Invention Application
- Patent Title: METHOD AND APPARATUS FOR APPLICATION AWARENESS IN A NETWORK
- Patent Title (中): 网络中应用意识的方法和设备
-
Application No.: US15262861Application Date: 2016-09-12
-
Publication No.: US20160380972A1Publication Date: 2016-12-29
- Inventor: Azeem Feroz , Binyuan Chen , Amit Chopra
- Applicant: VMware, Inc.
- Main IPC: H04L29/06
- IPC: H04L29/06

Abstract:
A method for enforcing a network policy is described herein. In the method, a network socket event request from an application executing in a first context is intercepted by an agent prior to the request reaching a transport layer in the first context. A context refers to virtualization software, a physical computer, or a combination of virtualization software and physical computer. In response to the interception of the request, the agent requests a decision on whether to allow or deny the network socket event request to be communicated to a security server executing in a second context that is distinct from the first context. The request for a decision includes an identification of the application. The agent then receives from the security server either an allowance or a denial of the network socket event request, the allowance or denial being based at least in part on the identification of the application and a security policy. The agent blocks the network socket event from reaching the transport layer when the denial is received from the security server. In one embodiment, the method is implemented using a machine readable medium embodying software instructions executable by a computer.
Public/Granted literature
- US10454895B2 Method and apparatus for application awareness in a network Public/Granted day:2019-10-22
Information query