Automatic mitigation of corrupted or compromised compute resources

Assignee

• GitLab Inc. · US

Inventors

• Shlomi Boutnaru · Modiin-Maccabim-Reut, IL
• Liran Tancman · Nes Ziona, IL
• Artem Merkovich · Beer Sheva, IL
• Royi Klein · Beer Sheva, IL
• Omri Moshe Lahav · Carmiel, IL
• Artum Zolotushko · Rehovot, IL
• Tal Kopeliovich · Beer Sheva, IL
• Yuri Shafet · San Jose, US
• Lior Zur-Lotan · Beer Sheva, IL
• Yotam Perkal · San Jose, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/033
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Embodiments described herein are directed to determining whether an application executing on a compute instance has been corrupted or compromised by malicious code. This may achieved by statically analyzing an image file from which the application is based to determine characteristics thereof. Such characteristics are representative of the behavior that is expected to be performed by the application during execution. During execution of the application, runtime characteristics of the application are determined, which are determined based on an analysis of the address space in memory allocated for a computing process of the application. The statically-determined characteristics are compared to the determined runtime characteristics to determine discrepancies therebetween. In the event that a discrepancy is found, a determination is made that the application has been compromised or corrupted and an appropriate remedial action is automatically performed.