| 发明名称 |
Systems and methods for behavioral sandboxing |
| 摘要 |
Methods and system for behavioral sandboxing are described. In one example embodiment, a system for behavioral sandboxing can include a network and a computer. The network communicatively coupled to a source of an executable application. The computer communicatively couple to the network and including a behavioral analysis module and a plurality of execution environments. The behavioral analysis module is configured to perform behavioral analysis on the executable application downloaded over the network. The plurality of execution environments including a standard execution environment and a protected execution environment. The behavioral analysis module is configured to evaluate a plurality of behavioral characteristics of the executable application to determine whether the executable application should be executed within the protected execution environment prior to execution of the executable application. The behavioral analysis module also monitors execution of the executable application to determine whether the execution environment can be changed. |
| 申请公布号 |
US9223963(B2) |
申请公布日期 |
2015.12.29 |
| 申请号 |
US201313898284 |
申请日期 |
2013.05.20 |
| 申请人 |
|
发明人 |
Dalcher Gregory William;Teddy John D. |
| 分类号 |
G06F21/53;G06F21/56 |
主分类号 |
G06F21/53 |
| 代理机构 |
Blank Rome LLP |
代理人 |
Blank Rome LLP |
| 主权项 |
1. A method for dynamically determining an execution environment in a system having a plurality of execution environments including a first execution environment and a second execution environment, the second execution environment being a protected execution environment, the method comprising:
performing behavioral analysis on an executable application prior to each execution of the executable application, comprising:
requesting behavioral information regarding prior performance of suspicious or out of policy activities of the executable application from a remote security database prior to each execution of the executable application; andevaluating the behavioral information obtained responsive to the request; determining an initial execution environment based on the behavioral analysis prior to each execution of the executable application, comprising:
determining a first portion of a single execution of the executable application for execution in the first execution environment and a second portion of the single execution for execution in the second execution environment; anddetermining the initial execution environment as one of the first execution environment and the second execution environment; loading the executable application for execution in the initial execution environment; collecting behavioral characteristics of the executable application as it is executed within the initial execution environment; and determining from the collected behavioral characteristics whether execution of the executable application should be moved from the initial execution environment to a secondary execution environment while the executable application is still executing in the initial execution environment, wherein only one of the initial execution environment and the secondary execution environment is a protected execution environment. |
| 地址 |
|
