Strategies for ensuring that executable content conforms to predetermined patterns of behavior ("inverse virus checking")

US 20060195451A1
Filed: 02/28/2005
Published: 08/31/2006
Est. Priority Date: 02/28/2005
Status: Active Grant

First Claim

Patent Images

1. A method for reducing the risk that executable content performs undesirable actions, comprising:

receiving executable content; and

determining, with reference to a knowledge base of predetermined permissible patterns of behavior, whether the executable content is unlikely to perform undesirable actions.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Security provisions are described which determine whether or not executable content is likely to perform undesirable actions. The security provisions assess that an executable content item poses an acceptable risk when it conforms to an allow list of predetermined patterns of permissible behavior. The security provisions find exemplary use in the context of an instant messaging environment, where participants can consume and propagate executable content in the course of conducting a communication session. Supplemental rules are described which prevent malicious code from subverting the allow list design paradigm.

Citations

20 Claims

1. A method for reducing the risk that executable content performs undesirable actions, comprising:
- receiving executable content; and
  
  determining, with reference to a knowledge base of predetermined permissible patterns of behavior, whether the executable content is unlikely to perform undesirable actions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the executable content comprises instructions expressed in a script-based language.
  - 3. The method of claim 1, wherein the executable content comprises a program for execution in the context of an instant messaging application.
  - 4. The method of claim 1, wherein the determining is performed at a client device prior to execution of the executable content by the client device.
  - 5. The method of claim 1, wherein the determining is performed by code checking entity that is remote from a client device, on behalf of the client device which will execute the executable content.
  - 6. The method of claim 1, wherein the determining comprises parsing the executable content into examinable elements, and determining whether each examinable element is unlikely to perform undesirable actions.
  - 7. The method of claim 1, wherein the executable content contains sequential instructions, and wherein the determining comprises ascertaining whether the sequential instructions satisfy prescribed rules.
  - 8. The method of claim 7, wherein one of the prescribed rules mandate that a method call command must be preceded by a stack push command.
  - 9. The method of claim 7, wherein one of the prescribed rules mandates that no branching command can branch to a method call command.
  - 10. The method of claim 7, wherein one of the prescribed rules mandates that a variable cannot be defined as an entry in the predetermined permissible patterns of behavior.
  - 11. One or more machine-readable media containing machine readable instructions for implementing the method of claim 1.

12. Conformance-checking functionality for reducing the risk that executable content performs undesirable actions, comprising:
- logic configured to receive the executable content; and
  
  logic configured to determine, with reference to a knowledge base of predetermined permissible patterns of behavior, whether the executable content is unlikely to perform undesirable actions.
- View Dependent Claims (13)
- - 13. One or more machine-readable media containing machine readable instructions for implementing the conformance-checking functionality of claim 12.

14. A method for communicating using an instant messaging application, comprising:
- receiving executable content by a client device;
  
  determining, with reference to a knowledge base of predetermined permissible patterns of behavior, whether the executable content is unlikely to perform undesirable actions; and
  
  using the executable content in an instant messaging communication session if it is determined that the executable content is unlikely to perform undesirable actions.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein the executable content includes instructions for providing an animation-related feature for use in the context of the communication session.
  - 16. The method of claim 14, wherein the executable content contains sequential instructions, and wherein the determining comprises ascertaining whether the sequential instructions satisfy prescribed rules.
  - 17. The method of claim 16, wherein one of the prescribed rules mandate that a method call command must be preceded by a stack push command.
  - 18. The method of claim 16, wherein one of the prescribed rules mandates that no branching command can branch to a method call command.
  - 19. The method of claim 16, wherein one of the prescribed rules mandates that a variable cannot be defined as an entry in the predetermined permissible patterns of behavior.
  - 20. One or more machine-readable media containing machine readable instructions for implementing the method of claim 14.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Saretto, Cesare J., Spivey, John T., Smith, Joseph B.

Granted Patent

US 8,037,534 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/51 at application loading time...

G06F 21/56 Computer malware detection ...

Strategies for ensuring that executable content conforms to predetermined patterns of behavior ("inverse virus checking")

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Strategies for ensuring that executable content conforms to predetermined patterns of behavior ("inverse virus checking")

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links