System and method for the managed security control of processes on a computer system
First Claim
1. A computer-implemented method for implementing security for a computing device, comprising the steps of:
- identifying an allowed program that is permitted to execute on the computing device;
receiving a signal that a new program is going to be executed on the computing device;
suspending the execution of the new program on the computing device;
determining whether the new program is the same as the allowed program;
if the new program is the same as the allowed program, permitting the new program to execute on the computing device; and
if the new program is not the same as the allowed program, monitoring the new program while allowing it to execute on the computing device.
6 Assignments
0 Petitions
Accused Products
Abstract
Managing and controlling the execution of software programs with a computing device to protect the computing device from malicious activities. A protector system implements a two-step process to ensure that software programs do not perform malicious activities which may damage the computing device or other computing resources to which the device is coupled. In the first phase, the protector system determines whether a software program has been previously approved and validates that the software program has not been altered. If the software program is validated during the first phase, this will minimize or eliminate security monitoring operations while the software program is executing during the second phase. If the software program cannot be validated, the protector system enters the second phase and detects and observes executing activities at the kernel level of the operating system so that suspicious actions can be anticipated and addressed before they are able to do harm to the computing device.
159 Citations
40 Claims
-
1. A computer-implemented method for implementing security for a computing device, comprising the steps of:
-
identifying an allowed program that is permitted to execute on the computing device;
receiving a signal that a new program is going to be executed on the computing device;
suspending the execution of the new program on the computing device;
determining whether the new program is the same as the allowed program;
if the new program is the same as the allowed program, permitting the new program to execute on the computing device; and
if the new program is not the same as the allowed program, monitoring the new program while allowing it to execute on the computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer-implemented method for implementing security for a computing device comprising the steps of:
-
interrupting the loading of a new program for operation with the computing device;
validating the new program;
if the new program is validated, permitting the new program to continue loading and to execute in connection with the computing device;
if the new program is not validated, monitoring the new program while it loads and executes in connection with the computing device. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer-implemented method for performing security for a computing device during a pre-execution phase comprising the steps of:
-
identifying an allowed program that is permitted to execute with the computing device;
receiving a signal that a new program is being loaded for execution with the computing device;
suspending the loading of the new program;
comparing the new program to the allowed program; and
determining whether the new program is valid. - View Dependent Claims (22, 23, 24, 25)
-
-
26. A computer-implemented method for performing security for a computing device during an execution phase comprising the steps of:
-
intercepting a call to open a file from the computing device'"'"'s operating system;
determining whether the file is restricted;
if the file is restricted, taking remedial action to protect the computing device; and
if the file is not restricted, permitting the call to open the file. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A system for managing security of a computing device comprising:
-
a pre-execution module operable for receiving notice from the computing device'"'"'s operating system that a program is being loaded onto the computing device;
a validation module coupled to the pre-execution monitor operable for determining whether the program is valid;
a detection module coupled to the pre-execution monitor operable for intercepting a trigger from the computing device'"'"'s operating system; and
an execution module coupled to the detection module and operable for monitoring the program in response to the trigger intercepted by the detection module. - View Dependent Claims (37, 38, 39, 40)
-
Specification