| 发明名称 | Systems and methods for enforcing data loss prevention policies on sandboxed applications | ||
| 摘要 | A computer-implemented method for enforcing data loss prevention policies on sandboxed applications may include identifying an application process that is in a sandbox, wherein a broker process has created a file handle for a file on behalf of the application process within the sandbox, intercepting an input/output request performed on the file handle by the application process, wherein the input/output request comprises an identifier of the application process, extracting the identifier of the application process from the input/output request and enforcing a data loss prevention policy on the file by attributing the input/output request to the application process instead of to the broker process based on the identifier of the application process. Various other methods, systems, and computer-readable media are also disclosed. | ||
| 申请公布号 | US9027078(B1) | 申请公布日期 | 2015.05.05 |
| 申请号 | US201313903958 | 申请日期 | 2013.05.28 |
| 申请人 | Symantec Corporation | 发明人 | Manmohan Sarin Sumit |
| 分类号 | G06F21/00;G06F21/60 | 主分类号 | G06F21/00 |
| 代理机构 | ALG Intellectual Property, LLC | 代理人 | ALG Intellectual Property, LLC |
| 主权项 | 1. A computer-implemented method for enforcing data loss prevention policies on sandboxed applications, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising: identifying, with at least one processor, an application process that is in a sandbox, wherein a broker process has intercepted an attempt by the application process to access a file and, in response, created a file handle for the file on behalf of the application process within the sandbox for the application process to have access to the file via the file handle; intercepting, with at least one processor, an input/output request performed on the file handle by the application process, wherein the input/output request comprises an identifier of the application process; extracting, with at least one processor, the identifier of the application process from the input/output request; enforcing, with at least one processor, a data loss prevention policy on the file by attributing the input/output request to the application process instead of to the broker process based on the identifier of the application process. | ||
| 地址 | Mountain View CA US | ||