Mitigating attacks on server computers by enforcing platform policies on client computers

US 10,129,289 B1
Filed: 03/11/2016
Issued: 11/13/2018
Est. Priority Date: 03/11/2016
Status: Active Grant

First Claim

Patent Images

1. A computer system for improving security of a computing device comprising:

one or more processors;

one or more memory devices operatively coupled to the one or more processors;

wherein the one or more memory devices include a volatile memory and a persistent memory device;

wherein the one or more memory devices store a set of security instructions that, when executed by the one or more processors, cause the one or more processors to;

receive, from a client computer, a request with one or more values;

determine, based on the one or more values, whether the request is from a platform-specific application compiled for a first computer platform;

in response to determining that the request is from a platform-specific application, determine, based on the one or more values, whether the platform-specific application is being executed within an emulator being executed by a second computer platform, wherein the second computer platform is different than the first computer platform.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an embodiment, a computer system is configured to receive, from a client computer, a request with one or more values; determine, based on the one or more values, whether the request is from a platform-specific application compiled for a first computer platform; determine, based on the one or more values, whether the platform-specific application is being executed within an emulator being executed by a second computer platform, wherein the second computer platform is different than the first computer platform.

Citations

33 Claims

1. A computer system for improving security of a computing device comprising:
- one or more processors;
  
  one or more memory devices operatively coupled to the one or more processors;
  
  wherein the one or more memory devices include a volatile memory and a persistent memory device;
  
  wherein the one or more memory devices store a set of security instructions that, when executed by the one or more processors, cause the one or more processors to;
  
  receive, from a client computer, a request with one or more values;
  
  determine, based on the one or more values, whether the request is from a platform-specific application compiled for a first computer platform;
  
  in response to determining that the request is from a platform-specific application, determine, based on the one or more values, whether the platform-specific application is being executed within an emulator being executed by a second computer platform, wherein the second computer platform is different than the first computer platform.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 2. The computer system of claim 1, wherein the set of security instructions, when executed by the one or more processors, further causes the one or more processors to perform a negative action in response to determining that the request is from the platform-specific application being executed within the emulator being executed by the second computer platform.
  - 3. The computer system of claim 2, wherein the request is for a set of data and the negative action comprises terminating the request without sending the set of data to the client computer.
  - 4. The computer system of claim 2, wherein the negative action comprises blocking one or more subsequent requests from the client computer.
  - 5. The computer system of claim 1, wherein the set of security instructions, when executed by the one or more processors, further causes the one or more processors to determine, based on the one or more values, whether the platform-specific application being executed natively by the first computer platform.
  - 6. The computer system of claim 5, wherein the set of security instructions, when executed by the one or more processors, further causes the one or more processors to perform a positive action in response to determining that the platform-specific application being executed natively by the first computer platform.
  - 7. The computer system of claim 6, wherein the request is for a set of data and the positive action comprises:
    - sending, to a server computer, a new request for the set of data;
      
      receiving, from the server computer, the set of data;
      
      sending, to the client computer, the set of data.
  - 8. The computer system of claim 6, wherein the positive action comprises storing data indicating that the client computer is a trusted source.
  - 9. The computer system of claim 5, wherein the request is for a set of data from a particular remote interface, and the set of security instructions, when executed by the one or more processors, further causes the one or more processors to:
    - determine whether the particular remote interface is protected; and
      
      perform a positive action in response to determining that the particular remote interface is protected and determining that the request is from the platform-specific application being executed natively by the first computer platform.
  - 10. The computer system of claim 1, wherein the request is for a set of data from a particular remote interface, and the set of security instructions, when executed by the one or more processors, further causes the one or more processors to:
    - determine whether the particular remote interface is protected; and
      
      perform a negative action in response to determining that the particular remote interface is protected and determining that the request is from the platform-specific application being executed within the emulator being executed by the second computer platform.
  - 11. The computer system of claim 1, wherein the set of security instructions, when executed by the one or more processors, further causes the one or more processors to determine, based on the one or more values, whether the request is from a trusted source.
  - 12. The computer system of claim 11, wherein the set of security instructions, when executed by the one or more processors, further causes the one or more processors to perform a positive action in response to determining that the request is from the trusted source.
  - 13. The computer system of claim 11, wherein the set of security instructions, when executed by the one or more processors, further causes the one or more processors to perform a negative action in response to determining that the client computer is not the trusted source and determining that the request is from the platform-specific application being executed within the emulator being executed by the second computer platform.
  - 14. The computer system of claim 1, wherein:
    - the platform-specific application includes one or more fingerprinting instructions that are conditionally executed if the platform-specific application is executed within the emulator being executed by the second computer platform;
      
      the one or more fingerprinting instructions, if executed within the emulator being executed by the second computer platform, cause the client computer to produce one or more first fingerprint values and include in the one or more first fingerprint values in the one or more values in the request;
      
      the set of security instructions, when executed by the one or more processors, cause the one or more processors to determine that the request is from the platform-specific application being executed within the emulator being executed by the second computer platform if the one or more values include the one or more first fingerprint values.
  - 15. The computer system of claim 14, wherein:
    - the one or more fingerprinting instructions are configured to generate the one or more fingerprint values using one or more methods;
      
      the one or more fingerprinting instructions are configured to periodically to produce one or more different fingerprint values according to one or more different methods.
  - 16. The computer system of claim 1, wherein:
    - the platform-specific application includes one or more fingerprinting instructions that are conditionally executed if the platform-specific application is executed by the first computer platform;
      
      the one or more fingerprinting instructions, if executed by the first computer platform, cause the client computer to produce one or more fingerprint values and include in the one or more fingerprint values in the one or more values in the request;
      
      the set of security instructions, when executed by the one or more processors, cause the one or more processors to determine that the request is from the platform-specific application being executed by the first computer platform if the one or more values include the one or more fingerprint values.
  - 17. The computer system of claim 1, wherein the one or more values are signed with a digital signature.
  - 18. The computer system of claim 17, wherein the digital signature changes over time.
  - 19. The computer system of claim 17, wherein the set of security instructions, when executed by the one or more processors, cause the one or more processors to:
    - determine whether one or more particular values of the one or more values are correctly signed with the digital signature;
      
      perform a negative action in response to determining that the one or more particular values are not correctly signed with the digital signature;
      
      perform a positive action in response to determining that the one or more particular values are correctly signed with the digital signature.
  - 20. The computer system of claim 1, wherein the first computer platform is a first operating system and the second computer platform is a second operating system that is different than the first operating system.
  - 21. The computer system of claim 1, wherein:
    - the first computer platform provides a first interface to a particular component;
      
      the second computer platform provides a second interface to the particular component;
      
      the second interface is different than the first interface.
  - 22. The computer system of claim 21, wherein the emulator provides the first interface to the particular component through the second interface on the second computer platform.
  - 23. The computer system of claim 22, wherein the particular component is a hardware component.
  - 24. The computer system of claim 1, wherein:
    - the first computer platform provides a first interface to a particular component;
      
      the emulator provides the first interface, and the emulator simulates a response from the particular component through the first interface.
  - 25. The computer system of claim 1, wherein the first computer platform provides an interface to a particular component, and the emulator does not provide the interface to the particular component.
  - 26. The computer system of claim 1, wherein the first computer platform provides an interface to a particular component, and the second computer platform does not provide an interface to the particular component.
  - 27. The computer system of claim 1, wherein the first computer platform includes a particular hardware component and the second computer platform does not include the particular hardware component.
  - 28. The computer system of claim 1, wherein the first computer platform is executable on one or more first hardware architectures, and the second computer platform is executable on one or more second hardware architectures that are different than the one or more first hardware architectures.
  - 29. The computer system of claim 1, wherein the one or more values identify one or more particular hardware components that the platform-specific application has access to on the client computer.
  - 30. The computer system of claim 1, wherein:
    - the one or more memory devices comprise a policy that defines a plurality of rules, wherein each rule in the plurality of rules comprises one or more match criteria and one or more actions;
      
      the set of security instructions, when executed by the one or more processors, further cause the one or more processors to determine that a particular rule, among the plurality of rules, has one or more particular match criteria that are satisfied by the request and one or more particular actions, and in response, perform the one or more particular actions.
  - 31. The computer system of claim 30, wherein the set of security instructions, when executed by the one or more processors, further causes the one or more processors to receive user input identifying a new rule with one or more new rule criteria and one or more new actions.
  - 32. The computer system of claim 30, wherein the set of security instructions, when executed by the one or more processors, further causes the one or more processors to:
    - receive user input identifying a particular rule, among the plurality of rules, with one or more new rule criteria and one or more new actions;
      
      update the particular to include the one or more new rule criteria and the one or more new actions.

33. A method for improving security of a computing device comprising:
- receiving, at a server computer, from a client computer, a request with one or more values;
  
  determining, based on the one or more values, whether the request is from a platform-specific application compiled for a first computer platform;
  
  in response to determining that the request is from a platform-specific application, determining, based on the one or more values, whether the platform-specific application is being executed within an emulator being executed by a second computer platform, wherein the second computer platform is different than the first computer platform;
  
  performing a negative action in response to determining that the request is from the platform-specific application being executed within the emulator being executed by the second computer platform;
  
  performing a positive action in response to determining that the request is from the platform-specific application being executed natively by the first computer platform;
  
  wherein the method is performed by one or more processors.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Shape Security Inc. (F5 Incorporated)
Original Assignee
Shape Security Inc. (F5 Incorporated)
Inventors
Yang, Siying, Ghosemajumder, Shuman
Primary Examiner(s)
Avery, Jeremiah

Application Number

US15/068,468
Time in Patent Office

977 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/556   involving covert channels, ...

G06F 21/562   Static detection

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/57   Certifying or maintaining t...

G06F 2221/033   Test or assess software

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

Mitigating attacks on server computers by enforcing platform policies on client computers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Mitigating attacks on server computers by enforcing platform policies on client computers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links