Methods and apparatus for application isolation

Assignee

• George Mason Research Foundation, Inc. · US

Inventors

• Anup K. Ghosh · Centreville, US
• Yih Huang · Fairfax, US
• Jiang Wang · Hangzhou City, CN
• Angelos Stavrou · Springfield, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2149
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s) operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.