METHODS AND APPARATUS FOR APPLICATION ISOLATION
3 Assignments
0 Petitions
Accused Products
Abstract
Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s) operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.
-
Citations
40 Claims
-
1-20. -20. (canceled)
-
21. An apparatus, comprising:
-
a memory; and a hardware processor communicatively coupled to the memory, the hardware processor configured to execute a virtual machine monitor at least partially stored in the memory, the virtual machine monitor configured to provide hardware level virtualization as a first layer of isolation for an application, the hardware processor configured to execute a virtual environment using the virtual machine monitor, the virtual environment configured to operate under control of an operating system operating within a virtual machine defined by the virtual machine monitor, the virtual environment configured to provide operating system level virtualization as a second layer of isolation for the application, the second layer of isolation operating within the first layer of isolation, the hardware processor configured to execute the application within the virtual environment. - View Dependent Claims (22, 23, 24, 25, 26)
-
-
27. A non-transitory processor-readable medium storing code representing instructions to be executed by a processor, the code comprising code to cause the processor to:
-
initiate a virtual container to execute an application, the virtual container providing a layer of operating system level virtualization executed within a layer of hardware level virtualization, the application being isolated from a host operating system by the layer of operating system level virtualization and the layer of hardware level virtualization; monitor behavior of the application within the virtual container; detect, based on the monitoring, an unauthorized activity of the application; and discard the virtual container in response to detecting the unauthorized activity. - View Dependent Claims (28, 29, 30, 31, 32)
-
-
33. An apparatus, comprising:
-
a memory; and a hardware processor communicatively coupled to the memory, the hardware processor configured to execute; a virtual machine to define a layer of hardware level virtualization, a virtual container within the virtual machine to define a layer of operating system level virtualization within the layer of hardware level virtualization, and an application within the virtual container. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40)
-
Specification