Malicious mobile code runtime monitoring system and methods
First Claim
Patent Images
1. A processor-based method, comprising:
- receiving, by a server, a file;
detecting whether the file includes one or more instances of executable code, including detecting, by a detector engine of the server, that the file includes one or more instances of executable code when the file is determined to include a code pattern indicative of executable code;
generating, by a protection engine, mobile protection code when one or more instances of executable code is detected by the code detector;
receiving, by a linking engine, the generated mobile protection code and the file containing the one or more instance of executable code, and bundling, by the linking engine, the mobile protection code, at least one security policy, and the file into a sandboxed package, wherein the bundling does not alter the file;
unbundling the sandboxed package in the following order;
mobile protection code first, at least one security policy second and the file third; and
transferring the file, by the server, to a destination when no instances of executable code are detected therein.
4 Assignments
0 Petitions
Accused Products
Abstract
A system provides for monitoring information received, determining whether received information does or is likely to include executable code, and if so, causes as sandboxed package including the received information and mobile protection code (MPC) to be transferred to a destination device of the received information. At a destination device, the sandboxed package is unbundled such that upon initiating the Downloadable, malicious Downloadable operating attempts are received by the MPC causing (predetermined) corresponding operations to be executed in response to the attempts.
433 Citations
9 Claims
-
1. A processor-based method, comprising:
-
receiving, by a server, a file; detecting whether the file includes one or more instances of executable code, including detecting, by a detector engine of the server, that the file includes one or more instances of executable code when the file is determined to include a code pattern indicative of executable code; generating, by a protection engine, mobile protection code when one or more instances of executable code is detected by the code detector; receiving, by a linking engine, the generated mobile protection code and the file containing the one or more instance of executable code, and bundling, by the linking engine, the mobile protection code, at least one security policy, and the file into a sandboxed package, wherein the bundling does not alter the file; unbundling the sandboxed package in the following order;
mobile protection code first, at least one security policy second and the file third; andtransferring the file, by the server, to a destination when no instances of executable code are detected therein. - View Dependent Claims (2)
-
-
3. A processor-based method for monitoring for received executables, comprising:
-
detecting, by a first processing device, a received executable; detecting whether the received executable includes one or more instances of executable code, including detecting, by a detector engine of the first processing device, the received executable when the received executable is determined to include an executable file type; wrapping, by a server, the received executable with a sandbox agent, wherein wrapping includes bundling the following separate code objects into a sandbox file; the sandbox agent, a security policy related to the received executable and the received executable, and further wherein the bundling does not alter the separate code objects; sending, by the server, the sandbox file to a second processing device; unbundling the sandbox file in the following order at the second processing device;
sandbox agent first, security policy second and the received executable third; andtransferring the file, by the server, to the second processing device when no instances of executable code are detected therein. - View Dependent Claims (4)
-
-
5. A processor-based method, comprising:
-
receiving, at a server, a file; detecting whether the file includes one or more instances of executable code, including detecting, by a detector engine, at least one received executable within the received file wherein the detector engine is a code detector and the detecting further including detecting, by a file-type detector of the code detector, that the received file is a compressed file type; opening, by an inflator of the code detector, the compressed received file into one or more open received files; and detecting, by the file-type detector, that one or more opened received files is an executable file type; wrapping, by the server, the received file with a sandbox agent, wherein wrapping includes bundling the following separate code objects into a sandbox file; the sandbox agent, a security policy related to the at least one received executable and the received file, and further wherein the bundling does not alter the separate code objects; sending, by the server, the sandbox file to a processing device; unbundling the sandbox file in the following order at the processing device;
sandbox agent first, security policy second and the received file third; andtransferring the file, by the server, to the processing device when no instances of executable code are detected therein. - View Dependent Claims (6, 7, 8)
-
-
9. A computer-implemented method, comprising:
-
receiving program code at a first computing device; detecting whether the program code includes one or more instances of executable code, including detecting when the program code contains an executable file wherein the program code is determined to contain an executable file when the program code is determined to include a code pattern indicative of an executable file; forming a sandbox package including protection code, a security policy and the program code when it contains an executable file; sending the sandbox package to a second computing device; unbundling the sandbox package in the following order at the computing device;
protection code first, security policy second and the program code third; andtransferring the program code, by the server, to a second computing device when no instances of executable code are detected therein.
-
Specification