Insider attack resistant system and method for cloud services integrity checking
Abstract
An insider attack resistant system for providing cloud services integrity checking is disclosed. In particular, the system utilizes an automated integrity checking script and virtual machines to check the integrity of a service. The system may utilize the integrity checking script and virtual machines to execute a set of operations associated with the service so as to check the integrity of the service. When executing the set of operations, the system may only have access to the minimum level of access to peripherals that is required for each operation in the set of operations to be executed. After each operation is executed, the system may log each result for each operation, and analyze each result to determine if a failure exists for any of the operations. If a failure exists, the system may determine that a change in an expected system behavior associated with the service has occurred.
Claims
exact text as granted — not AI-modifiedWe claim:
1 . A method, comprising:
determining, by a system comprising a processor, a sub-group of a group of peripherals associated with the system that satisfy a minimum requirement for operations associated with a service to be executed; and performing, by the system, an integrity check of the service, comprising executing the operations associated with the service with restricted access to only the sub-group of peripherals.
2 . The method of claim 1 , further comprising logging, by the system, respective results of executions of the operations associated with the service.
3 . The method of claim 2 , further comprising identifying, by the system, a result of the respective results indicative of an abnormal behavior of the operation corresponding to the result.
4 . The method of claim 3 , further comprising generating, by the system, an alert identifying the abnormal behavior of the operation.
5 . The method of claim 3 , further comprising performing, by the system, an action to correct the abnormal behavior of the operation.
6 . The method of claim 3 , further comprising identifying, by the system, a malware that caused the abnormal behavior of the operation.
7 . The method of claim 6 , further comprising executing, by the system, a malware removal program to remove the malware.
8 . A system, comprising:
a processor; and a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising:
identifying a sub-group of a group of peripherals associated with the system that satisfy a least amount of peripherals for operations associated with a service to be executed; and
determining an integrity of the service, comprising executing the operations associated with the service with restricted access to only the sub-group of peripherals.
9 . The system of claim 8 , wherein the operations further comprise recording respective results of executions of the operations associated with the service.
10 . The system of claim 9 , wherein the operations further comprise detecting a result of the respective results indicative of an abnormal behavior of the operation corresponding to the result.
11 . The system of claim 10 , wherein the operations further comprise presenting an alert identifying the abnormal behavior of the operation.
12 . The system of claim 10 , wherein the operations further comprise performing an action to mitigate the abnormal behavior of the operation.
13 . The system of claim 10 , wherein the operations further comprise determining a malware that caused the abnormal behavior of the operation.
14 . The system of claim 13 , wherein the operations further comprise running a malware removal program to remove the malware.
15 . A non-transitory machine-readable medium, comprising executable instructions that, when executed by a processor of a system, facilitate performance of operations, comprising:
identifying a sub-group of a group of peripherals associated with the system that satisfy a defined lower limit for operations associated with a service to be executed; and executing an integrity checking process on the service, comprising executing the operations associated with the service with restricted access to only the sub-group of peripherals.
16 . The non-transitory machine-readable medium of claim 15 , wherein the operations further comprise recording respective results of executions of the operations associated with the service.
17 . The non-transitory machine-readable medium of claim 16 , wherein the operations further comprise determining a result of the respective results indicative of an abnormal behavior of the operation corresponding to the result.
18 . The non-transitory machine-readable medium of claim 17 , wherein the operations further comprise sending a notification to a system administrator identifying the abnormal behavior of the operation.
19 . The non-transitory machine-readable medium of claim 17 , wherein the operations further comprise performing an action to mitigate or eliminate the abnormal behavior of the operation.
20 . The non-transitory machine-readable medium of claim 17 , wherein the operations further comprise in response to determining a virus that caused the abnormal behavior of the operation, executing a virus removal program to remove the virus from the system.Join the waitlist — get patent alerts
Track US2023164154A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.