Preventing unauthorized outgoing communications
First Claim
1. A method comprising:
- in response to an attempt to transmit an outgoing communication by a transmitting software entity, obtaining a list of software entities which have performed Inter-Process Communication (IPC) with the transmitting software entity, said obtaining the list comprising;
determining a cone of influence in a communication graph from a node representing the transmitting software entity, wherein the communication graph is a directed graph, wherein a node of the communication graph represents a software entity, wherein a directed edge in the communication graph connecting between a first node and a second node represents an IPC initiated by a first software entity towards a second software entity, wherein the first node represents the first software entity, wherein the second node represents the second software entity;
wherein the cone of influence comprises at least a node representing a software entity that performed IPC directly with the transmitting software entity, and a node representing a software entity that performed IPC indirectly with the transmitting software entity,wherein the list comprises each software entity that is associated with any node that is comprised in the cone of influence;
determining whether any software entity in the list of software entities is an unauthorized software entity; and
in response to detecting an unauthorized software entity in the list of software entities, blocking the outgoing communication,thereby preventing the transmitting software entity from transmitting outgoing communication.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, product and method for preventing unauthorized outgoing communications. The method comprises, in response to an attempt to transmit an outgoing communication by a transmitting software entity, obtaining a list of software entities which have performed Inter-Process Communication (IPC), directly or indirectly, with the transmitting software entity. The method further comprises for each software entity in the list of software entities, checking whether the software entity is an unauthorized software entity. In response to detecting an unauthorized software entity in the list of software entities, the outgoing communication may be blocked. As a result, the outgoing communication is prevented from being transmitted.
91 Citations
19 Claims
-
1. A method comprising:
-
in response to an attempt to transmit an outgoing communication by a transmitting software entity, obtaining a list of software entities which have performed Inter-Process Communication (IPC) with the transmitting software entity, said obtaining the list comprising; determining a cone of influence in a communication graph from a node representing the transmitting software entity, wherein the communication graph is a directed graph, wherein a node of the communication graph represents a software entity, wherein a directed edge in the communication graph connecting between a first node and a second node represents an IPC initiated by a first software entity towards a second software entity, wherein the first node represents the first software entity, wherein the second node represents the second software entity; wherein the cone of influence comprises at least a node representing a software entity that performed IPC directly with the transmitting software entity, and a node representing a software entity that performed IPC indirectly with the transmitting software entity, wherein the list comprises each software entity that is associated with any node that is comprised in the cone of influence; determining whether any software entity in the list of software entities is an unauthorized software entity; and in response to detecting an unauthorized software entity in the list of software entities, blocking the outgoing communication, thereby preventing the transmitting software entity from transmitting outgoing communication. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer program product comprising a non-transitory computer-readable storage medium retaining program instructions, which program instructions when read by a processor, cause the processor to perform a method comprising:
-
in response to an attempt to transmit an outgoing communication by a transmitting software entity, obtaining a list of software entities which have performed Inter-Process Communication (IPC) with the transmitting software entity said obtaining the list comprising; determining a cone of influence in a communication graph from a node representing the transmitting software entity, wherein the communication graph is a directed graph, wherein a node of the communication graph represents a software entity, wherein a directed edge in the communication graph connecting between a first node and a second node represents an IPC initiated by a first software entity towards a second software entity, wherein the first node represents the first software entity, wherein the second node represents the second software entity; wherein the cone of influence comprises at least a node representing a software entity that performed IPC directly with the transmitting software entity, and a node representing a software entity that performed IPC indirectly with the transmitting software entity, wherein the list comprises each software entity that is associated with any node that is comprised in the cone of influence; determining whether any software entity in the list of software entities is an unauthorized software entity; and in response to detecting an unauthorized software entity in the list of software entities, blocking the outgoing communication, thereby preventing the transmitting software entity from transmitting outgoing communication. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer program product comprising a non-transitory computer-readable storage medium retaining program instructions, which program instructions when read by a processor, cause the processor to perform a method comprising:
-
in response to an attempt to transmit an outgoing communication by a transmitting software entity, obtaining a list of software entities which have performed Inter-Process Communication (IPC) with the transmitting software entity, said obtaining the list comprising; determining a cone of influence in a communication graph from a node representing the transmitting software entity, wherein the communication graph is a directed graph, wherein a node of the communication graph represents a software entity, wherein a directed edge in the communication graph connecting between a first node and a second node represents an IPC initiated by a first software entity towards a second software entity, wherein the first node represents the first software entity, wherein the second node represents the second software entity; wherein the cone of influence comprises at least a node representing a software entity that performed IPC directly with the transmitting software entity, and a node representing a software entity that performed IPC indirectly with the transmitting software entity, wherein the list comprises each software entity that is associated with any node that is comprised in the cone of influence; determining whether any software entity in the list of software entities is an unauthorized software entity; and in response to detecting an unauthorized software entity in the list of software entities, logging in an event log an event associated with the outgoing communication, thereby generating the event log for potential future analysis. - View Dependent Claims (16, 17, 18, 19)
-
Specification