Patent · US Active

System and method for container assessment using sandboxing

US12001543B2 · kind B2 · utility

0Cited by

2References

14Claims

0Family size

Assignee

Aqua Security Software, Ltd. · IL

Inventors

Idan Revivo · Tel Aviv-Yafo, IL
Yaniv Agman · Hod HaSharon, IL
Roi Kol · Jerusalem, IL
Ziv Karliner · Givatayim, IL

Key dates

Filing date	Sep 17, 2021
Grant date	Jun 4, 2024
Priority date	—
Expiry date	Dec 6, 2042

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/033
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

An example method for a software container includes instantiating the following in a sandbox of a computing device: an operating system, a Berkeley Packet Filter (BPF) virtual machine within a kernel of the operating system, and a software container. The kernel monitors runtime behavior events of the software container, with the monitoring at least partially performed by the BPF virtual machine. Based on the monitoring, a respective risk score is assigned to each of the runtime behavior events that is potentially malicious, with each risk score indicating a likelihood that a corresponding behavior event is malicious. An overall risk score is assigned to the software container that indicates a likelihood that the software container is malicious based on the respective risk scores.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.