Systems and methods for generating policies for an application using a virtualized environment
First Claim
1. A method of generating policies for applications using virtualized environments, comprising:
- installing, by a first program execution restrictor of a virtualized environment in a host system executing on a computing device having one or more processors, a new application in the virtualized environment for execution;
detecting, by the first program execution restrictor, that a program subcomponent is added to the new application during execution of the new application in the virtualized environment;
verifying, by the first program execution restrictor, via a set of policies allowing the new application to add the program subcomponent during execution, an absence of malicious behavior from the program subcomponent that is added to the application during execution in the virtualized environment; and
executing, responsive to verifying the absence of malicious behavior from the program subcomponent, the new application on the host system, the host system having a second program execution restrictor that applies the set of policies while the new application executes on the host system.
6 Assignments
0 Petitions
Accused Products
Abstract
Provided herein are systems and methods for generating policies for a new application using a virtualized environment. Prior to allowing a new application to operate on a host system, the new application may be installed in a virtual environment. A first program execution restrictor of the virtualized environment may determine a set of policies for the new application. The set of policies may allow the new application to add specific program elements during installation and execution in the virtualized environment. The first program execution restrictor may verify an absence of malicious behavior from the new application while the new application executes in the virtualized environment. The new application may be executed on the host system responsive to the verification. The host system may have a second program execution restrictor that applies the set of policies when the new application is allowed to execute on the host system.
11 Citations
20 Claims
-
1. A method of generating policies for applications using virtualized environments, comprising:
-
installing, by a first program execution restrictor of a virtualized environment in a host system executing on a computing device having one or more processors, a new application in the virtualized environment for execution; detecting, by the first program execution restrictor, that a program subcomponent is added to the new application during execution of the new application in the virtualized environment; verifying, by the first program execution restrictor, via a set of policies allowing the new application to add the program subcomponent during execution, an absence of malicious behavior from the program subcomponent that is added to the application during execution in the virtualized environment; and executing, responsive to verifying the absence of malicious behavior from the program subcomponent, the new application on the host system, the host system having a second program execution restrictor that applies the set of policies while the new application executes on the host system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for generating policies for applications using virtualized environments, comprising:
-
a virtualized environment in a host system executed on a computing device having one or more processors, wherein a first program execution restrictor of the virtualized environment is configured to install a new application in the virtualized environment for execution; the first program execution restrictor of the virtualized environment, configured to; detect that a program subcomponent is added to the new application during execution of the new application in the virtualized environment; verify, via a set of policies allowing the new application to add the program subcomponent during execution, an absence of malicious behavior from the program subcomponent that is added to the application during execution in the virtualized environment; and a second program execution restrictor executed on the host system, configured to apply, responsive to verifying the absence of malicious behavior from the program subcomponent, the set of policies while the new application executes on the host system. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification