Transferring control of potentially malicious bit sets to secure micro-virtual machine
First Claim
1. One or more non-transitory machine-readable storage mediums storing one or more sequences of instructions for transferring control to a bit set, which when executed by one or more processors, causes:
- associating a signed cryptographic hash digest to the bit set to identify a locally determined provenance of the bit set,wherein the locally determined provenance of the bit set is based, at least in part, upon the locally determined provenance of the software entity creating the bit set and the manner in which the bit set was created; and
at a point of ingress, transferring control to the bit set by performing;
prior to transferring control to the bit set, determining if the bit set is in a set of universally known malicious bit sets;
upon determining that the bit set is not in the set of universally known malicious bit sets, determining whether the bit set is in a set of locally known virtuous bit sets based, at least in part, upon said signed cryptographic hash digest; and
upon determining that the bit set is not in the set of locally known virtuous bit sets, then copying the bit set into a micro-virtual machine and transferring control to the bit set within the micro-virtual machine.
2 Assignments
0 Petitions
Accused Products
Abstract
Approaches for transferring control to a bit set. At a point of ingress, prior to transferring control to the bit set, a determination is made as to whether the bit set is recognized as being included within a set of universally known malicious bit sets. If the bit set is not so recognized, then another determination is made as to whether the bit set is recognized as being included within a set of locally known virtuous bit sets. If the bit set is recognized as being included within a set of locally known virtuous bit sets, then control is not transferred to the bit set. Upon determining that the bit set is not included within the set of locally known virtuous bit sets, then the bit set is copied into a micro-virtual machine and control is transferred to the bit set within the micro-virtual machine.
-
Citations
19 Claims
-
1. One or more non-transitory machine-readable storage mediums storing one or more sequences of instructions for transferring control to a bit set, which when executed by one or more processors, causes:
-
associating a signed cryptographic hash digest to the bit set to identify a locally determined provenance of the bit set, wherein the locally determined provenance of the bit set is based, at least in part, upon the locally determined provenance of the software entity creating the bit set and the manner in which the bit set was created; and at a point of ingress, transferring control to the bit set by performing; prior to transferring control to the bit set, determining if the bit set is in a set of universally known malicious bit sets; upon determining that the bit set is not in the set of universally known malicious bit sets, determining whether the bit set is in a set of locally known virtuous bit sets based, at least in part, upon said signed cryptographic hash digest; and upon determining that the bit set is not in the set of locally known virtuous bit sets, then copying the bit set into a micro-virtual machine and transferring control to the bit set within the micro-virtual machine. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus for transferring control to a bit set, comprising:
-
one or more processors; and one or more non-transitory computer-readable storage mediums storing one or more sequences of instructions, which when executed, cause; associating a signed cryptographic hash digest to the bit set to identify a locally determined provenance of the bit set, wherein the locally determined provenance of the bit set is based, at least in part, upon the locally determined provenance of the software entity creating the bit set and the manner in which the bit set was created; and at a point of ingress, transferring control to the bit set by performing; prior to transferring control to the bit set, determining if the bit set is in a set of universally known malicious bit sets; upon determining that the bit set is not in the set of universally known malicious bit sets, determining whether the bit set is in a set of locally known virtuous bit sets based, at least in part, upon said signed cryptographic hash digest; and upon determining that the bit set is not in the set of locally known virtuous bit sets, then copying the bit set into a micro-virtual machine and transferring control to the bit set within the micro-virtual machine. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for transferring control to a bit set, comprising:
-
associating a signed cryptographic hash digest to the bit set to identify a locally determined provenance of the bit set, wherein the locally determined provenance of the bit set is based, at least in part, upon the locally determined provenance of the software entity creating the bit set and the manner in which the bit set was created; and at a point of ingress, transferring control to the bit set by performing; prior to transferring control to the bit set, determining if the bit set is in a set of universally known malicious bit sets; upon determining that the bit set is not in the set of universally known malicious bit sets, determining whether the bit set is in a set of locally known virtuous bit sets based, at least in part, upon said signed cryptographic hash digest; and upon determining that the bit set is not in the set of locally known virtuous bit sets, then copying the bit set into a micro-virtual machine and transferring control to the bit set within the micro-virtual machine.
-
Specification