Securing applications and operating systems
First Claim
1. A method performed by a kernel mode operating system component of a computer system for securing its operating system, comprising:
- detecting that a component of the operating system is performing an operation;
retrieving a policy previously registered for the operation, the policy including a condition and an action;
determining whether the condition associated with the policy is satisfied; and
when the condition associated with the policy is satisfied, performing an action associated with the condition; and
causing a notification message relating to the operation to be sent to a user.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques for securing applications and operating systems are provided. In an embodiment, the system notifies a user that a security enforcement action is being taken even though the condition prompting the action is detected by a security engine that executes in kernel mode. The security engine enforces security policies that help to ensure that a vulnerability of an application or operating system cannot be exploited. In an embodiment, the security system may solicit input from a user relating to a security enforcement action even though the condition prompting the action is detected by a security engine that executes in kernel mode. Security policies may be defined as sets of rules, each having a condition and an action. The security system thus enables kernel mode components to provide notifications to a user or solicit input from the user.
-
Citations
51 Claims
-
1. A method performed by a kernel mode operating system component of a computer system for securing its operating system, comprising:
-
detecting that a component of the operating system is performing an operation;
retrieving a policy previously registered for the operation, the policy including a condition and an action;
determining whether the condition associated with the policy is satisfied; and
when the condition associated with the policy is satisfied, performing an action associated with the condition; and
causing a notification message relating to the operation to be sent to a user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method performed by a kernel mode operating system component of a computer system for securing its operating system, comprising:
-
detecting that a component of the operating system is performing an operation;
retrieving a policy previously registered for the operation, the policy including a condition and an action;
determining whether the condition associated with the policy is satisfied; and
when the condition associated with the policy is satisfied, causing input to be solicited from a user; and
receiving an indication of a specified action based on the input from the user. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method performed by a user mode operating system component of a computer system for securing its operating system, comprising:
-
receiving an indication to communicate information to a user, the indication originating at a kernel mode component and including an identifier;
selecting information to communicate to the user based on the identifier included in the received indication;
sending the selected information to a notification application; and
when the communicated information includes a solicitation for input from the user, receiving input from the notification application; and
forwarding the input to the kernel mode component. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A system operating in kernel mode of an operating system, comprising:
-
a component that detects that a software component is performing an operation;
a component that retrieves a policy previously registered for the operation, the policy including a condition and an action;
a component that determines whether the condition associated with the policy is satisfied; and
a component that, when the condition associated with the policy is satisfied, causes an action associated with the condition to be performed and causes a notification message relating to the operation to be sent to a user. - View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44)
-
-
45. A computer-readable medium having computer-executable instructions for performing steps in kernel mode of an operating system, comprising:
-
detecting that a component of the operating system is performing an operation;
retrieving a policy previously registered for the operation, the policy including a condition and an action;
determining whether the condition associated with the policy is satisfied; and
when the condition associated with the policy is satisfied, performing an action associated with the condition; and
causing an informational message relating to the operation to be sent to a user. - View Dependent Claims (46, 47, 48, 49, 50, 51)
-
Specification