IDiyas

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 10885189 B1

PDFFull Text
Date of Patent:
Jan. 05, 2021

Filed:

May. 22, 2017

Isolated container event monitoring

Applicant:

Microsoft Technology Licensing, Llc, Redmond, WA (US);

Inventors:

Charles G. Jeffries, Sammamish, WA (US);

Benjamin M. Schultz, Bellevue, WA (US);

Giridhar Viswanathan, Redmond, WA (US);

Frederick Justus Smith, Redmond, WA (US);

David Guy Weston, Seattle, WA (US);

Ankit Srivastava, Seattle, WA (US);

Ling Tony Chen, Bellevue, WA (US);

Hari R. Pulapaka, Redmond, WA (US);

Assignee:

Microsoft Technology Licensing, LLC, Redmond, WA (US);

Attorney:

Fiala & Weaver P.L.L.C.

Primary Examiner:

Carl G Colin

Assistant Examiner:

Hany S Gadalla

Int. Cl.
CPC ...
H04L 29/06 (2006.01); G06F 21/56 (2013.01); G06F 21/57 (2013.01); G06F 21/53 (2013.01);
U.S. Cl.
CPC ...
G06F 21/566 (2013.01); G06F 21/53 (2013.01); G06F 21/577 (2013.01); H04L 63/101 (2013.01); G06F 2221/033 (2013.01); G06F 2221/034 (2013.01); G06F 2221/2101 (2013.01); H04L 63/0281 (2013.01);
Abstract

A host operating system running on a computing device monitors resource access by an application running in a container that is isolated from the host operating system. In response to detecting resource access by the application, a security event is generated describing malicious activity that occurs from the accessing the resource. This security event is analyzed to determine a threat level of the malicious activity. If the threat level does not satisfy a threat level threshold, the host operating system allows the application to continue accessing resources and continues to monitor resource access. When the threat level satisfies the threat level threshold, the operating system takes corrective action to prevent the malicious activity from spreading beyond the isolated container. Through the use of security events, the host operating system is protected from even kernel-level attacks without using resources required to run anti-virus software in the isolated container.

Find Patent Forward Citations

Loading…