Malicious mobile code runtime monitoring system and methods
First Claim
1. A processor-based method, comprising:
- receiving downloadable-information;
determining whether the downloadable-information includes executable code; and
causing mobile protection code to be communicated to at least one information-destination of the downloadable-information, if the downloadable-information is determined to include executable code.
6 Assignments
0 Petitions
Accused Products
Abstract
Protection systems and methods provide for protecting one or more personal computers (“PCs”) and/or other intermittently or persistently network accessible devices or processes from undesirable or otherwise malicious operations of Java™ applets, ActiveX™ controls, JavaScript™ scripts, Visual Basic scripts, add-ins, downloaded/uploaded programs or other “Downloadables” or “mobile code” in whole or part. A protection engine embodiment provides, within a server, firewall or other suitable “re-communicator,” for monitoring information received by the communicator, determining whether received information does or is likely to include executable code, and if so, causes mobile protection code (MPC) to be transferred to and rendered operable within a destination device of the received information, more suitably by forming a protection agent including the MPC, protection policies and a detected-Downloadable. An MPC embodiment further provides, within a Downloadable-destination, for initiating the Downloadable, enabling malicious Downloadable operation attempts to be received by the MPC, and causing (predetermined) corresponding operations to be executed in response to the attempts, more suitably in conjunction with protection policies.
-
Citations
76 Claims
-
1. A processor-based method, comprising:
-
receiving downloadable-information;
determining whether the downloadable-information includes executable code; and
causing mobile protection code to be communicated to at least one information-destination of the downloadable-information, if the downloadable-information is determined to include executable code. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
16. A processor-based system, comprising
an information monitor for receiving downloadable-information; -
a content inspection engine communicatively coupled to the information monitor for determining whether the downloadable-information includes executable code; and
a protection agent engine communicatively coupled to the content inspection engine for causing mobile protection code (“
MPC”
) to be communicated to at least one information-destination of the downloadable-information, if the downloadable-information is determined to include executable code. - View Dependent Claims (17, 18, 19, 20)
-
-
28. A processor-based system, comprising:
-
means for receiving downloadable-information;
means for determining whether the downloadable-information includes executable code; and
means for causing mobile protection code to be communicated to at least one information-destination of the downloadable-information, if the downloadable-information is determined to include executable code.
-
-
29. A computer-readable storage medium storing program code for causing a computer to perform the steps of:
-
receiving downloadable-information;
determining whether the downloadable-information includes executable code; and
causing mobile protection code to be communicated to at least one information-destination of the downloadable-information, if the downloadable-information is determined to include executable code.
-
-
30. A processor-based method, comprising:
-
receiving, at an information re-communicator, downloadable-information including executable code; and
causing mobile protection code to be executed by a mobile code executor at a downloadable-information destination such that one or more operations of the executable code at the destination, if attempted, will be processed by the mobile protection code. - View Dependent Claims (31, 32, 33, 34, 43, 46)
-
-
47. A processor-based system, comprising:
-
receiving means for receiving, at an information re-communicator, downloadable-information, including executable code; and
mobile code means communicatively coupled to the receiving means for causing mobile protection code to be executed by a mobile code executor at a downloadable-information destination such that one or more operations of the executable code at the destination, if attempted, will be processed by the mobile protection code. - View Dependent Claims (48, 49, 50, 51, 58, 59)
-
-
60. A computer-readable storage medium storing program code for causing a computer to perform the steps of:
-
receiving, at an information re-communicator, downloadable-information, including executable code; and
causing mobile protection code to be executed by a mobile code executor at a downloadable-information destination such that one or more operations of the executable code at the destination, if attempted, will be processed by the mobile protection code.
-
-
61. A processor-based method, comprising:
-
receiving a sandboxed package that includes mobile protection code (“
MPC”
) and a Downloadable and one or more protection policies at a Downloadable-destination;
causing, by the MPC, one or more operations attempted by the Downloadable to be received by the MPC;
receiving, by the MPC, an attempted operation of the Downloadable; and
initiating, by the MPC, a protection policy corresponding to the attempted operation. - View Dependent Claims (63, 64, 65, 66, 67)
-
-
68. A processor-based system, comprising:
-
a mobile code executor for initiating received mobile code; and
a sandboxed package capable of being received and initiated by the mobile code executor, the sandboxed package including a Downloadable and mobile protection code (“
MPC”
) for causing one or more Downloadable operations to be intercepted and for processing the intercepted operations, if the Downloadable attempts to initiate the operations. - View Dependent Claims (69, 70, 71, 72, 73, 74)
-
-
75. A processor-based system, comprising:
-
receiving means for receiving a sandboxed package that include mobile protection code (“
MPC”
) and a Downloadable and one or more protection policies at a Downloadable-destination;
monitoring means for causing, by the MPC, one or more operations attempted by the Downloadable to be received by the MPC;
second receiving means receiving, by the MPC, an attempted operation of the Downloadable;
initiating means for initiating, by the MPC, a protection policy corresponding to the attempted operation.
-
-
76. A computer-readable storage medium storing program code for causing a computer to perform the steps of:
-
receiving a sandboxed package that includes mobile protection code (“
MPC”
) and a Downloadable and one or more protection policies at a Downloadable-destination;
causing, by the MPC, one or more operations attempted by the Downloadable to be received by the MPC;
receiving, by the MPC, an attempted operation of the Downloadable; and
initiating, by the MPC, a protection policy corresponding to the attempted operation.
-
Specification