Inhibiting denial-of-service attacks using group controls
US9027151B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Feb 17, 2011 |
| Grant date | May 5, 2015 |
| Priority date | — |
| Expiry date | May 25, 2031 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/2149
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A sandbox tool can cooperate with components of a secure operating system (OS) to create an isolated execution environment for accessing content without exposing other processes and resources of the computing system to the untrusted content. The sandbox tool can utilize task control groups (cgroups) of the secure OS with the isolated execution environment. A cgroup defines the hardware resources that can be accessed and utilized by the isolated execution environment. The cgroups can define accessible hardware resources by particular hardware resources, amount of hardware resources, and/or components of the hardware resources. Once a cgroup is applied to the isolated execution environment, any processes running in the isolated execution environment will be confined to the hardware resources defined by the applied cgroup. If a process running in the isolated execution environment attempts to utilize hardware resources outside the definition of the cgroup, the secure OS can block the usage.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.