Visibility makes evasion more difficult by increasing the range of analyzable events , de- difficult by increasing the range of analyzable events , de- creasing the risk of having an incorrect view of system creasing the risk of having an incorrect view of system state, and reducing the number of unmonitored avenues state, and reducing the number of unmonitored avenues of attack.

We must also contend with the issue of exploitable bugs in the OS, a serious problem in our world exploitable bugs in the OS, a serious problem in our world of complex operating systems written in unsafe languages, of complex operating systems written in unsafe languages, where new buffer overflows are discovered with disturb- where new buffer overflows are discovered with disturb- ing frequency.

This interface is composed of two parts: first, a Unix domain socket that allows the VMI IDS to send a Unix domain socket that allows the VMI IDS to send commands to, and receive responses and event notifica- commands to, and receive responses and event notifica- tions from, the VMM; and second, a memory-mapped file tions from, the VMM; and second, a memory-mapped file that supports efficient access to the physical memory of that supports efficient access to the physical memory of the monitored VM.

The lie detector module works by directly inspecting The lie detector module works by directly inspecting hardware and kernel state, and by querying the host sys- hardware and kernel state, and by querying the host sys- tem through user-level programs (e.g. ps, ifconfig, tem through user-level programs (e.g. ps, ifconfig, netstat) via a remote shell.

6.2 Event Driven Policy Modules 6.2 Event Driven Policy Modules Event-driven checkers run when the VMM detects Event-driven checkers run when the VMM detects changes to hardware state, such as a write to a sensitive changes to hardware state, such as a write to a sensitive location in memory.

Current computer architectures require VMM software intervention to maintain system integrity since an improperly written channel program can interfere with other virtual machines or the VMM itself3 A side benefit of software intervention is the ability to map I/O requests for one device into requests for another’*>*° or to provide a virtual machine with special devices which have no real counterpart.

Similarly, a violation of fj faults to the VMM in R. As in the nonrecursive model, local mapping structure pertaining to user programs is hidden within the resource sets and is ignored.

These penalties include the extra resources 一 e.g., main memory and processor cycles needed by the VMM - and the potential drop in system throughput which results.

Similar success is anticipated for virtualizable architec- tures such as the Hardware Virtualizer34 or the Newcastle Recursive Virtual Machine.48 For certain choices of resource maps, these machines should eliminate other forms of processor overhead.

R. Cavina, and N. Lijtmaer, “Virtual Enput- Ancilotti, R., Output in u Virtual Environment.” ACM AICA International Computer Symposium Proceedings, Venice, Italy, April 12- 14, 1972, pp. 302-312.

INVENTOR(s) (Please see PAIR WEB site http://pair.uspto.gov for additional inventors): Avi SHUA, Tel Aviv, ISRAEL; APPLICANT(s) (Please see PAIR WEB site http://pair.uspto.gov for additional applicants): Orca Security LTD., Tel Aviv, ISRAEL; The United States represents the largest, most dynamic marketplace in the world and is an unparalleled location for business investment, innovation, and commercialization of new technologies.

A record in this system ofrecords maybe disclosed, as a routine use, to anotherfederal agencyfor purposes of National Securityreview (35 U.S.C. 181) and for review pursuantto the Atomic Energy Act (42 U.S.C. 218(c)).

INVENTOR(s) (Please see PAIR WEB site http://pair.uspto.gov for additional inventors): Avi SHUA, Tel Aviv, ISRAEL; APPLICANT(s) (Please see PAIR WEB site http://pair.uspto.gov for additional applicants): Orca Security LTD., Tel Aviv, ISRAEL; The United States represents the largest, most dynamic marketplace in the world and is an unparalleled location for business investment, innovation, and commercialization of new technologies.

Balasubramanian, Swaminathan Lakshman, Avinash Song, Zhexuan Tannous, Samuel Joseph Bahl, Pradeep Chefalas, Thomas E. Palagummi, Siva Sai Prasad Note: Submission of copies of U.S.

Section 1(h)(2) of the AIA Technical Corrections Act amended 35 U.S.C. 154(b)(3)(B)(i) to eliminate the requirement that the Office provide a patent term adjustment determination with the notice of allowance.

In general terms, Mr. Shua conceived of a revolutionary approach that analyzed virtual cloud assets using read-only access with no impact on performance, and without deploying agents or network scanners.

were too complicated, fragmented, and generate too many alerts.8 Wiz was thus founded to “build a platform that lets teams scan their environments across compute types and cloud services for vulnerabilities and configuration, network, and identity issues without agents”; i.e., to do exactly what Orca had already been doing for over a year.9

The exercise of personal jurisdiction comports with Wiz’s right to due process because, as described above, Wiz has purposefully availed itself of the privilege of Delaware corporate laws such that it should reasonably anticipate being haled into court here.

.” To the extent the preamble is limiting, Wiz practices this step by, for example, using its computer-implemented CSP to inspect data in clients’ cloud computing environments, including inactive assets.

It is an inventive concept that allows, for example, practical implementations of vulnerability detection for virtual cloud assets in large data centers because it does not require the cumbersome installation of agents.

The design and tualization can isolate potentially unstable or unsafe Software tualization can isolate potentially unstable or unsafe software operation of virtual machines are well known in the field of operation of virtual machines are well known in the field of so that it cannot adversely affect the hardware state or system so that it cannot adversely affect the hardware state or system computer Science.

For example, "hypervisor" is often used to describe typically includes one or more processors 110, memory 130, typically includes one or more processors 110, memory 130, both a VMM and a kernel together, either as separate but both a VMM and a kernel together, either as separate but Some form of mass storage 140, and various other devices some form of mass storage 140, and various other devices cooperating components or with one or more VMMs incor 45 cooperating components or with one or more VMMs incor- 170.

A memory management to include any guest OS with any code that is specifically intended to provide information directly to any other compo module 350 translates the first GPPN into a corresponding so module 350 translates the first GPPN into a corresponding intended to provide information directly to any other compo- hardware page number PPN (Physical Page Number), say a nent of the virtualization software.

In this embodiment, the Ethernet headers 702 are copied to the transmit buffers 402 in order to obtain the pre-translated 55 to the transmit buffers 402 in order to obtain the pre-translated mappings so that the virtual switch 602 can direct the network mappings so that the virtual switch 602 can direct the network frame to the appropriate destination (appropriate NIC 172-2) frame to the appropriate destination (appropriate NIC 172-2) and handle VLAN and priority tagging.

Upon reading this disclosure, those of skill in the art will Upon reading this disclosure, those of skill in the art will appreciate still additional alternative embodiments of trans appreciate still additional alternative embodiments of trans- mitting network frames to NICs via a virtual switch through mitting network frames to NICs via a virtual switch through the disclosed principles of the present invention.

VirtualDisk P‘iklXc>‘jb WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW 4/ VirtualDiskDestination P‘iklXc>‘jb>\jk‘eXk‘fe WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW 4/ VirtualDiskl nfo P‘iklXc>‘jbCe]f WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW 4/ VirtualDiskMode P‘iklXc>‘jbGf[\ WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW 42 VirtualHardware P‘iklXcBXi[nXi\ WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW 42 VirtualMachine P‘iklXcGXZ_‘e\ WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW 43 VirtualMachineCPUPerf (ESX Server Only) P‘iklXcGXZ_‘e\=JOJ\i] #?MR M\im\i Iecp$ WWWWWWWWWWWWWWWWWWWWWWWWWW 43 VirtualMachineGroup P‘iklXcGXZ_‘e\Aiflg WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW44 VirtualMachinelnfo P‘iklXcGXZ_‘e\Ce]f WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW 44 VirtualMachineMemoryPerf P‘iklXcGXZ_‘e\G\dfipJ\i] WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW ,+.

These two chapters contain information that helps you understand the SDK M>E gif[lZk) N_\j\ knf Z_Xgk\ij ZfekX‘e ‘e]fidXk‘fe k_Xk _\cgj pfl le[\ijkXe[ k_\ M>E architecture and terminology and will enhance your use of this reference guide.

dXeX^\ PGnXi\ gif[lZkj i\dfk\cp) Interoperability — VMware uses the SOAP and WSDL (Web Services Description Language) Cek\ifg\iXY‘c‘kp s PGnXi\ lj\j k_\ MI;J Xe[ QM>F #Q\Y M\im‘Z\j >\jZi‘gk‘fe FXe^lX^\$ standards, so developers can program in their favorite environment, such as Java or jkXe[Xi[j’ jf [\m\cfg\ij ZXe gif^iXd ‘e k_\‘i ]Xmfi‘k\ \em‘ifed\ek’ jlZ_ Xj DXmX fi Microsoft° Visual Studio° .NET.

► HostInfo HostInfo uuid uuid hostnanie hostname port port system system migrationEnabled migrationEnabled datastore[[ datastore[ ] network[ network[ ] configLimits _ configLimits userConfig[ userConfig[ ] nnigrationInfo migrationInfo ► Systeminfo SystemInfo name name type type version version build build LNetvvorkInl o NetworkInfo key key device device ♦ ConfigLimits ConfigLimits maxAudio maxAudio maxFloppy maxFloppy maxNet maxNet maxParallel maxParallel inaxSerial maxSerial maxUSBController maxUSBController ideLimits ideLimits scsiLimits scsiLimits guestOS guestOS vmLimit vmLimit ► Property Property key key va I val MigrationInf o MigrationInfo network network ip ip gateway gateway subnet subnet ► Hardware Hardware cpu[] cpu[ ] memory memory HostState HostState status status detail detail connected connected bootTime bootTime eventCollector eventCollector —0.

Virtual Machine Virtual Machine guestlnfo guestInfo state state info info hardwar hardware path path GuestNetworkAdapter GuestNetworkAdapter key key network network ipAddress ipAddress pp msgWaiting msgWaiting msg msg id id choice choice defaultChoicelndex defaultChoiceIndex VirtualMachineTools VirtualMachineTools toolsVersion toolsVersion afterPoweron afterPoweron afterResume afterResume beforeSuspend beforeSuspend beforePowerOff beforePowerOff Guestlnfo GuestInfo hostname hostname ipAddress ipAddress net net toolsStatus toolsStatus toolsMounted toolsMounted heartbeatSampleInterval heartbeatSampleInterval heartbeatsExpected heartbeatsExpected heartbeatsReceived heartbeatsReceived config config VirtualMachineState VirtualMachineState host host bootTime bootTime status status detail detail migrating migrating connected connected eventCollector eventCollector msgWaiting msgWaiting VirtualMachinelnfo VirtualMachineInfo uuid uuid name name guestOS guestOS file crgVersion cfgVersion hwVersion hwVersion redoLogLocation redoLogLocation suspendDirectory suspendDirectory disableAcceleration disableAcceleration enableLogging enableLogging autostart autostart autostartCompleteAfter autostartCompleteAfter autostartCompleteWhenToolsStarted autostartCompleteWhenToolsStarted autostop autostop autostopCompleteAfter autostopCompleteAfter tools tools customPropertyDef customPropertyDef config[ config[ ] customProperty[ }- customProperty[ ] Property -4 Property key key val val VirtualHardware VirtualHardware …..

In fact, as the threat landscape continues to evolve, one can argue that the original base vectors have become less important in assessing likelihood of attack than new vulner- ability metrics that recent research has yielded.

erence to the following detailed description of the embodi- ments when considered in connection with the accompanying figures, in which: FIG. 1 is block diagram of an exemplary environment in 5 which a security tool can test and analyze assets, according to various embodiments.

However, one of ordinary skill in the art would readily recognize that the same prin- ciples are equally applicable to, and can be implemented in, all types of information and systems, and that any such varia- 25 tions do not depart from the true spirit and scope of the present teachings.

No. 12/750, 031, U.S. Patent Application Publication No. 2011-0191854, invented by Anastasios Giakouminakis, Chad Loder, Corey E. Thomas, and HD Moore, assigned to Rapid7, LLC, the disclosures of which are incorporated herein, in their entirety, by reference.

Specifically, the nature of the entity's business can inform the attractiveness of certain assets, based on their function and the type of data stored on them, which in turn can affect both the likelihood and impact of an attack on those targets.

Gupta, R., University of Pittsburgh, "Optimizing Array Bound Checks Using Flow Analysis", ACM SIGPLAN Conference on Pro- gramming Language Design and Implementation, White Plains, NY, Preliminary Version (1995).

Gionklrge .MIDI .ski Sovirtaty Peftr BeIFICNINAKR 9°5 priwiN1 SSttdirF a. Ar -a 8, Retper EviOrka Appkatm Aro ia Eien;Tory — Arolpis St fIchrmi rEe Manrizad Y Appliattios Analysis Da iliewtay bandirnaeg dvrta Restitis —

Once so completed, project managers at the bank may log into the platform using secure IDs and passwords, biometric authen- tication, PKI techniques or other such methods and, using the flaw viewer 245, review and comment on any vulnerabilities identified during testing.

In some cases, ongoing trends derived from industry-wide statistics (e.g., a bank's 65 peer group is shifting to a newer, more secure java framework, or has migrated from MySQL to Oracle) are provided to help guide developers' efforts.

In addition, analysis of the assessment results and subsequent monitoring of the applications (for undetected security flaws or unexpected operational reactions to certain threats, for example) allow the platform 105, and specifically the work- flow engine 220, to be refined and improved.

Here, as Lowis and Accorsi pointed out lately, the specific security threats and vulnerabilities of services and service-oriented architectures require new taxonomies and classification criteria, so do attacks on cloud computing scenarios [1].

This attack requires the adversary to create its own malicious service implementation module (SaaS or PaaS) or virtual machine instance (IaaS), and add it to the Cloud system.

Here, as Lowis and Accorsi pointed out lately, the specific security threats and vulnerabilities of services and service-oriented architectures require new taxonomies and classification criteria, so do attacks on cloud computing scenarios [1].

This attack requires the adversary to create its own malicious service implementation module (SaaS or PaaS) or virtual machine instance (IaaS), and add it to the Cloud system.

International Journal of Engineering and Innovative Technology (IJEIT) Volume 1, Issue 4, April 2012 legitimate cloud user that has to pay for the resource usage to side-channel attacks is therefore system’s resilience important for secure system design [4].