Secure, real-time application execution control system and methods
First Claim
1. A security server system that securely qualifies the execution of programs within a community of networked host computer systems, said security server system comprising:
- a) a database storing sets of pre-qualified program signatures and defined policy rules associating execution permission qualifiers with execution control values; and
b) a processor coupled to said database and including a memory storing a control program and a communications network interface coupleable to a community of one or more host computer systems, said processor operative to execute said control program in response to execution requests received via said communications network interface from identifiable host computer systems within said community, wherein a predetermined execution request received from a predetermined host computer system includes an identification of a program load request, request context related data, and a secure program signature, execution of said control program providing for determination of an execution control value based on an evaluation of said predetermined execution request relative to said sets of pre-qualified program signatures and defined policy rules, whereby return of said execution control value to said predetermined host computer system securely qualifies the execution of the program identified with said program load request.
0 Assignments
0 Petitions
Accused Products
Abstract
A security server qualifies the execution of programs for networked host computer systems using a database storing pre-qualified program signatures and defined policy rules associating execution permission qualifiers with execution control values. The server executes a control program in response to execution requests received via a communications network interface from identifiable hosts, wherein a predetermined execution request received from a predetermined host computer system includes an identification of a program load request, request context related data, and a secure program signature. The control program determines an execution control value based on an evaluation of the execution request relative to the pre-qualified program signatures and defined policy rules. The execution control value is then returned to the predetermined host computer system to securely qualify the execution of the program identified from the program load request.
138 Citations
18 Claims
-
1. A security server system that securely qualifies the execution of programs within a community of networked host computer systems, said security server system comprising:
-
a) a database storing sets of pre-qualified program signatures and defined policy rules associating execution permission qualifiers with execution control values; and
b) a processor coupled to said database and including a memory storing a control program and a communications network interface coupleable to a community of one or more host computer systems, said processor operative to execute said control program in response to execution requests received via said communications network interface from identifiable host computer systems within said community, wherein a predetermined execution request received from a predetermined host computer system includes an identification of a program load request, request context related data, and a secure program signature, execution of said control program providing for determination of an execution control value based on an evaluation of said predetermined execution request relative to said sets of pre-qualified program signatures and defined policy rules, whereby return of said execution control value to said predetermined host computer system securely qualifies the execution of the program identified with said program load request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A security server system that securely controls load execution of programs on a host computer system, said security server system comprising:
-
a) a module installed as a component of a host computer system, said module operative relative to an operating system executed by said host computer system to intercept system calls to load an execute program for execution, said module further operative to generate a security request containing a predetermined load request, associated authentication data and access attributes and a target secure program signature of an executable program identified by said predetermined load request; and
b) a security server, responsive to said security request, including a first database of pre-qualified secure program signatures and a second database of policy rules associating defined load requests, authentication data, and access attributes with predetermined pre-qualified secure program signatures, said security server further including a control program operative to parse said policy rules relative to said security request and generate a security request response reflective of a match between said security request and a corresponding one of said policy rules. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A method of securing the execution of programs on a host computer system comprising the steps of:
-
a) intercepting, on a host computer, a load request for the execution of a program;
b) determining authorization data and access attributes associated with said load request;
c) generating a secure signature for said program;
d) providing a security request, including an identification of said load request, said authorization data and access attributes and said secure signature, to a security server, wherein said security server, in secure isolation from said host computer system, evaluates said security request and returns a security request response; and
e) selectively enabling performance of said load request dependent on said security request response. - View Dependent Claims (15, 16, 17, 18)
-
Specification