Method and apparatus providing deception and/or altered execution of logic in an information system
First Claim
Patent Images
1. A method of modifying operation of an information system comprising:
- modifying a program execution call to first execute a wrapper logic module in user space instead of a requested program;
examining a program execution request in light of one or more conditions;
selecting an action using said program execution request and said conditions;
performing said action; and
selecting a response using one or more of said program execution requests, said conditions and results of said action;
providing said selected response.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and/or system and/or apparatus providing deception and/or execution alteration in an information system. In specific embodiments, deceptions and/or protections are provided by intercepting and/or modifying operation of one or more system calls of an operating system.
-
Citations
23 Claims
-
1. A method of modifying operation of an information system comprising:
-
modifying a program execution call to first execute a wrapper logic module in user space instead of a requested program;
examining a program execution request in light of one or more conditions;
selecting an action using said program execution request and said conditions;
performing said action; and
selecting a response using one or more of said program execution requests, said conditions and results of said action;
providing said selected response. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 17)
-
-
13. A computer program product for use in an information system comprising:
-
a computer useable medium having computer readable program code embodied therein, said computer program product further comprising;
computer readable program code enabling a loadable operating system module able to intercept all program execution requests;
wherein said module, after intercepting a program execution request, initiates logic to evaluate said program execution request and determine whether to grant, refuse to grant, or falsifies granting said program execution request depending on one or more parameters; and
wherein said module, after intercepting a program execution request, returns either an accurate or an inaccurate response to said request depending on one or more parameters. - View Dependent Claims (14, 15, 16)
-
-
18. A method of defending an information system from undesireable program execution comprising:
-
ensuring a per-process program execution flag is at a control state at process initiation;
checking said per-process flag at a first program execution request;
if said per-process flag is at a control state;
executing a control logic module instead of said first program;
resetting said per-process flag to an uncontrol state;
said control logic module evaluating said program execution request;
said control logic module optionally generating one or more responses;
said control logic module optionally taking one or more actions; and
said control logic module optionally issuing a different program execution request;
if said per-process flag is at an uncontrol state;
executing said program execution request; and
resetting said per-process flag to a control state. - View Dependent Claims (19, 20)
-
-
21. A method of enhancing security in an information appliance comprising:
-
modifying an execution function of said information processing system to initially call a program execution evaluation module;
determining whether or not to provide deceptions; and
from said program execution evaluation module providing one or more of a set of available deceptions to entities identified for deception. - View Dependent Claims (22, 23)
-
Specification