Abstract: A volume manager I/O method and system. The method includes determining a storage extent mapping of storage functionality of a plurality of storage devices and generating a logical disk extent based on the storage extent mapping. The logical disk extent is exported to a volume device component that is communicatively coupled to implement I/O for an application. An I/O request from the application is received via the volume device component. The I/O request is executed in accordance with the logical disk extent.

Abstract: A computing system includes a touch screen display that can display a graphical user interface (GUI). The GUI includes a display region and a first plurality of GUI elements including a first GUI element associated with a tool. The tool is invoked when selection of the first GUI element is sensed by the touch screen display. The GUI also includes a second plurality of GUI elements including a second GUI element associated with a graphical object. The graphical object is displayed in the display region when selection of the second GUI element is sensed by the touch screen display and the graphical object is dragged-and-dropped to a position within the display region.

Abstract: Containers that store data objects that were written to those containers during a particular backup are accessed. Then, a subset of the containers is identified; the containers in the subset have less than a threshold number of data objects associated with the particular backup. Data objects that are in containers in that subset and that are associated with the backup are copied to one or more other containers. Those other containers are subsequently used to restore data objects associated with the backup.

Abstract: A method for incremental scanning of documents may include identifying documents to be scanned for sensitive information according to at least one data loss prevention (DLP) policy, the documents being associated with a bit array. The method may further include applying, for each document, a set of functions to a key of the document, identifying positions in the bit array that correspond to outputs of these functions, refraining from scanning the document when values of all of the identified positions in the array indicate that the document has already been scanned, and scanning the document when a value of at least one of the identified positions in the array indicates that the document has not yet been scanned.

Abstract: A method for restoring deduplicated data may include receiving a request to restore a set of deduplicated data segments to a client system, where each data segment in the set of deduplicated data segments is referred to by one or more deduplication references. The method may also include procuring reference data that indicates, for each data segment in the set of deduplicated data segments, the number of deduplication references that point to the data segment. The method may further include using the reference data to select one or more data segments from the set of deduplicated data segments for client-side caching, caching the one or more data segments in a cache on the client system, and restoring the one or more data segments from the cache on the client system. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for securely managing multimedia data captured by a mobile computing device is disclosed. The method may comprise: 1) identifying multimedia data captured by the mobile computing device, 2) identifying an asymmetric public key stored on the mobile computing device that is associated with an asymmetric private key stored on a server, 3) encrypting the multimedia data using the asymmetric public key so that the encrypted multimedia data may only be decrypted using the asymmetric private key stored on the server, and 4) transmitting the encrypted multimedia data to the server. Corresponding systems and computer-readable media are also disclosed.

Abstract: A method and apparatus for providing point-in-time consistent backup images while reducing a computing overhead associated with copy-on-write operations for snapshot images is described. In one embodiment, the method comprises processing at least one data block that is inconsistent with a backup image; and updating the backup image with the at least one inconsistent data block from a snapshot image, wherein the snapshot image is created after a backup process, wherein the updated backup image is point in time consistent.

Abstract: A server protected by a firewall uses an obfuscation algorithm to periodically generate a source port number and a destination port number. The server periodically sends an outbound packet from the source port to the destination port of an arbitrary destination network address. The outbound packet passes through the firewall and configures the state table of the firewall to temporarily pass inbound packets from the destination port of the arbitrary network address to the source port of the server. A client uses the obfuscation algorithm to send a packet from the destination port of the client to the source port of the server. The packet from the client indicates that it was sent from the arbitrary destination network address and includes the real port and network address of the client within it. The server communicates with the client at the real port and network address.

Abstract: A medium, system, and method are disclosed for implementing an in-memory inode cache. The cache stores inodes that include respective file metadata. The system includes a replacement module that prioritizes the inodes for replacement according to retention priorities for the inodes. The system also includes a prioritization module that is configured to respond to a file close operation by determining whether the file is unlikely to be reopened. If so, the prioritization module responds by decreasing the respective retention priority of one of the inodes, where the one inode stores file metadata for the closed file.

Abstract: An exemplary method for preventing exploitation of byte sequences that violate compiler-generated instruction alignment may comprise: 1) identifying instantiation of a process, 2) identifying an address space associated with the process, 3) identifying, within the address space associated with the process, at least one control-transfer instruction, 4) determining that at least one byte preceding the control-transfer instruction is capable of resulting in an out-of-alignment instruction, and then 5) preventing the control-transfer instruction from being executed. In one example, the system may prevent the control-transfer instruction from being executed by inserting a hook in place of the intended instruction that executes the intended instruction and then returns control flow back to the instantiated process. Corresponding systems and computer-readable media are also disclosed.

Abstract: A method and apparatus for managing access to backup data on an archival storage system through storage media servers are described. In some examples, read operations are initiated. Each of the read operations is targeted to a respective plurality of the media servers specific for reading backup data from the archival storage system. Each read operation is delegated to each of its respective plurality of media servers until one of the respective plurality of media servers is available. The backup data specified by each read operation is read by the one media server of the respective plurality of media servers that is available. Each read operation may comprise a backup restoration, backup duplication, backup verification, or synthetic backup operation. Read operations can be targeted to a first and second plurality of media servers, which may be mutually exclusive. The archival storage system can be a tape storage system.

Abstract: A computer-implemented method for aiding parental-control-policy decisions may include identifying a computer resource. The computer resource may include any content subject to a parental-control-policy decision. The method may also include identifying a community usage repository. The community usage repository may include information relating to a plurality of children's usage of the computer resource. The method may further include analyzing the community usage repository to generate statistical data relating to the computer resource. The method may additionally include presenting the statistical data to a user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An incremental backup service may be configured to backup structured files and unstructured files on a client system. A filter driver 130 may be configured to monitor write operations on the client system and log changed cluster address information for structured files. The backup service may backup changed clusters of structured files to a backup storage device. For each of the unstructured files, the backup service may compare the file size to a threshold size. If the unstructured file is smaller than the threshold size, the backup service may backup the entire unstructured file. If the file size is larger than the threshold size, the backup service may determine the ratio of changed clusters to unchanged clusters. If the ratio is below a ratio threshold, the backup service may backup the changed clusters. If the ratio is above the ratio threshold, the backup service may backup the entire file.

Abstract: A token calculates a one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10^Digit, where Digit is the number of digits in the one time password. The one time password can be validated by a validation server that calculates its own version of the password using K and its own counter value C?. If there is an initial mismatch, the validation server compensate for a lack of synchronization between counters C and C? within a look-ahead window, whose size can be set by a parameter s.

Abstract: A method and apparatus for identifying web attacks is described. In one embodiment, a method of securing a computer comprises generating origin information for a portion of a web page and identifying a modification in the origin information. The identified modification is used to determine an indicia of suspicious behavior at a computer.

Abstract: A computer-implemented method for data loss prevention on mobile computing systems may include (1) identifying a mobile computing system configured to execute only one application at a time as a foreground application, (2) determining that the mobile computing system has begun executing a sensitive application as the foreground application, (3) identifying a first enumeration of screenshots stored on the mobile computing system when the mobile computing system began executing the sensitive application as the foreground application, (4) identifying a second enumeration of screenshots stored on the mobile computing system, (5) determining that at least one new screenshot was taken on the mobile computing system while the sensitive application was the foreground application by detecting a difference between the first enumeration and the second enumeration, and (6) performing a security action upon detecting the difference. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method to detect malformed arguments in a function by hooking a generic object, is described. A predetermined argument to monitor is identified. An activity associated with a calling of a function to produce a called out function is detected. The called out function is mapped to a class identification of an object. An argument in the called out function is compared with the predetermined argument. When a match exists, a virtual method table identification is recorded for the called out function. The match between the argument in the called out function and the predetermined argument is reported.

Abstract: A computer, computer program product, and method identify potentially malicious remote objects using client cooperation. A remote object access module detects client device access of a remote object instance, and an object analysis system identifies an associated location, creates a content identification value for the instance, compares it to stored content identification values for previous instances, and if anomalous, analyzes the stored content identification values to determine whether malicious. The remote object access module monitors actual traffic received by the client, and stores the information across multiple clients for comparison, allowing more accurate detection of malicious remote objects than traditional web crawling.

Abstract: A method and apparatus for backing up a storage system, e.g., one or more disk drives. In one embodiment, an apparatus utilizes a volume snapshot service (VSS) to create a snapshot image file of a computer's storage system and then subsequently reads the data blocks contained in the snapshot image file. A determination of the number of modified data blocks, i.e., the data blocks that have changed since a last backup operation, is made. The apparatus estimates a backup size from the number of modified data blocks and subsequently determines if the estimated backup size exceeds a predetermined threshold. In the event the predetermined threshold is exceeded, a backup operation is conducted.

Abstract: A method for converting a physical file system to a virtual file system of a virtual machine. The method includes initiating a new incremental physical to virtual conversion process, and analyzing a history of a plurality of prior incremental conversions to determine whether there exists at least one prior incremental conversion that failed. Upon determination that a prior failed incremental conversion occurred, the method further includes determining a correct chronological order of the plurality of prior incremental conversions, and determining an original failure point and any subsequent failure points. The prior incremental conversions are re-applied from each of said original failure point and said subsequent failure points in the correct chronological order with the most recent incremental conversion re-applied last.