公开(公告)号：US10783246B2

公开(公告)日：2020-09-22

申请号：US15420404

申请日：2017-01-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Nigel Edwards ,  Michael John Wray

IPC: G06F21/56

Abstract: Examples relate to snapshots of system memory. In an example implementation, structural information of a process in a snapshot of system memory is compared with hashes or fuzzy hashes of executable regions of the same process in a previous snapshot of system memory to determine whether there is a structural anomaly.

公开(公告)号：US20180218153A1

公开(公告)日：2018-08-02

申请号：US15420404

申请日：2017-01-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Nigel Edwards ,  Michael John Wray

IPC: G06F21/56

CPC classification number: G06F21/566

Abstract: Examples relate to snapshots of system memory. In an example implementation, structural information of a process in a snapshot of system memory is compared with hashes or fuzzy hashes of executable regions of the same process in a previous snapshot of system memory to determine whether there is a structural anomaly.

公开(公告)号：US20180218148A1

公开(公告)日：2018-08-02

申请号：US15417955

申请日：2017-01-27

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Michela D'Errico ,  Leon Frank Ehrenhart ,  Chris I. Dalton ,  Michael John Wray ,  Siani Pearson ,  Dennis Heinze

IPC: G06F21/53 ,  G06F17/30

CPC classification number: G06F21/53 ,  G06F16/245 ,  G06F2221/033

Abstract: Examples relate to system call policies for containers. In an example, a method includes receiving, by a container platform, a container for running an application. The container has a metadata record that specifies an application type of the application. The container platform receives a data structure that specifies a set of system call policies for a set of application types and queries the data structure to determine a policy of the set of system call policies to apply to the container based on the application type in the metadata record. A kernel implements the policy for the container to allow or deny permission for a system call by the application running in the container based on a comparison of the system call to the policy.

公开(公告)号：US10650138B2

公开(公告)日：2020-05-12

申请号：US15417955

申请日：2017-01-27

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Michela D'Errico ,  Leon Frank Ehrenhart ,  Chris I. Dalton ,  Michael John Wray ,  Siani Pearson ,  Dennis Heinze

IPC: G06F21/53 ,  G06F16/245

Abstract: Examples relate to system call policies for containers. In an example, a method includes receiving, by a container platform, a container for running an application. The container has a metadata record that specifies an application type of the application. The container platform receives a data structure that specifies a set of system call policies for a set of application types and queries the data structure to determine a policy of the set of system call policies to apply to the container based on the application type in the metadata record. A kernel implements the policy for the container to allow or deny permission for a system call by the application running in the container based on a comparison of the system call to the policy.

公开(公告)号：US10372909B2

公开(公告)日：2019-08-06

申请号：US15241502

申请日：2016-08-19

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Michael John Wray ,  Nigel Edwards

IPC: G06F21/52 ,  G06F21/56

Abstract: Example implementations relate to determination as to whether a process is infected with malware. For example, in an implementation, information of a process extracted from a snapshot of system memory is obtained. A determination as to whether the process is infected with malware is made based on a process model.

公开(公告)号：US20180052997A1

公开(公告)日：2018-02-22

申请号：US15241502

申请日：2016-08-19

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Michael John Wray ,  Nigel Edwards

IPC: G06F21/56 ,  G06F21/52

CPC classification number: G06F21/566 ,  G06F21/52 ,  G06F21/562 ,  G06F2221/033

Abstract: Example implementations relate to determination as to whether a process is infected with malware. For example, in an implementation, information of a process extracted from a snapshot of system memory is obtained. A determination as to whether the process is infected with malware is made based on a process model.