Execution Environment File Inventory
9 Assignments
0 Petitions
Accused Products
Abstract
A method is described to maintain (including generate) an inventory of a system of a plurality of containers accessible by a computer system. At least one container is considered to determine whether the container is executable in at least one of a plurality of execution environments characterizing the computer system. Each execution environment is in the group comprising a native binary execution environment configured to execute native machine language instructions and a non-native execution environment configured to execute at least one program to process non-native machine language instructions to yield native machine language instructions. The inventory is maintained based on a result of the considering step. The inventory may be used to exercise control over what executables are allowed to execute on the computer system.
-
Citations
51 Claims
-
1-28. -28. (canceled)
-
29. One or more non-transitory computer readable media having container management and protection logic encoded therein for managing a system of containers accessible to a computer system, wherein the container management and protection logic, when executed by one or more processors, is configured to:
-
intercept, dynamically, an attempted change in the storage system that affects a targeted container in the system of containers; determine whether the targeted container is identified in an inventory indicating a plurality of protected containers in the system of containers; and allow the attempted change if it is determined that the targeted container is identified in the inventory of protected containers and if the attempted change is authorized. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
-
-
45. An apparatus, comprising:
a computer system that includes; an execution unit; a memory element including code for execution; and a storage system that couples to the execution unit and that includes a system of containers accessible to the computer system, the system of containers including a plurality of protected containers that collectively form an inventory of protected containers for the computer system, wherein the code for execution, when executed by one or more processors, is configured to; intercept, dynamically, an attempted change in the storage system that affects a targeted container; determine whether the targeted container is identified in the inventory of protected containers; and block the attempted change if it is determined that the targeted container is identified in the inventory of protected containers and if the attempted change is unauthorized. - View Dependent Claims (46, 47, 48, 49, 50, 51)
Specification