| 发明名称 |
Protecting a virtual guest machine from attacks by an infected host |
| 摘要 |
In a virtualization environment, a host machine on which a guest machine is operable is monitored to determine that it is healthy by being compliant with applicable policies (such as being up to date with the current security patches, running an anti-virus program, certified to run a guest machine, etc.) and free from malicious software or “malware” that could potentially disrupt or compromise the security of the guest machine. If the host machine is found to be non-compliant, then the guest machine is prevented from either booting up on the host machine or connecting to a network to ensure that the entire virtualization environment is compliant and that the guest machine, including its data and applications, etc., is protected against attacks that may be launched against it via malicious code that runs on the unhealthy host machine, or is isolated from the network until the non-compliancy is remediated. |
| 申请公布号 |
US8954897(B2) |
申请公布日期 |
2015.02.10 |
| 申请号 |
US200812199812 |
申请日期 |
2008.08.28 |
| 申请人 |
Microsoft Corporation |
发明人 |
Neystadt John;Ben-Yochanan Noam;Nice Nir |
| 分类号 |
G06F17/00 |
主分类号 |
G06F17/00 |
| 代理机构 |
|
代理人 |
Tabor Ben;Drakos Kate;Minhas Micky |
| 主权项 |
1. A method of operating a guest machine created in a child partition operating on a host machine, the method comprising the steps of:
initiating a boot process of the guest machine on the child partition of the host machine; during the boot process of the guest machine, a guest health agent running on the guest machine communicating with a host health agent operating on a root partition on the host machine to request the host health agent to check a health of the host machine; in response to requesting the host health agent to check the health of the host machine, performing the health check of the host machine to determine compliance of the host machine to a compliance policy; providing a compliance statement from the host health agent to the guest health agent; comparing, by the guest health agent, the compliance statement received from the host health agent against to the compliance policy; wherein compliance with the compliance policy indicates that the guest machine will be operable on the host machine without having security of the guest machine being disrupted or compromised; if during the boot process the host machine is determined by the guest machine to be in compliance with the compliance policy, completing the boot process of the guest machine in the child partition to create a virtualization environment; and if during the boot process the host machine is determined by the guest machine to be non-compliant with the compliance policy, terminating the boot process of the guest machine in the child partition. |
| 地址 |
Redmond WA US |
