Abstract: A technique generates application-level dependencies in one or more virtual machines (VMs). An intercepting module in a VM monitor intercepts a guest operation system (OS) at TCP send and close related operations. An introspecting module in the VM monitor performs VM introspection for TCP connection and thread information by checking running thread and processing socket kernel objects. It generates an application trajectory and exports application dependencies from the application trajectory for a selected application.

Abstract: A document processing method and system are provided. A client divides at least one document into a plurality of document pages, and individually encrypts the document pages by a first key to obtain a plurality of encrypted pages. The client removes a part of words from the document pages to obtain a plurality of significant words, and individually encrypts the significant words by a second key different to the first key to obtain a plurality of encrypted significant words. The client records the encrypted significant words and a plurality of first index information in a significant word set (SWS), where the first index information indicates a page in the encrypted pages where the encrypted significant word comes from. Then, the client transmits the encrypted pages and the SWS to a remote server for storage.

Abstract: A memory storage system includes multiple flash memory storage devices, multiple transmission interfaces and a central control device. The central control device has a cache and respectively coupled to the flash memory storage devices through the transmission interfaces. The central control device is for maintaining a block map table (BMT) to record a mapping relationship between multiple logical blocks and the physical blocks of the flash memory storage devices and the BMT is temporarily stored in the cache. In addition, the central control device uses the communication commands to access the physical blocks of the flash memory storage devices, in which the communication commands are transmitted to multiple controllers in the flash memory storage devices through the transmission interfaces and the controllers access the physical blocks according to communication commands. In this way, the system can effectively manage multiple flash memory storage devices.

Abstract: A data center network system and a packet forwarding method thereof are provided. The data center network system includes a virtual bridge and an address resolution protocol (ARP) server. The virtual bridge intercepts an ARP request having an identification field and a destination IP address field and adds a corresponding virtual data center identification to the identification field of the ARP request and redirecting the ARP request to the ARP server. Additionally, the ARP server queries a corresponding MAC address according to an IP address recorded in the destination IP address field of the ARP request and the corresponding VDCID recorded in the identification field of the ARP request, and transmits the corresponding MAC address in response to the ARP request. Accordingly, the same private IP address can be reused in the data center network system.

Abstract: A method for sharing memories of virtual machines is provided. The method is applied for a computer system configured to execute at least one virtual machine. The method includes the following steps. A memory map corresponding to the virtual machines is obtained, wherein usage states of memory pages of the virtual machine are stored in the corresponding memory map. Unused memory pages of the virtual machines are marked as free pages according to the corresponding memory map. The free pages of the virtual machines are shared. Therefore, the unused memory pages in the virtual machine can be shared. A computer system using the foregoing method is also provided.

Abstract: A method for identifying memories of virtual machines is provided. The method is adapted to a computer system executing at least one virtual machine, and an operating system is executed on the virtual machine. The method includes the following steps. A kernel file of the operating system is obtained, and the kernel file includes version information of the operation system. A source code and a configuration file of the operating system are obtained according to the version information, and the versions of the source code and the configuration file are complied with the version of the operating system. An object file is generated by compiling a fixed interface function with the source code according to the configuration file. Memory pages of the virtual machine are identified according to the object file. Furthermore, a computer system using the foregoing method is also provided.

Abstract: A system in accordance with exemplary embodiments may provide a scalable segment-based data de-duplication for incremental backups. In the system, a master device on a secondary-storage node side may receive at least incremental changes, fingerprints, mapping entities, and distribute de-duplication functionality to at least a slave device, and performs data de-duplication on said plurality of segments via a way to cluster a plurality of fingerprints in a data locality unit called container for the incremental changes, varied sampling rates of a plurality of segments by having a fixed sampling rate for stable segments and by assigning a lower sampling rate for a plurality of unstable target files of de-duplication, and a per-segment summary structure to avoid unnecessary I/Os involved in de-duplication.

Abstract: A system and method for efficient security protocols in a virtualized datacenter environment are contemplated. In one embodiment, a system is provided comprising a hypervisor coupled to one or more protected virtual machines (VMs) and a security VM. Within a private communication channel, a split kernel loader provides an end-to-end communication between a paravirtualized security device driver, or symbiont, and the security VM. The symbiont monitors kernel-level activities of a corresponding guest OS, and conveys kernel-level metadata to the security VM via the private communication channel. Therefore, the well-known semantic gap problem is solved. The security VM is able to read all of the memory of a protected VM, detect locations of memory compromised by a malicious rootkit, and remediate any detected problems.

Abstract: A method and apparatus for optimizing a startup sequence to improve system boot time is described. In one embodiment, a method for configuring a startup sequence stored in memory, using one or more processors, to improve system boot time including accessing necessity indicia associated with a plurality of startup programs, wherein the necessity indicia comprising at least one of global reputation data or local interaction information, identifying at least one startup program to disable or postpone based on the necessity indicia and modifying at least one startup sequence to disable or delay execution of the at least one identified startup program.

Abstract: A candidate signature for a known malware entity is selected for analysis. A set of malware entities that contain the candidate signature is identified. A diversity measurement for the candidate signature is determined. The diversity measurement describes the diversity of the set of malware entities that contain the candidate signature. A determination is made whether to use the candidate signature to identify the known malware entity based at least in part on the diversity measurement. Responsive to the determination, the candidate malware signature is stored as a signature for the known malware entity.

Abstract: A computer-implemented method for facilitating automatic malware signature generation may comprise providing a byte sequence marked for possible inclusion within one or more malware signatures, determining a context diversity of the byte sequence within malware files each containing the byte sequence in accordance with a diversity-based heuristic, and preventing the byte sequence from being included within the one or more malware signatures in accordance with the determined context diversity. Corresponding systems and computer-readable storage media are also disclosed.

Abstract: Disclosed is a method for managing logical block write requests for a flash drive. The method includes receiving a logical block write request from a file system; assigning a category to the logical block; and generating at least three writes from the logical block write request, a first write writes the logical block to an Erasure Unit (EU) according to the category assigned to each logical block, a second write inserts a Block Mapping Table (BMT) update entry to a BMT update log, and a third write commits the BMT update entry to an on-disk BMT, wherein the first and second writes are performed synchronously and the third write is performed asynchronously and in a batched fashion.

Abstract: A set of candidate signatures for a malicious software (malware) is generated. The candidate signatures in the set are scored based on features that indicate the signatures are more unique and thus less likely to generically occur non-malicious programs. A malware signature for the malware entity is selected from among the candidate malware signatures based on the scores. The selected malware signature is stored.

Abstract: A method for inserting an agent of a virtual appliance into a virtual machine. The method may include inserting, into an exception handler memory location of a virtual machine, one or more computer-executable instructions configured to facilitate transfer of control from the virtual machine to an agent-insertion module. The method may also include triggering an exception during execution of the virtual machine to cause the one or more computer-executable instructions in the exception handler memory location to be executed. The method may further include obtaining control from the virtual machine after the at least one computer-executable instruction executes. The method may include inserting the agent of the virtual appliance into the virtual machine. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and a manager physical machine (PM) for virtual machine (VM) consolidation are provided. The method is performed by the manager PM. A network connects the manager PM and a plurality of server PMs. A plurality of VMs is running on the server PMs. The method includes the following steps. The manager PM classifies the server PMs into redundant PMs and surviving PMs. The manager PM determines migration paths of the VMs running on the redundant PMs to the surviving PMs. The manager PM determines a parallel migration sequence of the VMs running on the redundant PMs based on the migration paths. The manager PM migrates the VMs running on the redundant PMs to the surviving PMs in parallel according to the parallel migration sequence.

Abstract: A network system and a method of address resolution are provided. The network system includes a network, a plurality of virtual machines, a routing module and a path directory module. Each virtual machine includes an internet protocol (IP) address and N media access control (MAC) addresses, so as to connect the network through N transmission routes. The routing module detects and calculates states of the transmission routes. The path directory module receives and decodes an address resolution protocol (ARP) request presented by at least one source virtual machine to reply path information, which includes N MAC addresses corresponding to an IP address of a destination virtual machine and states of the N transmission routes. Thus, the virtual machines present the ARP request without broadcast, so that the problem of network congestion is solved.

Abstract: A load balancing routing method for networks is disclosed. The routing method includes following steps. A network topology graph and a plurality of expected bandwidth demands corresponding to a plurality of source-destination pairs are received by a network server. A plurality of link criticalities of a plurality of links established according to the source-destination pairs is calculated by the network server according to the network topology graph and the expected bandwidth demands. A plurality of expected loads of the links is calculated by the network server according to the link criticalities. A plurality of cost values is calculated according to a plurality of residual capacities of the links and the corresponding expected loads. A better transmission path corresponding to each of the source-destination pairs is selected by the network server according to the weighted sum of the cost values corresponding to the links in the source-destination pair.

Abstract: A data center network system and a packet forwarding method are provided. The data center network includes a management server and a plurality of machines containing physical machines and virtual machines. The management server configures a logical media access control (MAC) address for each of the machines, wherein most significant bytes of each of the logical MAC addresses are set as 0. When a data packet is about to be sent from a physical machine, the physical machine executes an encapsulation procedure on the data packet for forwarding the data packet to an intermediate node between a transmitter and a receiver of the data packet, and the intermediate node executes a decapsulation procedure on the data packet for forwarding the data packet to the true receiver. Accordingly, the number of virtual machines exposed to the forwarding table of Ethernet switches can be effectively reduced.

Abstract: A system in accordance with exemplary embodiments may provide a scalable segment-based data de-duplication for incremental backups. In the system, a master device on a secondary-storage node side may receive at least incremental changes, fingerprints, mapping entities, and distribute de-duplication functionality to at least a slave device, and performs data de-duplication on said plurality of segments via a way to cluster a plurality of fingerprints in a data locality unit called container for the incremental changes, varied sampling rates of a plurality of segments by having a fixed sampling rate for stable segments and by assigning a lower sampling rate for a plurality of unstable target files of de-duplication, and a per-segment summary structure to avoid unnecessary I/Os involved in de-duplication.

Abstract: In accordance with exemplary embodiments, a scalable and parallel garbage collection system for incremental backups with data de-duplication may be implemented with a memory and a processor. The memory may store a changed list at a current time, a before-image list including previous versions of the first overwrite at a current time for each of a plurality of overwritten physical blocks in said storage system, a garbage collection related change list and a recycle list. With these lists configured in the memory, the processor limits the garbage collection to incremental changes and distributes garbage collection tasks to a plurality of participating nodes. For garbage collection, each physical block may associate with an expiration time and a reference count. When the reference count drops to zero, the physical blocks are recycled based on the expiration time.