Electronic device for installing application and method of controlling same
US-2016239287-A1 · Aug 18, 2016 · US
Protecting computer security applications
US9785790B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9785790-B2 |
| Application number | US-201514969239-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 15, 2015 |
| Priority date | Dec 15, 2015 |
| Publication date | Oct 10, 2017 |
| Grant date | Oct 10, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Protecting a computer security application by executing the computer security application on a computer in a first namespace associated with an operating system of the computer, and creating a second namespace associated with the operating system of the computer, where the second namespace is accessible to the computer security application, and where the first namespace is inaccessible from the second namespace.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer security method comprising: executing a computer security application on a computer in a first namespace associated with an operating system of the computer, wherein the first namespace is in a user space associated with the operating system, wherein the executing comprises executing the computer security application during a boot process of the computer, and wherein the executing comprises executing the computer security application after execution is begun on the computer of a kernel of the operating system; creating a second namespace associated with the operating system of the computer, wherein the second namespace is in the user space associated with the operating system, wherein the second namespace is created after execution is begun of the computer security application in the first namespace, wherein the second namespace is created from within the first namespace, wherein the second namespace is accessible to the computer security application from within the first namespace, and wherein the first namespace is inaccessible from the second namespace; and continuing the boot process in the second namespace after execution is begun of the computer security application in the first namespace and prior to the execution of any other application in the second namespace. 2. The method of claim 1 wherein the executing and creating are performed wherein the operating system is a LINUX-type operating system. 3. The method of claim 1 wherein the executing and creating are implemented in any of a) computer hardware, and b) computer software embodied in a non-transitory, computer-readable medium. 4. A computer security system comprising: an execution manager configured to execute a computer security application on a computer in a first namespace associated with an operating system of the computer, wherein the first namespace is in a user space associated with the operating system, wherein the computer security application is executed during a boot process of the computer, and wherein the computer security application is executed after execution is begun on the computer of a kernel of the operating system; a namespace manager configured to create a second namespace associated with the operating system of the computer, wherein the second namespace is in the user space associated with the operating system, wherein the second namespace is created after execution is begun of the computer security application in the first namespace, wherein the second namespace is created from within the first namespace, wherein the second namespace is accessible to the computer security application from the first namespace, wherein the first namespace is inaccessible from the second namespace, wherein the boot process is continued in the second namespace after execution is begun of the computer security application in the first namespace and prior to the execution of any other application in the second namespace, and wherein the execution manager and the namespace manager are implemented in any of a) computer hardware, and b) computer software embodied in a non-transitory, computer-readable medium. 5. The system of claim 4 wherein the operating system is a LINUX-type operating system. 6. A computer program product for providing computer security, the computer program product comprising: a non-transitory, computer-readable storage medium; and computer-readable program code embodied in the storage medium, wherein the computer-readable program code is configured to execute a computer security application on a computer in a first namespace associated with an operating system of the computer, wherein the first namespace is in a user space associated with the operating system, wherein the executing comprises executing the computer security application during a boot process of the computer, and wherein the executing comprises executing the computer security application after execution is begun on the computer of a kernel of the operating system, create a second namespace associated with the operating system of the computer, wherein the second namespace is in the user space associated with the operating system, wherein the second namespace is created after execution is begun of the computer security application in the first namespace, wherein the second namespace is created from within the first namespace, wherein the second namespace is accessible to the computer security application from the first namespace, and wherein the first namespace is inaccessible from the second namespace, and continue the boot process in the second namespace after execution is begun of the computer security application in the first namespace and prior to the execution of any other application in the second namespace. 7. The computer program product of claim 6 wherein the operating system is a LINUX-type operating system.
Assignees
Inventors
Classifications
Loading of operating system · CPC title
Detecting local intrusion or implementing counter-measures · CPC title
Secure boot · CPC title
- G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title
- G06F9/4401Primary
Bootstrapping (security arrangements therefor G06F21/57) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9785790B2 cover?
- Protecting a computer security application by executing the computer security application on a computer in a first namespace associated with an operating system of the computer, and creating a second namespace associated with the operating system of the computer, where the second namespace is accessible to the computer security application, and where the first namespace is inaccessible from the…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6218. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Oct 10 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).