JP6046276B2 - ネットワークでのアプリケーションアウェアネスの方法及び装置 - Google Patents

ネットワークでのアプリケーションアウェアネスの方法及び装置 Download PDF

Info

Publication number
JP6046276B2
JP6046276B2 JP2015557980A JP2015557980A JP6046276B2 JP 6046276 B2 JP6046276 B2 JP 6046276B2 JP 2015557980 A JP2015557980 A JP 2015557980A JP 2015557980 A JP2015557980 A JP 2015557980A JP 6046276 B2 JP6046276 B2 JP 6046276B2
Authority
JP
Japan
Prior art keywords
network
application
network socket
context
event request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2015557980A
Other languages
English (en)
Japanese (ja)
Other versions
JP2016514295A5 (enExample
JP2016514295A (ja
Inventor
フィローズ、アジーム
チェン、ビンユアン
チョプラ、アミット
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
VMware LLC
Original Assignee
VMware LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by VMware LLC filed Critical VMware LLC
Publication of JP2016514295A publication Critical patent/JP2016514295A/ja
Publication of JP2016514295A5 publication Critical patent/JP2016514295A5/ja
Application granted granted Critical
Publication of JP6046276B2 publication Critical patent/JP6046276B2/ja
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • H04L63/0218Distributed architectures, e.g. distributed firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
JP2015557980A 2013-02-14 2013-02-14 ネットワークでのアプリケーションアウェアネスの方法及び装置 Active JP6046276B2 (ja)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US13/767,686 US9444841B2 (en) 2013-02-14 2013-02-14 Method and apparatus for application awareness in a network
US13/767,686 2013-02-14
PCT/US2013/026225 WO2014126574A1 (en) 2013-02-14 2013-02-14 Method and apparatus for application awareness in a network

Publications (3)

Publication Number Publication Date
JP2016514295A JP2016514295A (ja) 2016-05-19
JP2016514295A5 JP2016514295A5 (enExample) 2016-09-01
JP6046276B2 true JP6046276B2 (ja) 2016-12-14

Family

ID=47844450

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2015557980A Active JP6046276B2 (ja) 2013-02-14 2013-02-14 ネットワークでのアプリケーションアウェアネスの方法及び装置

Country Status (5)

Country Link
US (3) US9444841B2 (enExample)
EP (1) EP2956883B1 (enExample)
JP (1) JP6046276B2 (enExample)
AU (1) AU2013378115B2 (enExample)
WO (1) WO2014126574A1 (enExample)

Families Citing this family (62)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8695060B2 (en) 2011-10-10 2014-04-08 Openpeak Inc. System and method for creating secure applications
US10033693B2 (en) 2013-10-01 2018-07-24 Nicira, Inc. Distributed identity-based firewalls
US9560081B1 (en) * 2016-06-24 2017-01-31 Varmour Networks, Inc. Data network microsegmentation
US9594929B2 (en) * 2014-08-11 2017-03-14 Honeywell International Inc. Open architecture security methods and systems
US8938547B1 (en) 2014-09-05 2015-01-20 Openpeak Inc. Method and system for data usage accounting in a computing device
US9350818B2 (en) 2014-09-05 2016-05-24 Openpeak Inc. Method and system for enabling data usage accounting for unreliable transport communication
US20160071040A1 (en) 2014-09-05 2016-03-10 Openpeak Inc. Method and system for enabling data usage accounting through a relay
US9100390B1 (en) 2014-09-05 2015-08-04 Openpeak Inc. Method and system for enrolling and authenticating computing devices for data usage accounting
US9232013B1 (en) 2014-09-05 2016-01-05 Openpeak Inc. Method and system for enabling data usage accounting
US9098715B1 (en) 2014-10-28 2015-08-04 Openpeak Inc. Method and system for exchanging content between applications
US10606626B2 (en) 2014-12-29 2020-03-31 Nicira, Inc. Introspection method and apparatus for network access filtering
US10178070B2 (en) 2015-03-13 2019-01-08 Varmour Networks, Inc. Methods and systems for providing security to distributed microservices
US9467476B1 (en) 2015-03-13 2016-10-11 Varmour Networks, Inc. Context aware microsegmentation
US9609026B2 (en) 2015-03-13 2017-03-28 Varmour Networks, Inc. Segmented networks that implement scanning
US9232078B1 (en) 2015-03-16 2016-01-05 Openpeak Inc. Method and system for data usage accounting across multiple communication networks
US10432754B2 (en) 2015-09-16 2019-10-01 Profire Energy, Inc Safety networking protocol and method
US10514683B2 (en) 2015-09-16 2019-12-24 Profire Energy, Inc. Distributed networking system and method to implement a safety state environment
JP6771874B2 (ja) * 2015-09-16 2020-10-21 キヤノン株式会社 情報処理装置、その制御方法及びプログラム
US10324746B2 (en) * 2015-11-03 2019-06-18 Nicira, Inc. Extended context delivery for context-based authorization
US10070316B2 (en) 2016-06-16 2018-09-04 Samsung Electronics Co., Ltd. Permission delegation framework
US9787639B1 (en) * 2016-06-24 2017-10-10 Varmour Networks, Inc. Granular segmentation using events
US10938837B2 (en) 2016-08-30 2021-03-02 Nicira, Inc. Isolated network stack to manage security for virtual machines
US9762619B1 (en) 2016-08-30 2017-09-12 Nicira, Inc. Multi-layer policy definition and enforcement framework for network virtualization
CN110168499B (zh) 2016-12-06 2023-06-20 Nicira股份有限公司 在主机上执行上下文丰富的基于属性的服务
US10581960B2 (en) 2016-12-22 2020-03-03 Nicira, Inc. Performing context-rich attribute-based load balancing on a host
US11032246B2 (en) * 2016-12-22 2021-06-08 Nicira, Inc. Context based firewall services for data message flows for multiple concurrent users on one machine
WO2018118465A1 (en) * 2016-12-22 2018-06-28 Nicira, Inc. Collecting and processing context attributes on a host
US10803173B2 (en) * 2016-12-22 2020-10-13 Nicira, Inc. Performing context-rich attribute-based process control services on a host
US10503536B2 (en) 2016-12-22 2019-12-10 Nicira, Inc. Collecting and storing threat level indicators for service rule processing
AU2017378718B2 (en) * 2016-12-22 2021-01-28 VMware LLC Collecting and processing context attributes on a host
US10812451B2 (en) 2016-12-22 2020-10-20 Nicira, Inc. Performing appID based firewall services on a host
US10805332B2 (en) 2017-07-25 2020-10-13 Nicira, Inc. Context engine model
US11032248B2 (en) * 2017-03-07 2021-06-08 Nicira, Inc. Guest thin agent assisted host network encryption
US11681568B1 (en) * 2017-08-02 2023-06-20 Styra, Inc. Method and apparatus to reduce the window for policy violations with minimal consistency assumptions
US10778651B2 (en) 2017-11-15 2020-09-15 Nicira, Inc. Performing context-rich attribute-based encryption on a host
US10652213B2 (en) 2017-12-18 2020-05-12 Nicira, Inc. Agent-less micro-segmentation of a network
US10862773B2 (en) 2018-01-26 2020-12-08 Nicira, Inc. Performing services on data messages associated with endpoint machines
US10802893B2 (en) 2018-01-26 2020-10-13 Nicira, Inc. Performing process control services on endpoint machines
US11296960B2 (en) 2018-03-08 2022-04-05 Nicira, Inc. Monitoring distributed applications
JP7067187B2 (ja) * 2018-03-27 2022-05-16 日本電気株式会社 通信制御装置、通信制御方法、及びプログラム
US20200364354A1 (en) * 2019-05-17 2020-11-19 Microsoft Technology Licensing, Llc Mitigation of ransomware in integrated, isolated applications
US11176157B2 (en) 2019-07-23 2021-11-16 Vmware, Inc. Using keys to aggregate flows at appliance
US11349876B2 (en) 2019-07-23 2022-05-31 Vmware, Inc. Security policy recommendation generation
US11743135B2 (en) 2019-07-23 2023-08-29 Vmware, Inc. Presenting data regarding grouped flows
US11398987B2 (en) 2019-07-23 2022-07-26 Vmware, Inc. Host-based flow aggregation
US11340931B2 (en) 2019-07-23 2022-05-24 Vmware, Inc. Recommendation generation based on selection of selectable elements of visual representation
US10911335B1 (en) 2019-07-23 2021-02-02 Vmware, Inc. Anomaly detection on groups of flows
US11140090B2 (en) 2019-07-23 2021-10-05 Vmware, Inc. Analyzing flow group attributes using configuration tags
US11436075B2 (en) 2019-07-23 2022-09-06 Vmware, Inc. Offloading anomaly detection from server to host
US11188570B2 (en) 2019-07-23 2021-11-30 Vmware, Inc. Using keys to aggregate flow attributes at host
US11288256B2 (en) 2019-07-23 2022-03-29 Vmware, Inc. Dynamically providing keys to host for flow aggregation
US11539718B2 (en) 2020-01-10 2022-12-27 Vmware, Inc. Efficiently performing intrusion detection
US11321213B2 (en) 2020-01-16 2022-05-03 Vmware, Inc. Correlation key used to correlate flow and con text data
US11108728B1 (en) 2020-07-24 2021-08-31 Vmware, Inc. Fast distribution of port identifiers for rule processing
US11785032B2 (en) 2021-01-22 2023-10-10 Vmware, Inc. Security threat detection based on network flow analysis
US11991187B2 (en) 2021-01-22 2024-05-21 VMware LLC Security threat detection based on network flow analysis
US11831667B2 (en) 2021-07-09 2023-11-28 Vmware, Inc. Identification of time-ordered sets of connections to identify threats to a datacenter
US11997120B2 (en) 2021-07-09 2024-05-28 VMware LLC Detecting threats to datacenter based on analysis of anomalous events
US20230013808A1 (en) * 2021-07-13 2023-01-19 Vmware, Inc. Method and system for implementing an intent-based intrusion detection and prevention system using contextual attributes
US11792151B2 (en) 2021-10-21 2023-10-17 Vmware, Inc. Detection of threats based on responses to name resolution requests
US12015591B2 (en) 2021-12-06 2024-06-18 VMware LLC Reuse of groups in security policy
US12425371B2 (en) * 2022-09-16 2025-09-23 Cisco Technology, Inc. System and method for providing SCHC-based edge firewalling

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2003201231A1 (en) * 2002-01-04 2003-07-30 Lab 7 Networks, Inc. Communication security system
JP2004013608A (ja) * 2002-06-07 2004-01-15 Hitachi Ltd プログラムの実行および転送の制御
US20050182966A1 (en) * 2004-02-17 2005-08-18 Duc Pham Secure interprocess communications binding system and methods
US20050182958A1 (en) * 2004-02-17 2005-08-18 Duc Pham Secure, real-time application execution control system and methods
KR20060050768A (ko) * 2004-10-01 2006-05-19 마이크로소프트 코포레이션 액세스 인가 api
US20070073858A1 (en) * 2005-09-27 2007-03-29 Nokia Corporation Security of virtual computing platforms
US8095786B1 (en) * 2006-11-09 2012-01-10 Juniper Networks, Inc. Application-specific network-layer virtual private network connections
US8307443B2 (en) * 2007-09-28 2012-11-06 Microsoft Corporation Securing anti-virus software with virtualization
US7920478B2 (en) * 2008-05-08 2011-04-05 Nortel Networks Limited Network-aware adapter for applications
US9235705B2 (en) * 2008-05-19 2016-01-12 Wontok, Inc. Secure virtualization system software
US8406748B2 (en) * 2009-01-28 2013-03-26 Headwater Partners I Llc Adaptive ambient services
US20100122313A1 (en) * 2008-11-09 2010-05-13 Aspect9, Inc. Method and system for restricting file access in a computer system
US8973089B2 (en) * 2011-08-08 2015-03-03 Adobe Systems Incorporated Secure socket policy files for establishing secure socket connections

Also Published As

Publication number Publication date
EP2956883B1 (en) 2017-03-22
US20140230008A1 (en) 2014-08-14
JP2016514295A (ja) 2016-05-19
US20200195612A1 (en) 2020-06-18
AU2013378115B2 (en) 2016-07-28
EP2956883A1 (en) 2015-12-23
US10454895B2 (en) 2019-10-22
US20160380972A1 (en) 2016-12-29
AU2013378115A1 (en) 2015-09-03
WO2014126574A1 (en) 2014-08-21
US9444841B2 (en) 2016-09-13

Similar Documents

Publication Publication Date Title
JP6046276B2 (ja) ネットワークでのアプリケーションアウェアネスの方法及び装置
US11743289B2 (en) Managing transmissions of virtual machines using a network interface controller
US10652281B1 (en) Network policy implementation in a tag-based policy architecture
US10305927B2 (en) Sinkholing bad network domains by registering the bad network domains on the internet
US8539570B2 (en) Method for managing a virtual machine
US20170054686A1 (en) Agentless Security of Virtual Machines using a Filtering Platform
JP7320572B2 (ja) ホスト上のコンテキスト属性の収集と処理
US12267298B2 (en) Distributed traffic steering and enforcement for security solutions
US11194600B2 (en) Secure digital workspace using machine learning and microsegmentation
CN103718527B (zh) 一种通信安全处理方法、装置及系统
US10193862B2 (en) Security policy analysis based on detecting new network port connections
US11343231B2 (en) Security context aware nano-segmentation for container based microservices
US20230110049A1 (en) Limiting the security impact of compromised endpoint computing devices in a distributed malware detection system
US20190273731A1 (en) Securing Authentication Processes
US11057385B2 (en) Methods to restrict network file access in guest virtual machines using in-guest agents
US11995038B2 (en) Data criticality-based network policy creation and consumption
US11671404B2 (en) Policy based mechanism to efficiently interpret and block insecure network communication
You et al. HardWhale: A Hardware-Isolated Network Security Enforcement System for Cloud Environments
US12069028B2 (en) Fast policy matching with runtime signature update
CN114143048B (zh) 一种安全资源管理的方法、装置及存储介质
Simpson et al. Ports and Protocols Extended Control for Security.
CN117857117A (zh) 一种软硬件结合的云防火墙rss实现方法

Legal Events

Date Code Title Description
A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20151014

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20150831

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20160713

A871 Explanation of circumstances concerning accelerated examination

Free format text: JAPANESE INTERMEDIATE CODE: A871

Effective date: 20160713

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20160831

TRDD Decision of grant or rejection written
A975 Report on accelerated examination

Free format text: JAPANESE INTERMEDIATE CODE: A971005

Effective date: 20160901

A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20161018

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20161116

R150 Certificate of patent or registration of utility model

Ref document number: 6046276

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

S531 Written request for registration of change of domicile

Free format text: JAPANESE INTERMEDIATE CODE: R313531

S533 Written request for registration of change of name

Free format text: JAPANESE INTERMEDIATE CODE: R313533

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350

S531 Written request for registration of change of domicile

Free format text: JAPANESE INTERMEDIATE CODE: R313531

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250