ISOLATED CONTAINER EVENT MONITORING

ISOLATED CONTAINER EVENT MONITORING

A host operating system running on a computing device monitors resource access by an application running in a container that is isolated from the host operating system. In response to detecting resource access by the application, a security event is generated describing malicious activity that occur...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: WESTON DAVID GUY, JEFFRIES CHARLES G, SCHULTZ BENJAMIN M, VISWANATHAN GIRIDHAR, CHEN LING TONY, SMITH FREDERICK JUSTUS, PULAPAKA HARI R, SRIVASTAVA ANKIT
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A host operating system running on a computing device monitors resource access by an application running in a container that is isolated from the host operating system. In response to detecting resource access by the application, a security event is generated describing malicious activity that occurs from the accessing the resource. This security event is analyzed to determine a threat level of the malicious activity. If the threat level does not satisfy a threat level threshold, the host operating system allows the application to continue accessing resources and continues to monitor resourceaccess. When the threat level satisfies the threat level threshold, the operating system takes corrective action to prevent the malicious activity from spreading beyond the isolated container. Throughthe use of security events, the host operating system is protected from even kernel-level attacks without using resources required to run anti-virus software in the isolated container. 在计算设备上运行的主机操作系统监视在与主机操作系统隔离的容器中运行的应用对资源的