| 发明名称 |
EXTENDED CONTEXT DELIVERY FOR CONTEXT-BASED AUTHORIZATION |
| 摘要 |
Some embodiments provide a novel method for authorizing network requests for a machine in a network. In some embodiments, the method is performed by security agents that execute on virtual machines operating on a host machine. In some embodiments, the method captures a network request (e.g., network control packets, socket connection request, etc.) from a primary application executing on the machine. The method identifies an extended context for the network request and determines whether the network request is authorized based on the extended context. The method then processes the network request according to the determination. The extended context of some embodiments includes identifications for primary and secondary applications associated with the network request. Alternatively, or conjunctively, some embodiments include identifications for primary and secondary users associated with the network request. |
| 申请公布号 |
US2017126677(A1) |
申请公布日期 |
2017.05.04 |
| 申请号 |
US201615016216 |
申请日期 |
2016.02.04 |
| 申请人 |
Nicira, Inc. |
发明人 |
Kumar Vasantha;Dabak Prasad Sharad;Feroz Azeem;Patil Amit Vasant |
| 分类号 |
H04L29/06;G06F9/455 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A non-transitory machine readable medium storing a program which when executed by at least one processing unit monitors access for requests from a machine, the program comprising sets of instructions for:
receiving a request from a first application executing on the machine; identifying a second application associated with the request; analyzing the request and the identifications of the first and second applications to determine whether to allow the request; and when the request is allowed, performing the request. |
| 地址 |
Palo Alto CA US |
