Systems and methods for generating policies for an application using a virtualized environment
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-021/00
G06F-021/53
G06F-021/56
H04L-029/06
출원번호
US-0878415
(2015-10-08)
등록번호
US-9977896
(2018-05-22)
발명자
/ 주소
Fox, John C.
출원인 / 주소
DIGITAL GUARDIAN, INC.
대리인 / 주소
Pua, Paul M. H.
인용정보
피인용 횟수 :
0인용 특허 :
3
초록▼
Provided herein are systems and methods for generating policies for a new application using a virtualized environment. Prior to allowing a new application to operate on a host system, the new application may be installed in a virtual environment. A first program execution restrictor of the virtualiz
Provided herein are systems and methods for generating policies for a new application using a virtualized environment. Prior to allowing a new application to operate on a host system, the new application may be installed in a virtual environment. A first program execution restrictor of the virtualized environment may determine a set of policies for the new application. The set of policies may allow the new application to add specific program elements during installation and execution in the virtualized environment. The first program execution restrictor may verify an absence of malicious behavior from the new application while the new application executes in the virtualized environment. The new application may be executed on the host system responsive to the verification. The host system may have a second program execution restrictor that applies the set of policies when the new application is allowed to execute on the host system.
대표청구항▼
1. A method for generating policies for a new application using a virtualized environment prior to executing on a host operating system of a client device, the method comprising: installing, responsive to a request to install a new application on a host system and prior to allowing the new applicati
1. A method for generating policies for a new application using a virtualized environment prior to executing on a host operating system of a client device, the method comprising: installing, responsive to a request to install a new application on a host system and prior to allowing the new application to operate on the host system, the new application in a virtualized environment for execution;determining, for a first program execution restrictor of the virtualized environment, a set of policies for the new application, the set of policies allowing the new application to add specific program elements during execution of the new application in the virtualized environment;detecting, by the first program execution restrictor, that the specific program elements are added to the new application during execution of the new application in the virtualized environment;verifying, via the first program execution restrictor applying the set of policies, an absence of malicious behavior from the specific program elements detected to be added to the new application during execution of the new application in the virtualized environment, wherein malicious behavior includes accessing a memory address restricted from the new application; andexecuting, responsive to the verification, the new application on the host system, the host system having a second program execution restrictor that applies the set of policies when the new application executes on the host system. 2. The method of claim 1, further comprising intercepting, by an agent executing on the host system, the request to install the new application on the host system. 3. The method of claim 1, further comprising directing, by an agent executing on the host system, the new application to the virtualized environment for installation responsive to the request to install the new application on the host system. 4. The method of claim 1, further comprising using a process monitor of the virtualized environment to detect for malicious behavior by the new application in the virtualized environment. 5. The method of claim 1, further comprising generating, by the first program execution restrictor, a log record of actions by the new application to add program elements during installation and execution of the new application. 6. The method of claim 5, further comprising determining, by a policy generator, the set of policies using the generated log record. 7. The method of claim 1, wherein determining the set of policies comprises detecting an attempt by the new application to add a first program element, and generating a first policy that allows the new application to add the first program element if the first program element is known to be safe. 8. The method of claim 1, wherein the verifying comprises detecting if the new application attempts to add a program element that is at least one of unknown or potentially unsafe for the host system. 9. The method of claim 1, further comprising providing, by the virtualization environment, the set of policies to the second program execution restrictor of the host system responsive to the verification. 10. The method of claim 1, further comprising requesting, by an agent executing on the host system, the virtualization environment to transition the new application to the host system after verifying the absence of malicious behavior. 11. A system for generating policies for a new application using a virtualized environment prior to executing on a host operating system of a client device, the system comprising: a virtualized environment executed on a computing device having one or more processors, configured to install a new application in the virtualized environment for execution, responsive to a request to install the new application on a host system and prior to allowing the new application to operate on the host system;a first program execution restrictor executing in the virtualized environment, the first program execution restrictor configured to: determine a set of policies for the new application, the set of policies allowing the new application to add specific program elements during execution of the new application in the virtualized environment;detect that the specific program elements are added to the new application during execution of the new application in the virtualized environment; andverify, via the set of policies, an absence of malicious behavior from the specific program elements detected to be added to the new application during execution of the new application in the virtualized environment, wherein malicious behavior includes accessing a memory address restricted from the new application, wherein the new application is allowed to execute on the host system responsive to the verification; anda second program execution restrictor executing on the host system, the second program execution restrictor configured to apply the set of policies when the new application executes on the host system. 12. The system of claim 11, further comprising an agent executing on the host system, the agent configured to intercept the request to install the new application on the host system. 13. The system of claim 11, further comprising an agent executing on the host system, the agent configured to direct the new application to the virtualized environment for installation responsive to the request to install the new application on the host system. 14. The system of claim 11, further comprising a process monitor of the virtualized environment, the process monitor utilized to detect for malicious behavior by the new application in the virtualized environment. 15. The system of claim 11, wherein the first program execution restrictor is configured to generate a log record of actions by the new application to add program elements during installation execution of the new application. 16. The system of claim 15, further comprising a policy generator configured to determine, using the generated log record, the set of policies. 17. The system of claim 11, wherein the first program execution restrictor is configured to detect an attempt by the new application to add a first program element, and to determine a first policy that allows the new application to add the first program element if the first program element is known to be safe. 18. The system of claim 11, wherein the first program execution restrictor is configured to detect, as part of the verification, if the new application attempts to add a program element that is at least one of unknown or potentially unsafe for the host system. 19. The system of claim 11, wherein the virtualization environment is configured to provide the set of policies to the second program execution restrictor of the host system responsive to the verification. 20. The system of claim 11, further comprising an agent executing on the host system, the agent configured to request the virtualization environment to transition the new application to the host system after verifying the absence of malicious behavior.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (3)
Kalinichenko, Michael, Application of nested behavioral rules for anti-malware processing.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.