Intrustion protection system utilizing layers and triggers
First Claim
1. An Intrusion Protected Layered System for isolating intrusive attacks on a computing system in isolation layers, those attacks including modifications to at least files on the computing system, comprising:
- a computing system, said computing system capable of executing processes;
at least one storage device;
at least one file system located to said storage devices; and
computer executable instructions stored to said storage devices, said instructions executable by said computing system to perform the functions of;
(i) identifying running processes, said identifying optionally occurring as the processes are initiated,(ii) assigning processes categorizations of trust, the categorizations of trust providing at least one “
suspicious”
categorization for processes at a level of suspicion sufficient to isolate write requests and at least one other categorization for other processes permitted to write to a file system or other storage container,(iii) receiving trigger events related to running processes,(iv) on receipt of trigger events, recategorizing processes,(v) operating at least one isolation layer capable of containing file objects,(vi) assigning an isolation layer to each process categorized under a “
suspicious”
categorization,(vii) for processes categorized under a “
suspicious”
categorization, directing write requests into the isolation layer assigned for those processes,(viii) for processes not categorized under a “
suspicious”
categorization, permitting write requests to be written to a file system or other storage container rather than an isolation layer, and(ix) providing access to file objects located in isolation layers, the access being provided to at least the processes assigned to each corresponding isolation layer.
3 Assignments
0 Petitions
Accused Products
Abstract
The inventions relate generally to protection of computing systems by isolating intrusive attacks into layers, those layers containing at least file objects and being accessible to applications, those layers further maintaining potentially intrusive file objects separately from regular file system objects such that the regular objects are protected and undisturbed. Also disclosed herein are computing systems which use layers and/or isolation layers, and various systems and methods for using those systems. Detailed information on various example embodiments of the inventions are provided in the Detailed Description below, and the inventions are defined by the appended claims.
-
Citations
19 Claims
-
1. An Intrusion Protected Layered System for isolating intrusive attacks on a computing system in isolation layers, those attacks including modifications to at least files on the computing system, comprising:
-
a computing system, said computing system capable of executing processes; at least one storage device; at least one file system located to said storage devices; and computer executable instructions stored to said storage devices, said instructions executable by said computing system to perform the functions of; (i) identifying running processes, said identifying optionally occurring as the processes are initiated, (ii) assigning processes categorizations of trust, the categorizations of trust providing at least one “
suspicious”
categorization for processes at a level of suspicion sufficient to isolate write requests and at least one other categorization for other processes permitted to write to a file system or other storage container,(iii) receiving trigger events related to running processes, (iv) on receipt of trigger events, recategorizing processes, (v) operating at least one isolation layer capable of containing file objects, (vi) assigning an isolation layer to each process categorized under a “
suspicious”
categorization,(vii) for processes categorized under a “
suspicious”
categorization, directing write requests into the isolation layer assigned for those processes,(viii) for processes not categorized under a “
suspicious”
categorization, permitting write requests to be written to a file system or other storage container rather than an isolation layer, and(ix) providing access to file objects located in isolation layers, the access being provided to at least the processes assigned to each corresponding isolation layer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. An Intrusion Protected Layered System for isolating intrusive attacks on a computing system in isolation layers, those attacks including modifications to at least files on the computing system, comprising:
-
a computing system, said computing system capable of executing processes; at least one storage device; at least one file system located to said storage devices; configuration defining at least one protected area of said file systems; and computer executable instructions stored to said storage devices, said instructions executable by said computing system to perform the functions of; (i) identifying running processes, said identifying optionally occurring as the processes are initiated, (ii) assigning processes categorizations of trust, the categorizations of trust providing at least one “
suspicious”
categorization for processes at a level of suspicion sufficient to isolate write requests and at least one other categorization for other processes permitted to write to a file system or other storage container,(iii) detecting write requests to a file system, (iv) for a process producing a write request to a defined protected area of a file system, recategorizing that process as suspicious, (v) operating at least one isolation layer capable of containing file objects, (vi) assigning an isolation layer to each process categorized under a “
suspicious”
categorization,(vii) for processes categorized under a “
suspicious”
categorization, directing write requests into the isolation layer assigned for those processes,(viii) for processes not categorized under a “
suspicious”
categorization, permitting write requests to be written to a file system or other storage container rather than an isolation layer, and(ix) providing access to file objects located in isolation layers, the access being provided to at least the processes assigned to each corresponding isolation layer.
-
-
19. An Intrusion Protected Layered System for isolating intrusive attacks on a computing system in isolation layers, those attacks including modifications to at least files on the computing system, comprising:
-
a computing system, said computing system capable of executing processes; at least one storage device; at least one file system located to said storage devices; configuration defining at least one protected area of said file systems; and computer executable instructions stored to said storage devices, said instructions executable by said computing system to perform the functions of; (i) identifying running processes, said identifying optionally occurring as the processes are initiated, (ii) assigning processes categorizations of trust, the categorizations of trust providing at least one “
suspicious”
categorization for processes at a level of suspicion sufficient to isolate write requests and at least one other categorization for other processes permitted to write to a file system or other storage container,(iii) detecting write requests to a file system, (iv) for a process producing a write request to a defined protected area of a file system, recategorizing that process as suspicious, (v) operating at least one isolation layer capable of containing file objects, (vi) assigning an isolation layer to each process categorized under a “
suspicious”
categorization,(vii) for processes categorized under a “
suspicious”
categorization, directing write requests into the isolation layer assigned for those processes,(viii) for processes not categorized under a “
suspicious”
categorization, permitting write requests to be written to a file system or other storage container rather than an isolation layer,(ix) providing access to file objects located in isolation layers, the access being provided to at least the processes assigned to each corresponding isolation layer, and (x) merge file objects contained in isolation layers to a file system.
-
Specification