Execution environment file inventory
First Claim
1. Container management and protection logic encoded in one or more tangible media for managing a system of containers accessible to a computer system by using an inventory of a plurality of protected containers in the system of containers, the plurality of protected containers being accessible to the computer system from at least one of a locally-accessible storage device, a remotely-accessible file storage system, or a storage repository, wherein each of the protected containers is executable in at least one of a plurality of execution environments characterizing the computer system, the container management and protection logic including code for execution and when executed by one or more processors is operable to perform operations, comprising:
- generating the inventory of the plurality of protected containers, the inventory including a plurality of identifiers corresponding respectively to each of the plurality of protected containers, wherein each identifier includes information specific to accessing or locating the corresponding protected container, information uniquely representing the corresponding protected container, or a combination thereof, wherein the inventory is maintained by the container management and protection logic including an interception module, the inventory for use by the interception module;
dynamically intercepting, by the interception module, an operation request on the computer system for a targeted container, the operation request selected from a group consisting of a user-initiated request and a software process initiated request;
identifying the targeted container of the intercepted operation request;
analyzing the inventory of the plurality of protected containers to determine if an identifier corresponding to one of the plurality of protected containers matches that of the targeted container;
allowing the operation request if the operation request is a change request and if it is determined that none of the identifiers corresponding to the plurality of protected containers matches that of the targeted container; and
evaluating, if the operation request is allowed, whether an operation resulting from the operation request creates a new container that is executable in at least one of the plurality of execution environments characterizing the computer system, wherein if the new container is created then a new identifier corresponding to the new container is added to the inventory if the operation is authorized.
11 Assignments
0 Petitions
Accused Products
Abstract
A method is described to maintain (including generate) an inventory of a system of a plurality of containers accessible by a computer system. At least one container is considered to determine whether the container is executable in at least one of a plurality of execution environments characterizing the computer system. Each execution environment is in the group comprising a native binary execution environment configured to execute native machine language instructions and a non-native execution environment configured to execute at least one program to process non-native machine language instructions to yield native machine language instructions. The inventory is maintained based on a result of the considering step. The inventory may be used to exercise control over what executables are allowed to execute on the computer system.
-
Citations
25 Claims
-
1. Container management and protection logic encoded in one or more tangible media for managing a system of containers accessible to a computer system by using an inventory of a plurality of protected containers in the system of containers, the plurality of protected containers being accessible to the computer system from at least one of a locally-accessible storage device, a remotely-accessible file storage system, or a storage repository, wherein each of the protected containers is executable in at least one of a plurality of execution environments characterizing the computer system, the container management and protection logic including code for execution and when executed by one or more processors is operable to perform operations, comprising:
-
generating the inventory of the plurality of protected containers, the inventory including a plurality of identifiers corresponding respectively to each of the plurality of protected containers, wherein each identifier includes information specific to accessing or locating the corresponding protected container, information uniquely representing the corresponding protected container, or a combination thereof, wherein the inventory is maintained by the container management and protection logic including an interception module, the inventory for use by the interception module; dynamically intercepting, by the interception module, an operation request on the computer system for a targeted container, the operation request selected from a group consisting of a user-initiated request and a software process initiated request; identifying the targeted container of the intercepted operation request; analyzing the inventory of the plurality of protected containers to determine if an identifier corresponding to one of the plurality of protected containers matches that of the targeted container; allowing the operation request if the operation request is a change request and if it is determined that none of the identifiers corresponding to the plurality of protected containers matches that of the targeted container; and evaluating, if the operation request is allowed, whether an operation resulting from the operation request creates a new container that is executable in at least one of the plurality of execution environments characterizing the computer system, wherein if the new container is created then a new identifier corresponding to the new container is added to the inventory if the operation is authorized. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of managing a system of containers accessible to a computer system by generating and using an inventory of a plurality of protected containers in the system of containers, the plurality of protected containers being accessible to the computer system from at least one of a locally-accessible storage device, a remotely-accessible file storage system, or a storage repository, wherein each of the protected containers is executable in at least one of a plurality of execution environments characterizing the computer system, the method comprising:
-
evaluating each container in the system of containers to determine whether at least a portion of each container is executable in at least one of the plurality of execution environments characterizing the computer system; generating the inventory including a plurality of identifiers corresponding respectively to each of the plurality of protected containers, wherein each identifier includes information specific to accessing or locating the corresponding protected container, information uniquely representing the corresponding protected container, or a combination thereof, wherein the inventory is maintained by container management and protection software including an interception module, the inventory for use by the interception module; dynamically intercepting, by the interception module, an operation request on the computer system for a targeted container, the operation request selected from a group consisting of a user-initiated request and a software process initiated request; identifying the targeted container of the intercepted operation request; analyzing the inventory of the plurality of protected containers to determine if an identifier corresponding to one of the plurality of protected containers matches that of the targeted container; allowing the operation request if the operation request is a change request and if it is determined that none of the identifiers corresponding to the plurality of protected containers matches that of the targeted container; and evaluating, if the operation request is allowed, whether an operation resulting from the operation request creates a new container that is executable in at least one of the plurality of execution environments characterizing the computer system, wherein if the new container is created then a new identifier corresponding to the new container is added to the inventory if the operation is authorized. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method of managing a system of containers accessible to a computer system by using an inventory of a plurality of protected containers in the system of containers, the plurality of protected containers being accessible to the computer system from at least one of a locally-accessible storage device, a remotely-accessible file storage system, or a storage repository, wherein each of the protected containers is executable in at least one of a plurality of execution environments characterizing the computer system, the method comprising:
-
providing the inventory of the plurality of protected containers, the inventory including a plurality of identifiers corresponding respectively to each of the plurality of protected containers, wherein each identifier includes information specific to accessing or locating the contents of the corresponding protected container, information uniquely representing the corresponding protected container, or a combination thereof, wherein the inventory is maintained by container management and protection software including an interception module, the inventory for use by the interception module; dynamically intercepting, by the interception module, an operation request on the computer system for a targeted container, the operation request selected from a group consisting of a user-initiated request and a software process initiated request; identifying the targeted container of the intercepted operation request; analyzing the inventory of the plurality of protected containers to determine if an identifier corresponding to one of the plurality of protected containers matches that of the targeted container; allowing the operation request if the operation request is a change request and if it is determined that none of the identifiers corresponding to the plurality of protected containers matches that of the targeted container; and evaluating, if the operation request is allowed, whether an operation resulting from the operation request creates a new container that is executable in at least one of the plurality of execution environments characterizing the computer system, wherein if the new container is created then a new identifier corresponding to the new container is added to the inventory if the operation is authorized. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
determining to keep the targeted container from being executed if it is determined that none of the identifiers corresponding to the plurality of protected containers matches that of the targeted container.
-
-
21. The method of claim 20, further comprising:
determining to log the attempt to execute the targeted container if it is determined that none of the identifiers corresponding to the plurality of protected containers matches that of the targeted container.
-
22. The method of claim 14, wherein the inventory of the plurality of protected containers is aggregated with one or more inventories corresponding to a plurality of host computers to create an aggregate inventory of a plurality of protected containers executable in at least one execution environment of the plurality of host computers, and wherein the computer system is one of the plurality of host computers.
-
23. The method of claim 22, further comprising:
-
analyzing the aggregate inventory to determine if a container of the plurality of protected containers of the aggregate inventory represents malware; identifying which inventory of the aggregate inventory indicates the container representing malware; and causing removal of the container representing malware from a host computer associated with the identified inventory that indicates the container.
-
-
24. The method of claim 14, wherein the software process initiated request includes an automatic software updater.
-
25. The method of claim 14, wherein each execution environment is in the group comprising:
-
a native binary execution environment configured to execute native machine language instructions; and a set of non-native execution environments, each execution environment configured to execute at least one program to process non-native machine language instructions to yield native machine language instructions.
-
Specification