Transferring control of potentially malicious bit sets to secure micro-virtual machine

US 10,095,530 B1
Filed: 07/13/2015
Issued: 10/09/2018
Est. Priority Date: 05/28/2010
Status: Active Grant

First Claim

Patent Images

1. One or more non-transitory machine-readable storage mediums storing one or more sequences of instructions for transferring control to a bit set, which when executed by one or more processors, causes:

associating a signed cryptographic hash digest to the bit set to identify a locally determined provenance of the bit set,wherein the locally determined provenance of the bit set is based, at least in part, upon the locally determined provenance of the software entity creating the bit set and the manner in which the bit set was created; and

at a point of ingress, transferring control to the bit set by performing;

prior to transferring control to the bit set, determining if the bit set is in a set of universally known malicious bit sets;

upon determining that the bit set is not in the set of universally known malicious bit sets, determining whether the bit set is in a set of locally known virtuous bit sets based, at least in part, upon said signed cryptographic hash digest; and

upon determining that the bit set is not in the set of locally known virtuous bit sets, then copying the bit set into a micro-virtual machine and transferring control to the bit set within the micro-virtual machine.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Approaches for transferring control to a bit set. At a point of ingress, prior to transferring control to the bit set, a determination is made as to whether the bit set is recognized as being included within a set of universally known malicious bit sets. If the bit set is not so recognized, then another determination is made as to whether the bit set is recognized as being included within a set of locally known virtuous bit sets. If the bit set is recognized as being included within a set of locally known virtuous bit sets, then control is not transferred to the bit set. Upon determining that the bit set is not included within the set of locally known virtuous bit sets, then the bit set is copied into a micro-virtual machine and control is transferred to the bit set within the micro-virtual machine.

138 Citations

19 Claims

1. One or more non-transitory machine-readable storage mediums storing one or more sequences of instructions for transferring control to a bit set, which when executed by one or more processors, causes:
- associating a signed cryptographic hash digest to the bit set to identify a locally determined provenance of the bit set,wherein the locally determined provenance of the bit set is based, at least in part, upon the locally determined provenance of the software entity creating the bit set and the manner in which the bit set was created; and
  
  at a point of ingress, transferring control to the bit set by performing;
  
  prior to transferring control to the bit set, determining if the bit set is in a set of universally known malicious bit sets;
  
  upon determining that the bit set is not in the set of universally known malicious bit sets, determining whether the bit set is in a set of locally known virtuous bit sets based, at least in part, upon said signed cryptographic hash digest; and
  
  upon determining that the bit set is not in the set of locally known virtuous bit sets, then copying the bit set into a micro-virtual machine and transferring control to the bit set within the micro-virtual machine.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The one or more non-transitory machine-readable storage mediums of claim 1, wherein determining if the bit set is in the set of universally known malicious bit sets further includes:
    - consulting a set of locally known malicious bit sets to determine if the bit set is included therein.
  - 3. The one or more non-transitory machine-readable storage mediums of claim 2, wherein membership in the set of locally known malicious bit sets is updated, at least in part, based on observed behavior of a particular bit set in one of a plurality of micro-virtual machines executing within the same local network as the point of ingress.
  - 4. The one or more non-transitory machine-readable storage mediums of claim 1, wherein determining if the bit set is recognized as being included within the set of universally known malicious bit sets further includes:
    - after determining that the bit set is not in a set of locally known malicious bit sets, contacting a central repository over a network to determine if the bit set is in the set of known malicious bit sets maintained at the central repository.
  - 5. The one or more non-transitory machine-readable storage mediums of claim 1, further comprising:
    - updating the membership of the set of locally known virtuous bit sets based on a locally determined provenance of one or more bit sets.
  - 6. The one or more non-transitory machine-readable storage mediums of claim 1, further comprising:
    - upon determining that the bit set is a member of the set of locally known virtuous bit sets, transferring control to the bit set; and
      
      monitoring the behavior of the bit set during execution or interpretation of the bit set to identify any malicious behavior performed by the bit set.
  - 7. The one or more non-transitory machine-readable storage mediums of claim 1, wherein the bit set corresponds to a data file or a data stream.
  - 8. The one or more non-transitory machine-readable storage mediums of claim 1, wherein transferring control to the bit set within the micro-virtual machine corresponds to either executing or interpreting the bit set within the micro-virtual machine.
  - 9. The one or more non-transitory machine-readable storage mediums of claim 1, wherein copying the bit set into the micro-virtual machine and transferring control to the bit set within the micro-virtual machine further comprises:
    - in response to determining that the bit set is not included within the set of locally known virtuous bit sets, (a) selecting a template virtual machine having characteristics specifically tailored to eliminate risk posed by said bit set and (b) using the selected template virtual machine to instantiate said micro-virtual machine, wherein said micro-virtual machine only possess access to resources of said point of ingress deemed necessary in the execution or interpretation of said bit set.

10. An apparatus for transferring control to a bit set, comprising:
- one or more processors; and
  
  one or more non-transitory computer-readable storage mediums storing one or more sequences of instructions, which when executed, cause;
  
  associating a signed cryptographic hash digest to the bit set to identify a locally determined provenance of the bit set,wherein the locally determined provenance of the bit set is based, at least in part, upon the locally determined provenance of the software entity creating the bit set and the manner in which the bit set was created; and
  
  at a point of ingress, transferring control to the bit set by performing;
  
  prior to transferring control to the bit set, determining if the bit set is in a set of universally known malicious bit sets;
  
  upon determining that the bit set is not in the set of universally known malicious bit sets, determining whether the bit set is in a set of locally known virtuous bit sets based, at least in part, upon said signed cryptographic hash digest; and
  
  upon determining that the bit set is not in the set of locally known virtuous bit sets, then copying the bit set into a micro-virtual machine and transferring control to the bit set within the micro-virtual machine.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The apparatus of claim 10, wherein determining if the bit set is in the set of universally known malicious bit sets further includes:
    - consulting a set of locally known malicious bit sets to determine if the bit set is included therein.
  - 12. The apparatus of claim 11, wherein membership in the set of locally known malicious bit sets is updated, at least in part, based on observed behavior of a particular bit set in one of a plurality of micro-virtual machines executing within the same local network as the point of ingress.
  - 13. The apparatus of claim 10, wherein determining if the bit set is recognized as being included within the set of universally known malicious bit sets further includes:
    - after determining that the bit set is not in a set of locally known malicious bit sets, contacting a central repository over a network to determine if the bit set is in the set of known malicious bit sets maintained at the central repository.
  - 14. The apparatus of claim 10, wherein execution of the one or more sequences of instructions further cause:
    - updating the membership of the set of locally known virtuous bit sets based on a locally determined provenance of one or more bit sets.
  - 15. The apparatus of claim 10, wherein execution of the one or more sequences of instructions further cause:
    - upon determining that the bit set is a member of the set of locally known virtuous bit sets, transferring control to the bit set; and
      
      monitoring the behavior of the bit set during execution or interpretation of the bit set to identify any malicious behavior performed by the bit set.
  - 16. The apparatus of claim 10, wherein the bit set corresponds to a data file or a data stream.
  - 17. The apparatus of claim 10, wherein transferring control to the bit set within the micro-virtual machine corresponds to either executing or interpreting the bit set within the micro-virtual machine.
  - 18. The apparatus of claim 10, wherein copying the bit set into the micro-virtual machine and transferring control to the bit set within the micro-virtual machine further comprises:
    - in response to determining that the bit set is not included within the set of locally known virtuous bit sets, (a) selecting a template virtual machine having characteristics specifically tailored to eliminate risk posed by said bit set and (b) using the selected template virtual machine to instantiate said micro-virtual machine, wherein said micro-virtual machine only possess access to resources of said point of ingress deemed necessary in the execution or interpretation of said bit set.

19. A method for transferring control to a bit set, comprising:
- associating a signed cryptographic hash digest to the bit set to identify a locally determined provenance of the bit set,wherein the locally determined provenance of the bit set is based, at least in part, upon the locally determined provenance of the software entity creating the bit set and the manner in which the bit set was created; and
  
  at a point of ingress, transferring control to the bit set by performing;
  
  prior to transferring control to the bit set, determining if the bit set is in a set of universally known malicious bit sets;
  
  upon determining that the bit set is not in the set of universally known malicious bit sets, determining whether the bit set is in a set of locally known virtuous bit sets based, at least in part, upon said signed cryptographic hash digest; and
  
  upon determining that the bit set is not in the set of locally known virtuous bit sets, then copying the bit set into a micro-virtual machine and transferring control to the bit set within the micro-virtual machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Bromium (HP Inc.)
Inventors
Banga, Gaurav, Pratt, Ian, Kashyap, Rahul
Primary Examiner(s)
Wu, Benjamin C

Application Number

US14/798,228
Time in Patent Office

1,184 Days
Field of Search
US Class Current
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 21/566   Dynamic detection, i.e. det...

G06F 9/44   Arrangements for executing ...

G06F 9/45504   Abstract machines for progr...

G06F 9/45558   Hypervisor-specific managem...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

Transferring control of potentially malicious bit sets to secure micro-virtual machine

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

138 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Transferring control of potentially malicious bit sets to secure micro-virtual machine

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

138 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links