As a result , resources are often used without despite vulnerabili result, resources are often used without despite vulnerabili- ties ( even if an administrator or developer is capable of ties (even if an administrator or developer is capable of performing a thorough analysis ) due to the computational performing a thorough analysis) due to the computational and cognitive load associated with appropriately processing and cognitive load associated with appropriately processing surfaced vulnerabilities .

3A is a flowchart of an example of a process [0015] FIG. 3A is a flowchart of an example of a process executed by a plugin of a integrated development environ executed by a plugin of a integrated development environ- ment to annotate code specifying container images with ment to annotate code specifying container images with alerts relating to potential security vulnerabilities in accor alerts relating to potential security vulnerabilities in accor- dance with some embodiments of the present techniques ; dance with some embodiments of the present techniques; [ 0016 ] FIG .

[ 0029 ] Moreover , the various scanning engines available [0029] Moreover, the various scanning engines available today do not quantify a degree to which the disparate today do not quantify a degree to which the disparate potential vulnerabilities they detect pose a threat in a given , potential vulnerabilities they detect pose a threat in a given, and often highly complex , execution environment of dis and often highly complex, execution environment of dis- tributed applications .

Further, some embodiments are extensible in virtue of a unified application program interface ( API ) , so virtue of a unified application program interface (API), so other scanning results can be engaged as they become other scanning results can be engaged as they become available without undertaking expensive and cumbersome available without undertaking expensive and cumbersome rewrites of substantial portions of the code of some embodi rewrites of substantial portions of the code of some embodi- ments .

[ 0045 ] Each of the above described distributed applica [0045] Each of the above described distributed applica- tions , services , microservices , and components thereof may tions, services, microservices, and components thereof may be instantiated by way of one or more containers , or con be instantiated by way of one or more containers, or con- tainer images , which virtualize at the operating - system - level tainer images, which virtualize at the operating-system-level and are executed to perform their respective functions .

The purpose of this reference guide is to help you familiarize yourself with the logical structure of N_\ gligfj\ f] k_‘j i\]\i\eZ\ ^l‘[\ ‘j kf _\cg pfl ]Xd‘c‘Xi‘q\ pflij\c] n‘k_ k_\ cf^‘ZXc jkilZkli\ f] the VMware VirtualCenter Web Service, the datatypes present in vma .

dXeX^\ PGnXi\ gif[lZkj i\dfk\cp) Interoperability — VMware uses the SOAP and WSDL (Web Services Description Language) Cek\ifg\iXY‘c‘kp s PGnXi\ lj\j k_\ MI;J Xe[ QM>F #Q\Y M\im‘Z\j >\jZi‘gk‘fe FXe^lX^\$ standards, so developers can program in their favorite environment, such as Java or jkXe[Xi[j’ jf [\m\cfg\ij ZXe gif^iXd ‘e k_\‘i ]Xmfi‘k\ \em‘ifed\ek’ jlZ_ Xj DXmX fi Microsoft° Visual Studio° .NET.

► HostInfo HostInfo uuid uuid hostnanie hostname port port system system migrationEnabled migrationEnabled datastore[[ datastore[ ] network[ network[ ] configLimits _ configLimits userConfig[ userConfig[ ] nnigrationInfo migrationInfo ► Systeminfo SystemInfo name name type type version version build build LNetvvorkInl o NetworkInfo key key device device ♦ ConfigLimits ConfigLimits maxAudio maxAudio maxFloppy maxFloppy maxNet maxNet maxParallel maxParallel inaxSerial maxSerial maxUSBController maxUSBController ideLimits ideLimits scsiLimits scsiLimits guestOS guestOS vmLimit vmLimit ► Property Property key key va I val MigrationInf o MigrationInfo network network ip ip gateway gateway subnet subnet ► Hardware Hardware cpu[] cpu[ ] memory memory HostState HostState status status detail detail connected connected bootTime bootTime eventCollector eventCollector —0.

Virtual Machine Virtual Machine guestlnfo guestInfo state state info info hardwar hardware path path GuestNetworkAdapter GuestNetworkAdapter key key network network ipAddress ipAddress pp msgWaiting msgWaiting msg msg id id choice choice defaultChoicelndex defaultChoiceIndex VirtualMachineTools VirtualMachineTools toolsVersion toolsVersion afterPoweron afterPoweron afterResume afterResume beforeSuspend beforeSuspend beforePowerOff beforePowerOff Guestlnfo GuestInfo hostname hostname ipAddress ipAddress net net toolsStatus toolsStatus toolsMounted toolsMounted heartbeatSampleInterval heartbeatSampleInterval heartbeatsExpected heartbeatsExpected heartbeatsReceived heartbeatsReceived config config VirtualMachineState VirtualMachineState host host bootTime bootTime status status detail detail migrating migrating connected connected eventCollector eventCollector msgWaiting msgWaiting VirtualMachinelnfo VirtualMachineInfo uuid uuid name name guestOS guestOS file crgVersion cfgVersion hwVersion hwVersion redoLogLocation redoLogLocation suspendDirectory suspendDirectory disableAcceleration disableAcceleration enableLogging enableLogging autostart autostart autostartCompleteAfter autostartCompleteAfter autostartCompleteWhenToolsStarted autostartCompleteWhenToolsStarted autostop autostop autostopCompleteAfter autostopCompleteAfter tools tools customPropertyDef customPropertyDef config[ config[ ] customProperty[ }- customProperty[ ] Property -4 Property key key val val VirtualHardware VirtualHardware …..

k_Xk ile Xk [‘]]\i\ek \m\ekj #jkXk\ Z_Xe^\j$ ‘e k_\ m‘iklXc dXZ_‘e\ c‘]\ ZpZc\) VirtualCPUlnfo VirtualCPUInfo count count controls controls VirtualMemorylnfo VirtualMemoryInfo sizeMb sizeMb controls controls VirtualNetworklnfo VirtualNetworkInfo adapter[] adapter[ ] controls _ controls VirtualDisklnfo VirtualDiskInfo key key name name dataLocator dataLocator controllerType controllerType controllerld controllerId deviceNumber deviceNumber adapterType adapterType diskType diskType mode mode writethru writethru legacy legacy removable removable hostDev hostDev exclusive exclusive raw raw GenericDevicel nfo GenericDeviceInfo key key name name type type removable removable property[] property[ ] ► DiskControls_ DiskControls shares shares VirtualHardware VirtualHardware cpu cpu memory memory net net disk — disk floppy[ floppy[ ] cdll cd[ ] device[ device[ ] --o-VirtualDisk VirtualDisk diskInfoll — diskInfo[ ] controls controls CPUControls CPUControls min min max max shares shares affinity affinity htsharing htsharing MemoryControls MemoryControls min min max max shares shares affinity affinity LVirtualNetworkAdapter VirtualNetworkAdapter key key name name emulation emulation mode mode device device network network addressType addressType address address features features NetworkControls NetworkControls shapingEnabled shapingEnabled averageRate averageRate peakRate peakRate burstSize burstSize DiskType DiskType diskKind diskKind diskDevicelnfo diskDeviceInfo diskFilelnfo diskFileInfo RemovableDeviceInfo RemovableDeviceInfo startConnected startConnected allowGuestControls allowGuestControls DiskDeviceInfo DiskDeviceInfo accessType accessType start start size size partitionType partitionType DiskFilelnfo DiskFileInfo size size flat flat monolithic monolithic (-

Inventors: Mayank Rawat, Sunnyvale, CA (US); Ritesh Shukla , Saratoga , CA ( US ) ; Li Ritesh Shukla, Saratoga, CA (US); Li Ding , Cupertino , CA ( US ) ; Serge Ding, Cupertino, CA (US); Serge Pashenkov , Los Altos , CA ( US ) ; Pashenkov, Los Altos, CA (US); Raveesh Ahuja , San Jose , CA ( US ) Raveesh Ahuja, San Jose, CA (US) ( 73 ) Assignee : VMware , Inc .

Although these solutions have reduced the storage server - class , hardware platform 102 , and includes one or server-class, hardware platform 102, and includes one or Although these solutions have reduced the storage requirements of snapshots , further enhancements are needed more central processing units ( CPUs ) 103 , system memory more central processing units (CPUs) 103, system memory requirements of snapshots, further enhancements are needed 104 , one or more network interface controllers ( NICs ) 105 , for effective deployment in cloud computing environments 104, one or more network interface controllers (NICs) 105, for effective deployment in cloud computing environments where the number of VMs and snapshots that are managed and one or more host bus adapters ( HBAs ) 106 .

1 is a block diagram of a virtualized host computer hardware platform for VM 112 , supports the installation of hardware platform for VM 1121 supports the installation of FIG. 1 is a block diagram of a virtualized host computer system that implements a snapshot module according to 40 a guest OS 116 which is capable of executing applications 40 a guest OS 116 which is capable of executing applications system that implements a snapshot module according to 118 within VM 112 , .

4B depicts a flow diagram of method steps that are runs as an isolated process in user space on the host FIG. 4B depicts a flow diagram of method steps that are operating system and shares the kernel with other contain carried out in connection with taking snapshots according to operating system and shares the kernel with other contain- carried out in connection with taking snapshots according to an embodiment .

By using OS-less containers, resources can be current running point in the SMDS as the root node of the isolated , services restricted , and processes provisioned to most recent prior snapshot .

100% success in identifying vulnerabilities and exploits, and TRIBUTED COMPUTATIONAL GRAPH ” , filed on Oct. as of yet no such system is deployed for large scale or TRIBUTED COMPUTATIONAL GRAPH", filed on Oct. as of yet no such system is deployed for large scale or 28 , 2015 , the entire specifications of each of which are commercial applications in automated analysis and defense 28, 2015, the entire specifications of each of which are commercial applications in automated analysis and defense incorporated herein by reference .

6 is a method diagram illustrating the use of the case that vulnerabilities and exploits in software are only FIG. 6 is a method diagram illustrating the use of the case that vulnerabilities and exploits in software are only advanced endpoint instrumentation to collect data on end found out and then patched some time after they are taken advanced endpoint instrumentation to collect data on end- found out and then patched some time after they are taken point devices across a network , according to a preferred advantage of , falling out of view of the system developers 10 point devices across a network, according to a preferred advantage of, falling out of view of the system developers aspect .

The following non - limiting summary of the invention is 30 The following non-limiting summary of the invention is provided for clarity , and should be construed consistently The inventor has conceived , and reduced to practice , a The inventor has conceived, and reduced to practice, a provided for clarity, and should be construed consistently with embodiments described in the detailed description system and methods for sandboxed malware analysis and system and methods for sandboxed malware analysis and with embodiments described in the detailed description automated patch development , deployment and validation .

One or more transformational filters, which It is also likely that that during times of heavy reporting from a moderate to large array of sensors , the instantaneous 10 include but a not limited to : mean , median , variance , stan 10 include but a not limited to: mean, median, variance, stan- from a moderate to large array of sensors, the instantaneous dard deviation , standard linear interpolation , or Kalman load of data to be committed will exceed what can be dard deviation, standard linear interpolation, or Kalman load of data to be committed will exceed what can be reliably transferred over a single swimlane .

The embodiment uses a key-value pair data store examples of which are Riak , Redis and Berkeley DB for which is application driven through the use of the Scala / Lift which is application driven through the use of the Scala/Lift examples of which are Riak, Redis and Berkeley DB for their low overhead and speed , although the invention is not development environment and web interaction operation development environment and web interaction operation their low overhead and speed, although the invention is not specifically tied to a single data store type to the exclusion 25 mediated by AWS ELASTIC BEANSTALKTM , both used 25 mediated by AWS ELASTIC BEANSTALKTM, both used specifically tied to a single data store type to the exclusion for standards compliance and ease of development .

[0012] Fora more complete understanding of the con- figurations of the present disclosure, needs satisfied thereby, and the objects, features, and advantages there- of, reference now is made to the following description taken in connection with the accompanying drawings.

In one embodiment, sys- tem 100 may identify that a component has a vulnerability that is of a qualitatively or quantitatively higher or lower priority based upon the degree of malicious behavior available for malware.

In one embodiment, sys- tem 100 may identify that acomponent has a vulnerability that is of a qualitatively or quantitatively higher or lower priority based upon the degree of malicious behavior available for malware.

[0038] In one embodiment, security enterprise manag- er 126 may evaluate multiple vulnerabilities resulting from the file system and provide a ranked list of the vul- nerabilities discovered during scanning.

[0038] Inone embodiment, security enterprise manag- er 126 may evaluate multiple vulnerabilities resulting from the file system and provide a ranked list of the vul- nerabilities discovered during scanning.

Applicant: EMC IP Holding Company LLC, Hopkinton , MA ( US ) Hopkinton, MA (US) Inventors : Philip Derbeko , Modiin ( IL ) ; Shai Inventors: Philip Derbeko, Modiin (IL); Shai Kappel , Bnaya ( IL ) ; Uriya Stern , Kappel, Bnaya (IL); Uriya Stern, Lehavim ( IL ) ; Maya Bakshi , Beer Lehavim (IL); Maya Bakshi, Beer Sheva ( IL ) ; Yaniv Harel , Sheva (IL); Yaniv Harel, Neve - Monosson ( IL ) Neve-Monosson (IL) ( 73 ) Assignee : EMC IP Holding Company LLC , Assignee: EMC IP Holding Company LLC,

Agents inside a pro- tected machine affects the performance of the VM it is 55 attempting to protect though the scanning and checking of all incoming and outgoing bytes, whether it is by network, storage, or web-browsing.

In various embodiments, the current disclosure may enable a user and/or administra- tor to identify suspicious changes to resources without creating more exposure to the possibly malicious code and/or malware.

FIGS. 3A-3C are simplified illustrations of state diagrams of a data storage system protected by a malware detection module, in accordance with an embodiment of the present disclosure.

General The methods and apparatus of this invention may take the form, at least partially, of program code (i.e., instructions) embodied in tangible non-transitory media, such as floppy diskettes, CD-ROMs, hard drives, random access or read only-memory, or any other machine-readable storage medium.

( Continued ) (Continued) Primary Examiner — Mohamed A. Wasel Primary Examiner — Mohamed A. Wasel ( 74 ) Attorney , Agent , or Firm Van Pelt , Yi & James (74) Attorney, Agent, or Firm Van Pelt, Yi & James LLP LLP ( 57 )

Alex Beutel , “ User Behavior Modeling with Large - Scale Graph Alex Beutel, "User Behavior Modeling with Large-Scale Graph Analysis ” , Computer Science Department , Carnegie Mellon Uni Analysis", Computer Science Department, Carnegie Mellon Uni- versity , May 2016 .

Danai Koutra , “ Exploring and Making Sense of Large Graphs ” , Danai Koutra, "Exploring and Making Sense of Large Graphs", Computer Science Department , Carnegie Mellon University , Aug. Computer Science Department, Carnegie Mellon University, Aug. 2015 .

Jai Sundar Balasubramaniyan , Jose Omar Garcia - Fernandez , David Jai Sundar Balasubramaniyan, Jose Omar Garcia-Fernandez, David Isacoff , Eugene Spafford , and Diego Zamboni .

Wathiq Laftah Al - Yaseen , Zulaiha Ali Othman , and Mohd Zakree Wathiq Laftah Al-Yaseen, Zulaiha Ali Othman, and Mohd Zakree Ahmad Nazri .

sics [13, 14, 24, 31, 63]; touchless systems monitoring-sics [13, 14, 24, 31, 63]; touchless systems monitoring- sics [13, 14, 24, 31, 63]; touchless systems monitoring- tracking resource usage, ensuring system health and policy tracking resource usage, ensuring system health and policy tracking resource usage, ensuring system health and policy compliance [32, 67]; kernel integrity and security monitoring-compliance [32, 67]; kernel integrity and security monitoring- compliance [32, 67]; kernel integrity and security monitoring- intrusion detection, anti-malware, firewall and virus scan-intrusion detection, anti-malware, firewall and virus scan- intrusion detection, anti-malware, firewall and virus scan- ning [9, 23, 26-28, 34, 36, 38, 54, 64]; cloud management ning [9, 23, 26-28, 34, 36, 38, 54, 64]; cloud management ning [9, 23, 26–28, 34, 36, 38, 54, 64]; cloud management and infrastructure operations such as VM sizing and mi-and infrastructure operations such as VM sizing and mi- and infrastructure operations such as VM sizing and mi- gration, memory checkpointing and deduplication, device gration, memory checkpointing and deduplication, device gration, memory checkpointing and deduplication, device utilization monitoring, cloud-wide information flow track-utilization monitoring, cloud-wide information flow track- utilization monitoring, cloud-wide information flow track- ing and policy enforcement, cluster patch management, and ing and policy enforcement, cluster patch management, and ing and policy enforcement, cluster patch management, and VM similarity clustering [3, 8, 10, 15, 33, 58, 76].

There are different ways in which VMI gains visibility There are different ways in which VMI gains visibility There are different ways in which VMI gains visibility into the runtime state of a VM, ranging from exposing a into the runtime state of a VM, ranging from exposing a into the runtime state of a VM, ranging from exposing a raw byte-level VM memory view and traversing kernel data raw byte-level VM memory view and traversing kernel data raw byte-level VM memory view and traversing kernel data structures in it [5, 6, 14, 25, 40, 41, 46], to implanting pro- structures in it [5, 6, 14, 25, 40, 41, 46], to implanting pro- structures in it [5, 6, 14, 25, 40, 41, 46], to implanting pro- cesses or drivers into the guest [16, 29].

Therefore, applica- tion developers have different alternatives to choose from tion developers have different alternatives to choose from tion developers have different alternatives to choose from based on their desired levels of latency, frequency, over- based on their desired levels of latency, frequency, over- based on their desired levels of latency, frequency, over- head, liveness, consistency, and intrusiveness, constrained head, liveness, consistency, and intrusiveness, constrained head, liveness, consistency, and intrusiveness, constrained by their workloads, use-cases, resource budget and deploya-by their workloads, use-cases, resource budget and deploya- by their workloads, use-cases, resource budget and deploya- bility flexibility.

Discussion: (i) We do not include live snapshotting in our Discussion: (i) We do not include live snapshotting in our Discussion: (i) We do not include live snapshotting in our quantitative evaluation because of the unavailability of a quantitative evaluation because of the unavailability of a quantitative evaluation because of the unavailability of a standalone implementation (patch or library) for our KVM standalone implementation (patch or library) for our KVM standalone implementation (patch or library) for our KVM testbed, while its qualitative performance measures are bor- testbed, while its qualitative performance measures are bor- testbed, while its qualitative performance measures are bor- rowed from [35].

Another interesting observation is the markedly high im- Another interesting observation is the markedly high im- Another interesting observation is the markedly high im- pact on the disk throughputs with memory dumping, as com- pact on the disk throughputs with memory dumping, as com- pact on the disk throughputs with memory dumping, as com- pared to the CPU intensive benchmark, which moreover pared to the CPU intensive benchmark, which moreover pared to the CPU intensive benchmark, which moreover shows no improvement even when the monitoring frequency shows no improvement even when the monitoring frequency shows no improvement even when the monitoring frequency is reduced from 0.1Hz to 0.01Hz.

, Raleigh , NC ( US ) (71) Applicant: Red Hat, Inc., Raleigh, NC (US) (71) Applicant: Red Hat, Inc., Raleigh, NC (US) ( 72 ) Inventors : Steve Bradford Milner , Tallahassee , (72) (72) Inventors: Steve Bradford Milner, Tallahassee, Inventors: Steve Bradford Milner, Tallahassee, FL ( US ) ; James Robert Bowes , FL (US); James Robert Bowes, FL (US); James Robert Bowes, Remote , OR ( US ) Remote, OR (US) Remote, OR (US) ( 73 ) Assignee : Red Hat , Inc .

Seth Kelby Vidal , “ Systems and Methods for Restoring Machine Seth Kelby Vidal, "Systems and Methods for Restoring Machine State History Related to Detected Faults in Package Update Pro State History Related to Detected Faults in Package Update Pro- cess " , U .

Seth Kelby Vidal , “ Systems and Methods for Generating Exportable Seth Kelby Vidal, "Systems and Methods for Generating Exportable Encoded Identifications of Networked Machines Based on Installed Encoded Identifications of Networked Machines Based on Installed Package Profiles ” , U .

4A illustrates a flowchart of an exemplary process not pose a danger to computing system due to malicious FIG. 4A illustrates a flowchart of an exemplary process not pose a danger to computing system due to malicious for verifying and certifying a software package is secure code , at the time of scanning .

For example, the computing system 102 can request to download and install Additionally , the black list 122 can include hashed versions Additionally, the black list 122 can include hashed versions computing system 102 can request to download and install of the components ( archival files ) .

Virtual machines are also convenient abstractions of server workloads, since they cleanly encapsulate the entire state of a running sys- tem, including both user-level applications and kernel- mode operating system services.

The design of ESX Server dif- fers significantly from VMware Workstation, which uses a hosted virtual machine architecture [23] that takes ad- vantage of a pre-existing operating system for portable I/O device support.

(a) Ten Windows NT VMs serving users at a Fortune 50 company, running a va- riety of database (Oracle, SQL Server), web (IIS, Websphere), development (Java, VB), and other applications.

ESX Server employs a similar approach, but uses four thresholds to reflect different reclamation states: high, soft, hard, and low, which default to 6%, 4%, 2%, and 1% of system memory, respectively.

The ESX Server mechanism for working-set estima- tion is related to earlier uses of page faults to main- tain per-page reference bits in software on architectures lacking direct hardware support [2].