GENERATING SECURITY VALIDATION CODE AUTOMATICALLY
First Claim
1. At a security validation code generator in a computerized environment having an operating system with one or more low-trust components and one or more high-trust components, a method of automatically generating program code, which, when compiled and executed, performs one or more security validation checks of one or more low-trust component requests that are to be handled by one or more kernel mode components, comprising the steps for:
- receiving a file comprising one or more declarative call descriptions of corresponding one or more function calls to be handled by one or more high-trust components in response to one or more requests from one or more low-trust components;
automatically generating one or more sets of program code for each of the one or more declarative call descriptions, wherein the one or more sets of program code describe one or more security validation checks to be performed on the one or more requests before passing the one or more requests from a low-trust component to a high-trust component.
2 Assignments
0 Petitions
Accused Products
Abstract
A security program code generator is configured to automatically generate program code used to perform one or more validation checks of components operating in user mode. In one implementation, for example, the program code generator receives one or more files that include declarative values and parameters regarding one or more function calls made by any user mode component. The program code generator then takes the file of declarative call descriptions and automatically generates a user mode stub and a kernel mode stub for each function call of interest to be handled by a kernel mode component. The file(s) that include the user mode stub and the kernel mode stub can then be compiled and linked into the operating system components.
-
Citations
19 Claims
-
1. At a security validation code generator in a computerized environment having an operating system with one or more low-trust components and one or more high-trust components, a method of automatically generating program code, which, when compiled and executed, performs one or more security validation checks of one or more low-trust component requests that are to be handled by one or more kernel mode components, comprising the steps for:
-
receiving a file comprising one or more declarative call descriptions of corresponding one or more function calls to be handled by one or more high-trust components in response to one or more requests from one or more low-trust components; automatically generating one or more sets of program code for each of the one or more declarative call descriptions, wherein the one or more sets of program code describe one or more security validation checks to be performed on the one or more requests before passing the one or more requests from a low-trust component to a high-trust component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. In a computerized environment in which one or more functions are designated as needing to be handled by one or more high-trust components, a method of automatically generating one or more security validation checks to be used by a high-trust component of an operating system in response to one or more requests from a low-trust component, comprising the acts of:
-
generating one or more program code instructions to be compiled into one or more operating system components, including at least one of a kernel mode component and a user mode component; identifying one or more function calls to be handled by a kernel mode component, wherein the one or more function calls are requested by a user mode component; preparing one or more security input files, the one or more security input files including one or more declarative call descriptions for each of the one or more function calls; passing the one or more security input files to a security validation code generator, wherein one or more security output files are created; and compiling the one or more security output files. - View Dependent Claims (15, 16, 17, 18)
-
-
19. At a security validation code generator in a computerized environment having an operating system with one or more low-trust components and one or more high-trust components, a computer program storage product having computer-executable instructions stored thereon that, when executed, cause one or more processors to perform a method comprising:
-
receiving a file comprising one or more declarative call descriptions of corresponding one or more function calls to be handled by one or more high-trust components in response to one or more requests from one or more low-trust components; automatically generating one or more sets of program code for each of the one or more declarative call descriptions, wherein the one or more sets of program code describe one or more security validation checks to be performed on the one or more requests before passing the one or more requests from a low-trust component to a high-trust component.
-
Specification