Isolated container event monitoring

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Charles G. Jeffries · Sammamish, US
• Benjamin M. Schultz · Bellevue, US
• Giridhar Viswanathan · Redmond, US
• Frederick J. Smith · Redmond, US
• David Guy WESTON · Redmond, US
• Ankit Srivastava · San Diego, US
• Ling Tony Chen · Bellevue, US
• Hari R. Pulapaka · Redmond, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/0281
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A host operating system running on a computing device monitors resource access by an application running in a container that is isolated from the host operating system. In response to detecting resource access by the application, a security event is generated describing malicious activity that occurs from the accessing the resource. This security event is analyzed to determine a threat level of the malicious activity. If the threat level does not satisfy a threat level threshold, the host operating system allows the application to continue accessing resources and continues to monitor resource access. When the threat level satisfies the threat level threshold, the operating system takes corrective action to prevent the malicious activity from spreading beyond the isolated container. Through the use of security events, the host operating system is protected from even kernel-level attacks without using resources required to run anti-virus software in the isolated container.