METHOD AND APPARATUS FOR APPLICATION AWARENESS IN A NETWORK
First Claim
1. A method for enforcing a network policy on an application executing within a first context, the method comprising:
- intercepting, by an agent executing in the first context, a network socket event request from the application before the network socket event request reaches a transport layer in a network stack of the first context;
sending, by the agent to a security server executing in a second context, a request for a decision on whether to allow or deny the intercepted network socket event, the request for the decision including an application identifier;
receiving, by the agent, the decision from the security server, the decision being an allowance or a denial of the network socket event request, the decision being based at least in part on the indication of the identity of the application and a network policy; and
preventing, by the agent, the network socket request from reaching the transport layer in the first context when the decision is the denial of the network socket event request.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for enforcing a network policy is described herein. In the method, a network socket event request from an application executing in a first context is intercepted by an agent prior to the request reaching a transport layer in the first context. A context refers to virtualization software, a physical computer, or a combination of virtualization software and physical computer. In response to the interception of the request, the agent requests a decision on whether to allow or deny the network socket event request to be communicated to a security server executing in a second context that is distinct from the first context. The request for a decision includes an identification of the application. The agent then receives from the security server either an allowance or a denial of the network socket event request, the allowance or denial being based at least in part on the identification of the application and a security policy. The agent blocks the network socket event from reaching the transport layer when the denial is received from the security server. In one embodiment, the method is implemented using a machine readable medium embodying software instructions executable by a computer.
72 Citations
23 Claims
-
1. A method for enforcing a network policy on an application executing within a first context, the method comprising:
-
intercepting, by an agent executing in the first context, a network socket event request from the application before the network socket event request reaches a transport layer in a network stack of the first context; sending, by the agent to a security server executing in a second context, a request for a decision on whether to allow or deny the intercepted network socket event, the request for the decision including an application identifier; receiving, by the agent, the decision from the security server, the decision being an allowance or a denial of the network socket event request, the decision being based at least in part on the indication of the identity of the application and a network policy; and preventing, by the agent, the network socket request from reaching the transport layer in the first context when the decision is the denial of the network socket event request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A nontransitory computer readable medium with computer readable instructions executable by a context, comprising:
-
instructions that perform, intercepting, by an agent executing in the first context, a network socket event request from the application before the network socket event request reaches a transport layer in a network stack of the first context; instructions that perform, sending, by the agent to a security server executing in a second context, a request for a decision on whether to allow or deny the intercepted network socket event, the request for the decision including an application identifier; instructions that perform, receiving, by the agent, the decision from the security server, the decision being an allowance or a denial of the network socket event request, the decision being based at least in part on the indication of the identity of the application and a network policy; and instructions that perform, preventing, by the agent, the network socket request from reaching the transport layer in the first context when the decision is the denial of the network socket event request. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer system, comprising:
a processor and memory with a context, the context executing; instructions that perform, intercepting, by an agent executing in the first context, a network socket event request from the application before the network socket event request reaches a transport layer in a network stack of the first context; instructions that perform, sending, by the agent to a security server executing in a second context, a request for a decision on whether to allow or deny the intercepted network socket event the request for the decision including an application identifier; instructions that perform, receiving, by the agent, the decision from the security server, the decision being an allowance or a denial of the network socket event request, the decision being based at least in part on the indication of the identity of the application and a network policy; and instructions that perform, preventing, by the agent, the network socket request from reaching the transport layer in the first context when the decision is the denial of the network socket event request.
Specification