0-touch and 1-touch techniques for improving the availability of computer programs under protection without compromising security

Assignee

• VMware LLC · US

Inventors

• Srinivas Mantripragada · Cupertino, US
• Tim Garnett · Boston, US
• Derek L. Bruening · Troy, US
• Vladimir L. Kiriansky · Alameda, US
• Bharath Chandramohan · Sunnyvale, US
• James Brink · Oakland, US
• Saman P. Amarasinghe · Waltham, US
• Sandy Wilbourn · Palo Alto, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/55
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Protected software, such as an application and/or DLL, is monitored by protective software to guard against attacks, while distinguishing spurious, benign events from attacks. In a 1-touch approach, the protected software is monitored in a testing environment to detect spurious, benign events caused by, e.g., incompatibility or interoperability problems. The spurious events can be remediated in different ways, such as by applying a relaxed security policy. In a production mode, or 0-touch mode, when the protected software is subject to attacks, the corresponding remediation can be applied when the spurious events are again detected. Security events which occur in production mode can also be treated as benign when they occur within a specified time window. The applications and/or DLLs can further be classified according to whether they are known to have bad properties, known to be well-behaved, or unknown. Appropriate treatment is provided based on the classification.