Unlock instant, AI-driven research and patent intelligence for your innovation.

Hardware-based virtualized security isolation

A technology for files and network resources, applied in electrical components, digital transmission systems, data exchange networks, etc., to solve problems such as increased management costs for employers and frustration with the use of computing equipment

Active Publication Date: 2019-01-11
MICROSOFT TECH LICENSING LLC
View PDF11 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this limited network access results in increased administrative costs for employers, as employers must continually update policies that define which network resources are untrusted
This can lead to frustration with the use of computing devices by both users and employers

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Hardware-based virtualized security isolation
  • Hardware-based virtualized security isolation
  • Hardware-based virtualized security isolation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0014] This article discusses hardware-based virtualization security isolation. An operating system running on a computing device (also referred to herein as a host operating system running on a host device) uses containers for hardware resource partitioning. In contrast to many VM-based or sandboxing approaches, the use of containers in combination with the hardware-based virtualization security isolation techniques described in this paper by separating the web browser, associated applications, and operating system components (such as the kernel, file system, and network) from untrusted Network resource isolation to protect computing devices from attacks. Isolation of untrusted network resources is enforced and monitored by one or more operating system filters and policy managers. In this manner, when a host device requests access to an untrusted network resource, the host device contains the untrusted network resource within one or more containers that provide complete kern...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A host operating system running on a computing device monitors network communications for the computing device to identify network resources that are requested by the computing device. The host operating system compares requested network resources against security policies to determine if the requested network resources are trusted. When an untrusted network resource is identified, the host operating system accesses the untrusted network resource within a container that is isolated from the host operating system kernel using techniques discussed herein. By restricting access to untrusted network resources to isolated containers, the host operating system is protected from even kernel-level attacks or infections that may result from an untrusted network resource.

Description

Background technique [0001] Computing device infections commonly occur when users browse the Internet to untrusted websites or when they download or open untrusted network resources such as applications and documents. These infections allow attackers to steal users' credentials and even take control of computing devices, repurposing them for the attackers' own purposes. While one solution used to combat these kernel-level attacks is to shut down network access to computing devices, this severely limits the functionality of many modern computing devices. Additionally, in a workplace environment, disabling network access can hinder employee productivity and job satisfaction. As a compromise, many employers implement limited network access by preventing employees from accessing untrusted network resources. However, this limited network access results in increased administrative costs for employers, as employers must continually update policies that define which network resource...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/53
CPCG06F21/53H04L63/20H04L12/4641H04L63/08H04L63/10H04L63/1416H04L63/1433H04L63/1441H04L67/02
Inventor N·N·帕伊C·G·杰弗里斯G·维斯瓦纳坦B·M·舒尔茨F·J·史密斯L·鲁瑟M·B·埃伯索尔G·迪亚兹奎利亚尔I·D·帕绍夫P·R·加德奥苏尔H·R·普拉帕卡V·M·拉奥
Owner MICROSOFT TECH LICENSING LLC