Abstract: A method for preventing network attacks is provided, which includes: obtaining a data packet, where a source address of the data packet is a cryptographically generated address (CGA); determining that the obtained data packet includes a CGA parameter and signature information; authenticating the CGA parameter; authenticating the signature information according to the authenticated CGA parameter; and sending the data packet to a destination address when the signature information is authenticated. Accordingly, a device for preventing network attacks is also provided. A CGA parameter used by a data packet is directly used to ensure authenticity of a source address of the data packet, thus preventing network attacks performed by counterfeiting the address. In addition, by authenticating signature information, authenticity of identification of a sender of the data packet and bound address of the sender of the data packet are further ensured.

Abstract: A user requests to store a file to a storage device and a DLP module receives the request. The DLP module receives data for the file, encrypts the data using an encryption key and stores the encrypted data to the storage device. Next, the DLP module determines whether the encrypted data in the file is in compliance with a DLP policy. To determine compliance, the DLP module decrypts the data using the encryption key and examines the decrypted data for compliance. If the decrypted data is not in compliance with the DLP policy, the DLP module deletes the encrypted data from the storage device.

Abstract: A computer-implemented method for adaptively performing backup operations may include 1) identifying a storage system used for storage by at least one application, 2) identifying a request to perform a backup operation including at least one input/output operation on the storage system, 3) determining that an input/output capacity of the storage system has fallen below a predetermined threshold, and 4) delaying the input/output operation in response to determining that the input/output capacity of the storage system has fallen below the predetermined threshold. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A file on a computer system is evaluated against trust criteria to determine whether the file is compatible with the trust criteria. Responsive to the file being incompatible with the trust criteria, the file is assigned to a package. Files assigned to the package are tracked to determine whether the files collectively perform malicious behavior. The package is convicted as malware responsive to the files in the package collectively performing malicious behavior.

Abstract: A method and system for merging files of multiple volumes in a data store to a single merged volume. The method includes creating one or more snapshots of one or more volumes of a data store of a first system. Files in the one or more snapshots are merged into a merged volume. The merged volume is mounted and stored in a second system.

Abstract: Embodiments of the present technical solution relate to the technique field of storage, and disclose a server and a method for the server to access a volume. The method comprises: determining, from a first list, a block that needs to be accessed according to an access offset of a volume that needs to be accessed; determining, from a second list, a storage controller corresponding to the block that needs to be accessed according to the determined block; and sending a data reading request or a data writing request to the storage controller corresponding to the block that needs to be accessed to process. Embodiments of the present invention can reduce time delay when the data reading request or the data writing request of the server reaches the block that needs to be accessed.

Abstract: A system for efficient isolation of backup versions of data objects affected by malicious software includes one or more processors and a memory coupled to the processors. The memory comprises program instructions executable by the processors to implement a backup manager configured to receive an indication that a data object is infected by malicious software. In response to the indication, the backup manager is configured to identify a particular backup version of the data object to be excluded from a data set to be used for a restore operation.

Abstract: A system and method for on-demand application delivery. A computing system comprises a streaming server and a client computer coupled to one another via a network. In response to a request to install a given application on the client computer, the client computer sends a streaming request to the streaming server for retrieving files from an installation snapshot. The client computer identifies files determined to be utilized during an initial launch and execution of the given application. For these identified files, the client computer creates a corresponding physical file. For other files, the client computer adds corresponding metadata in an index of files and no physical file is created at this time. For file system access requests, the client computer utilizes the metadata stored within the index of files to handle the requests. In response to a request for access to a file not installed on the client, a request is generated to retrieve the file from the server.

Abstract: A computer has a storage device that is infected with malicious software (malware). The malware uses stealth or rootkit techniques to hide itself in the storage device. A security module within the storage device detects the malware by comparing the files read from the storage device to those reported by the operating system. Upon detecting the malware, the security module prepares the computer for malware obfuscation by storing information describing the location of the malware, deploying an executable file, and configuring it to run on reboot. The executable file executes upon reboot and locates the data on the storage device associated with the malware. The executable file obfuscates the data so that the malware no longer loads at boot time, thereby disabling the rootkit technique. The computer reboots and the security module remediates the malware infection.

Abstract: A decision tree for classifying computer files is constructed. Computational complexities of a set of candidate attributes are determined. A set of attribute vectors are created for a set of training files with known classification. A node is created to represent the set. A weighted impurity reduction score is calculated for each candidate attribute based on the computational complexity of the attribute. If a stopping criterion is satisfied then the node is set as a leaf node. Otherwise the node is set as a branch node and the attribute with the highest weighted impurity reduction score is selected as the splitting attribute for the branch node. The set of attribute vectors are split into subsets based on their attribute values of the splitting attribute. The above process is repeated for each subset. The tree is then pruned based on the computational complexities of the splitting attributes.

Abstract: A computer-implemented method for securely deduplicating data owned by multiple entities may include 1) identifying a first data segment to store on a third-party storage system, 2) identifying a client-specific database for fingerprints of deduplicated data segments stored on the third-party storage system, 3) identifying a third-party database for fingerprints of deduplicated data segments stored on the third-party storage system, 4) generating a fingerprint based on the first data segment, 5) determining that the fingerprint is not identified in the client-specific fingerprint database, 6) determining that the fingerprint is not identified in the third-party fingerprint database, 7) encrypting the first data segment with a third-party public encryption key, and then 8) transmitting the encrypted first data segment to the third-party storage system. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for synthetic backups may include identifying a full backup of a volume of files. The computer-implemented method may also include identifying a set of incremental backups that were performed subsequently to the full backup. The computer-implemented method may further include identifying a set of storage devices that store the full backup and the set of incremental backups. The computer-implemented method may additionally include identifying a request to create a synthetic backup incorporating the full backup and the set of incremental backups. The computer-implemented method may moreover include generating a sorted catalog for the synthetic backup by indexing files for the synthetic backup in an order based on at least one characteristic of the files.

Abstract: A computer-implemented method for data-loss prevention may include: 1) identifying data associated with a user, 2) determining that the data is subject to a data-loss-prevention scan, 3) identifying a data-loss-prevention reputation associated with the user, and then 4) performing a data-loss-prevention operation based at least in part on the data-loss-prevention reputation associated with the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for facilitating online authentication from untrusted computing devices may comprise receiving a request to access an online service from a computing device, retrieving authentication information for the online service from a database, accessing the online service using the authentication information for the online service, receiving data from the online service, and transmitting at least a portion of the data received from the online service to the computing device. The method may also comprise converting the authentication information for the online service into non-computer-readable authentication information, such as a human-readable image, and transmitting the non-computer-readable authentication information to the computing device. Corresponding systems and computer-readable media are also disclosed.

Abstract: A computer-implemented method for migrating archived files may include (1) identifying a file system including a plurality of placeholder files that reference corresponding archived files stored on a first archival system, (2) identifying a request to migrate the archived files from the first archival system to a second archival system, (3) making the second archival system available to the file system for archival, and, while both the first archival system and the second archival system are available to the file system, (4) locating each placeholder file within the plurality of placeholder files on the file system, and, for each located placeholder file, (5) retrieving a corresponding archived file from the first archival system, and (6) archiving the corresponding archived file on the second archival system. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for handling instant messages based on state may include identifying an instant message, detecting a first state of a computing device, and handling the instant message based on the first state of the computing device. The method may further include receiving a first instant-message-handling rule, receiving a first definition of the first state, and associating the first instant-message-handling rule with the first state. A computer-implemented method for preventing the output of instantaneous notifications may include identifying an instant notification, detecting a first state of a computing device, and preventing the instantaneous notification from being sent to an output device of the computing device. Corresponding computer-readable media are also disclosed.

Abstract: A system, method, and medium for implementing I/O fencing in a virtual machine cluster sharing virtual storage objects. A volume manager driver receives access requests from virtual machines directed to a virtual storage object such as a volume. The volume manager driver then translates the access request to point to a storage device underlying the volume. The access request includes keys and/or other group reservation data required to implement an I/O fencing method so as to prevent access to shared data by malfunctioning or non-responsive virtual machines.

Abstract: In one embodiment, a backup application is disclosed which is configured to detect that one or more incremental virtual disk files are provided in a virtual machine image. The backup application may invoke a merge function in the virtual machine monitor, and may merge the incremental virtual disk files into the base virtual disk file. Redundant data is thus eliminated, and may reduce the amount of archive media needed to store the backed-up virtual machine image.

Abstract: A computer-implemented method for providing security information about quick response codes may include (1) identifying a matrix barcode embedded in a web page, (2) determining that the matrix barcode includes a link to an Internet resource, (3) determining the trustworthiness of the Internet resource referenced by the matrix barcode, and then (4) augmenting the matrix barcode with a visual augmentation that is based at least in part on the trustworthiness of the Internet resource. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system, method, and computer program product for managing limited-use software on a host computer having an operating system is disclosed. A software application can be installed in the operating system as a virtualized application using light weight virtualization technology. Rights usage information for the software application is received, the rights usage information comprising a rule describing permitted use of the software application on the host computer. A determination is made whether to enable the virtualized application based at least in part on the rights usage information. Responsive to the determination, the virtualized application is enabled to be executed on the host computer.