Virtual browsing environment

US 10,120,998 B2
Filed: 08/29/2016
Issued: 11/06/2018
Est. Priority Date: 06/30/2009
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

a memory; and

a processor operatively coupled to the memory and connected to a network, the processor configured to receive a request to execute a browser application, the processor configured to initiate, in response to the request, the browser application within a virtual browsing environment,the processor configured to associate with the virtual browsing environment a list of indications of normal operations between the browser application and an operating system,the processor configured to identify potential malicious activity within the virtual browsing environment based on an indication of an operation of the browser application within the virtual browsing environment not being on the list of indications of normal operations between the browser application and an operating system, the processor configured to update a displayed indication of a status of the virtual browsing environment on a health monitor associated with the virtual browsing environment in response to identifying the potential malicious activity,the processor configured to transmit, to a collection computer via the network, information about a source of the potential malicious activity such that the collection computer takes action based on the source,the processor configured to terminate the browser application in response to identifying the potential malicious activity.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An embodiment for providing a secure virtual browsing environment includes creating a virtual browsing environment with a virtualized operating system sharing an operating system kernel of a supporting operating system and executing the browser application within the virtual browsing environment. Another embodiment includes receiving a website selection within a browser application, determining if the website selection corresponds to a secure bookmark, and creating a second virtual browsing environment and executing the browser application within the second virtual browsing environment to access the website selection when the website selection corresponds to a website specified as a secure bookmark. Yet another embodiment includes monitoring operation of the operating system within the at least one virtual browsing environment, determining when the operation of the operating system includes potential malicious activity, and terminating the virtual browsing environment when the operation includes potential malicious activity.

Citations

22 Claims

1. An apparatus, comprising:
- a memory; and
  
  a processor operatively coupled to the memory and connected to a network, the processor configured to receive a request to execute a browser application, the processor configured to initiate, in response to the request, the browser application within a virtual browsing environment,the processor configured to associate with the virtual browsing environment a list of indications of normal operations between the browser application and an operating system,the processor configured to identify potential malicious activity within the virtual browsing environment based on an indication of an operation of the browser application within the virtual browsing environment not being on the list of indications of normal operations between the browser application and an operating system, the processor configured to update a displayed indication of a status of the virtual browsing environment on a health monitor associated with the virtual browsing environment in response to identifying the potential malicious activity,the processor configured to transmit, to a collection computer via the network, information about a source of the potential malicious activity such that the collection computer takes action based on the source,the processor configured to terminate the browser application in response to identifying the potential malicious activity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 21, 22)
- - 2. The apparatus of claim 1, wherein the processor is configured to identify the potential malicious activity in response to the virtual browsing environment accessing a website, the information about the source of the potential malicious activity including an identifier associated with the website.
  - 3. The apparatus of claim 1, wherein the processor is configured to initiate the virtual browsing environment in response to the request.
  - 4. The apparatus of claim 1, wherein the processor is configured to define a new file system for the virtual browsing environment based on a template and in response to the request.
  - 5. The apparatus of claim 1, wherein the processor is configured to identify the source of the potential malicious activity by correlating a time associated with the operation of the browser application and a time associated with the browser application accessing the source.
  - 6. The apparatus of claim 1, wherein the processor is configured to execute the virtual browsing environment under control of a guest operating system of a virtual computer under control of a host operating system, the guest operating system being a different type of operating system than the host operating system.
  - 7. The apparatus of claim 1, wherein the processor is configured to transmit the information about the source of the potential malicious activity such that the collection computer can identify malicious activity on the network.
  - 8. The apparatus of claim 1, wherein the processor is configured to transmit, to the collection computer via the network, information about a hardware configuration of at least one of the processor and the memory.
  - 9. The apparatus of claim 1, wherein the processor is configured to automatically block the browser application from accessing the source in response to identifying the potential malicious activity within the virtual browsing environment.
  - 21. The apparatus of claim 1, wherein the processor is configured to display on the health monitor an indication of an amount of time the virtual browsing environment has been executing.
  - 22. The apparatus of claim 1, wherein the processor is configured to display on the health monitor an option to at least one of restore the virtual browsing environment or terminate the virtual browsing environment.

10. A non-transitory processor-readable medium storing code representing instructions to be executed by a processor, the code comprising code to cause the processor to:
- receive a request to execute a browser application on a compute device;
  
  initiate, based on the request, the browser application within a virtual browsing environment on the compute device;
  
  associate with the virtual browsing environment a list of indications of normal operations between the browser application and an operating system;
  
  identify potential malicious activity within the virtual browsing environment based on an indication of an operation of the browser application within the virtual browsing environment not being on the list of indications of normal operations between the browser application and an operating system;
  
  update a displayed indication of a status of the virtual browsing environment on a health monitor associated with the virtual browsing environment in response to identifying the potential malicious activity;
  
  send, to a collection computer via a network and in response to the identifying, an identifier of a website accessed by the browser application and likely associated with the potential malicious activity; and
  
  restart the virtual browsing environment in response to the identifying.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The non-transitory processor-readable medium of claim 10, wherein the code to cause the processor to send includes code to cause the processor to send forensic information related to the potential malicious activity including information related to at least one of a file access, a file modification, or an attempted modification to a registry entry.
  - 12. The non-transitory processor-readable medium of claim 10, further comprising code to cause the processor to:
    - identify a source of the potential malicious activity; and
      
      automatically block the browser application from accessing the source in response to identifying the potential malicious activity.
  - 13. The non-transitory processor-readable medium of claim 10, wherein the code to cause the processor to send includes code to cause the processor to send to the collection computer information about a hardware of the compute device.
  - 14. The non-transitory processor-readable medium of claim 10, further comprising code to cause the processor to:
    - initiate the virtual browsing environment by defining a new file system for the virtual browsing environment based on a template and in response to the request.
  - 15. The non-transitory processor-readable medium of claim 10, wherein the virtual browsing environment is executed under control of a guest operating system of a virtual computer under control of a host operating system, the guest operating system being a different type of operating system than the host operating system.

16. A method, comprising:
- initiating a virtual browsing environment including a browser application on a compute device;
  
  associating with the virtual browsing environment a list of indications of normal operations between the browser application and an operating system;
  
  identifying potential malicious activity based on an indication of an operation of the browser application within the virtual browsing environment not being on the list of indications of normal operations between the browser application and an operating system;
  
  updating a displayed indication of a status of the virtual browsing environment on a health monitor associated with the virtual browsing environment in response to identifying the potential malicious activity;
  
  identifying a source of the potential malicious activity by correlating a time associated with the operation of the browser application and a time associated with the browser application accessing the source;
  
  sending, to a collection computer via a network and in response to the identifying the potential malicious activity, an identifier of the source; and
  
  terminating the virtual browsing environment in response to identifying the potential malicious activity.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, further comprising:
    - receiving a request to execute the browser application, the initiating the virtual browsing environment being based on the request.
  - 18. The method of claim 16, wherein the source is a website accessed by the browser application.
  - 19. The method of claim 16, wherein the sending includes sending, to the collection computer via the network, information about a hardware configuration of the compute device.
  - 20. The method of claim 16, further comprising:
    - automatically blocking the browser application from accessing the source in response to identifying the potential malicious activity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
George Mason Research Foundation Inc.
Original Assignee
George Mason Research Foundation Inc.
Inventors
Ghosh, Anup K., Jajodia, Sushil, Huang, Yih, Wang, Jiang
Primary Examiner(s)
Cribbs, Malcolm

Application Number

US15/249,975
Publication Number

US 20170206348A1
Time in Patent Office

799 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/56   Computer malware detection ...

G06F 21/568   eliminating virus, restorin...

G06F 2209/541   Client-server

G06F 2221/034   Test or assess a computer o...

G06F 9/54   Interprogram communication

H04L 63/1408   by monitoring network traff...

H04L 63/1483   service impersonation, e.g....

Virtual browsing environment

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual browsing environment

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links