Abstract: Embodiment of the invention provide a reverse name lookup function for providing an absolute path name or file name and absolute path name to the file name parent directory based on a vnode reference, NFS file handle reference, or file identifier reference associated with a computer virtual file system. A method in accordance with the invention comprises populating a table structure with vnodes, names, and absolute path information associated with the vnodes. The table structure and information are sufficient to generate an absolute path name and file name for each vnode. The table structure also includes entries for file identifiers, names, and associated absolute path information associated with the file identifiers. This information is sufficient to generate an absolute path name for each file identifier. The table is populated by hooking virtual file system function calls including the vnode name lookup function and the vnode inactive function.

Abstract: A method in one example implementation includes receiving a plurality of command messages through a control channel and reconstructing the command messages to determine an intended command for one or more virtual machines on a server device. The command messages include one or more criteria and the intended command corresponds to an operation defined in a policy database. The method also includes determining whether the corresponding operation is permitted by comparing one or more policies associated with the operation to the one or more criteria. The method further includes sending the command messages to the server device if the operation is permitted. In more specific embodiments, the operation may include one of creating, cloning, deleting, starting, stopping, and modifying the one or more virtual machines.

Abstract: A method of and system for protecting a computer system against denial-of-service attacks or other exploitation. The method comprises collecting network data and analyzing the network data using statistical and heuristic techniques to identify the source of the exploitation upon receiving an indication of exploitation. Upon identifying the network source, the network data associated with the network is blocked, redirected, or flow controlled. Preferably, the method also includes identifying when the system is being exploited.

Abstract: A method in one example implementation includes receiving a plurality of command messages through a control channel and reconstructing the command messages to determine an intended command for one or more virtual machines on a server device. The command messages include one or more criteria and the intended command corresponds to an operation defined in a policy database. The method also includes determining whether the corresponding operation is permitted by comparing one or more policies associated with the operation to the one or more criteria. The method further includes sending the command messages to the server device if the operation is permitted. In more specific embodiments, the operation may include one of creating, cloning, deleting, starting, stopping, and modifying the one or more virtual machines.

Abstract: Embodiment of the invention provide a reverse name lookup function for providing an absolute path name or file name and absolute path name to the file name parent directory based on a vnode reference, NFS file handle reference, or file identifier reference associated with a computer virtual file system. A method in accordance with the invention comprises populating a table structure with vnodes, names, and absolute path information associated with the vnodes. The table structure and information are sufficient to generate an absolute path name and file name for each vnode. The table structure also includes entries for file identifiers, names, and associated absolute path information associated with the file identifiers. This information is sufficient to generate an absolute path name for each file identifier. The table is populated by hooking virtual file system function calls including the vnode name lookup function and the vnode inactive function.

Abstract: A method of identifying malicious code based on identifying software executing out of writable memory of the computer system. In one embodiment, the identification of the malicious code occurs when the code accesses a predetermined memory address. This address can reside in the address space of an application, a library, or an operating system component. In one embodiment, the access to the predetermined address generates an exception invoking exception handling code. The exception handling code checks the memory attributes of the code that caused the exception and determines whether the code was running in writeable memory.