a private internal network and the Internet.
  - 8. A machine readable medium as defined in claim 5, wherein the machine readable medium comprises one of a programmable gate array, application specific integrated circuit, erasable programmable read only memory, read only memory, random access memory, magnetic media, and optical media.

9. An apparatus to provide network traffic support and physical security support comprising:
- a machine readable medium configured to store firmware of a processor system;
  
  a plurality of virtual machines initialized from the firmware during a pre-boot phase to operate like a complete physical machine that can run its own operating system;
  
  a virtual machine monitor initialized from the firmware during a pre-boot phase to identify at least one of a network traffic intrusion event and a physical security intrusion event,wherein the identifying the network traffic intrusion event includes;
  
  detecting an incoming network packet;
  
  determining whether the incoming network packet is attempting to access a restricted port;
  
  discarding the network packet if the network packet is attempting to access a restricted port;
  
  performing packet level virus scanning on the network packet to determine if the network packet is associated with a virus;
  
  discarding the network packet if the network packet if the network packet is associated with a virus;
  
  determining whether the incoming network packet is a denial of service attack;
  
  discarding the incoming network packet if the incoming network packet is a denial of service attack;
  
  determining whether the incoming network packet is an alert standard format packet;
  
  and invoking a system manageability agent and performing a task if the incoming network packet is an alert standard format packet; and
  
  wherein identifying the physical security intrusion event includes;
  
  detecting a physical intrusion;
  
  determining whether a user has authorization to initiate the physical intrusion;
  
  determining which components of the processor system are vulnerable to the physical intrusion; and
  
  disabling the components of the processor system that are vulnerable to the physical intrusion if the user does not have authorization to initiate the physical intrusion.
- View Dependent Claims (10, 11)
- - 10. An apparatus as defined in claim 9, wherein the physical security intrusion event comprises opening a chassis of the processor system.
  - 11. An apparatus as defined in claim 9, wherein the machine readable medium comprises a flash memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Zimmer, Vincent J., Rothman, Michael A.
Primary Examiner(s)
Vu; Kimyen
Assistant Examiner(s)
Moran; Randal D

Application Number

US10/685,882
Publication Number

US 20050086523A1
Time in Patent Office

1,959 Days
Field of Search

726/23, 726/25, 726/34
US Class Current

726/23
CPC Class Codes

G06F 21/554   involving event detection a...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

Methods and apparatus to provide network traffic support and physical security support

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

319 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus to provide network traffic support and physical security support

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

319 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links