COMPUTER SECURITY METHOD AND SYSTEM WITH INPUT PARAMETER VALIDATION

US 20090019545A1
Filed: 07/16/2008
Published: 01/15/2009
Est. Priority Date: 12/12/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method for handling suspicious downloadables, comprising:

receiving a downloadable;

scanning the downloadable to identify suspicious computer operations therein; and

if at least one suspicious computer operation is identified, then;

overwriting the suspicious computer operations with substitute computer operations; and

appending monitoring program code to the downloadable thereby generating a modified downloadable, wherein the monitoring program code includes program instructions for validating input parameters for the suspicious computer operations during run-time of the downloadable.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security system, including a receiver for receiving a downloadable, a scanner, coupled with the receiver, for scanning the downloadable to identify suspicious computer operations therein, a code modifier, coupled with the scanner, for overwriting the suspicious computer operations with substitute computer operations, if at least one suspicious computer operation is identified by the scanner, and for appending monitoring program code to the downloadable thereby generating a modified downloadable, if at least one suspicious computer operation is identified by the scanner, and a processor, coupled with the code modifier, for executing programmed instructions, wherein the monitoring program code includes program instructions for the processor to validate input parameters for the suspicious computer operations during run-time of the downloadable. A method is also described and claimed.

Citations

56 Claims

1. A method for handling suspicious downloadables, comprising:
- receiving a downloadable;
  
  scanning the downloadable to identify suspicious computer operations therein; and
  
  if at least one suspicious computer operation is identified, then;
  
  overwriting the suspicious computer operations with substitute computer operations; and
  
  appending monitoring program code to the downloadable thereby generating a modified downloadable, wherein the monitoring program code includes program instructions for validating input parameters for the suspicious computer operations during run-time of the downloadable.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein the substitute computer operations validate their input parameters, and indicate if their input parameters are not successfully validated.
  - 3. The method of claim 2, wherein the substitute computer operations indicate if their input parameters are not successfully validated by invoking an alert.
  - 4. The method of claim 2, wherein the substitute computer operations indicate if their input parameters are not successfully validated by generating a warning text message.
  - 5. The method of claim 1, wherein the monitoring code further includes program instructions for replacing invalid input parameters with valid input parameters in the suspicious computer operations.
  - 6. The method of claim 1, further comprising executing the modified downloadable.
  - 7. The method of claim 6, wherein said executing comprises executing the modified downloadable in a secure environment.
  - 8. The method of claim 1, wherein said receiving comprises receiving the downloadable in transit to an intended destination computer, the method further comprising transmitting the modified downloadable to the destination computer.
  - 9. The method of claim 1, wherein said receiving comprises receiving the downloadable in transit to an intended destination computer, the method further comprising preventing the downloadable from executing on the destination computer if said validating fails.
  - 10. The method of claim 1, wherein said receiving comprises receiving the downloadable in transit to an intended destination computer, the method further comprising consulting a security policy to determine whether to forward the downloadable to the destination computer if said validating fails.
  - 11. The method of claim 1, wherein said validating input parameters comprises comparing actual input parameters to the suspicious computer operations with at least one descriptor of valid input parameters for the suspicious computer operations.
  - 12. The method of claim 1, wherein said validating input parameters comprises comparing actual input parameters to the suspicious computer operations with at least one descriptor of invalid input parameters for the suspicious computer operations.
  - 13. The method of claim 1, wherein said scanning comprises accessing a dictionary of suspicious computer operations.
  - 14. The method of claim 1, wherein said validating comprises accessing a dictionary of valid input parameters.
  - 15. The method of claim 1, wherein said validating comprises accessing a dictionary of invalid input parameters.
  - 16. The method of claim 1, wherein the downloadable is JavaScript program code.
  - 17. The method of claim 1, wherein the downloadable is VBScript program code.
  - 18. The method of claim 1, wherein the downloadable is Flash object compiled program code, the method further comprising de-compiling the Flash object compiled program code to derive source code therefrom.
  - 19. The method of claim 1, wherein the downloadable is applet program code, the method further comprising de-compiling the applet program code to derive source code therefrom.

20. A computer security system, comprising:
- a receiver for receiving a downloadable;
  
  a scanner, coupled with said receiver, for scanning the downloadable to identify suspicious computer operations therein;
  
  a code modifier, coupled with said scanner, for overwriting the suspicious computer operations with substitute computer operations, if at least one suspicious computer operation is identified by said scanner, and for appending monitoring program code to the downloadable thereby generating a modified downloadable, if at least one suspicious computer operation is identified by said scanner; and
  
  a processor, coupled with said code modifier, for executing programmed instructions,wherein the monitoring program code includes program instructions for said processor to validate input parameters for the suspicious computer operations during run-time of the downloadable.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 21. The security system of claim 20, wherein the substitute computer operations validate their input parameters, and indicate if their input parameters are not successfully validated.
  - 22. The security system of claim 21, wherein the substitute computer operations indicate if their input parameters are not successfully validated by invoking an alert.
  - 23. The security system of claim 21, wherein the substitute computer operations indicate if their input parameters are not successfully validated by generating a warning text message.
  - 24. The security system of claim 20, wherein the monitoring code further includes program instructions for said processor to replace invalid input parameters with valid input parameters in the suspicious computer operations.
  - 25. The security system of claim 20, wherein said processor executes the modified downloadable.
  - 26. The security system of claim 25, wherein said processor executes the modified downloadable in a secure environment.
  - 27. The security system of claim 20, wherein said receiver receives the downloadable in transit to an intended destination computer, the system further comprising a transmitter for transmitting the modified downloadable to the destination computer.
  - 28. The security system of claim 20, wherein said receiver receives the downloadable in transit to an intended destination computer, and wherein said processor prevents the downloadable from executing on the destination computer if said processor fails to validate the input parameters.
  - 29. The security system of claim 20, wherein said receiver receives the downloadable in transit to an intended destination computer, and wherein said processor consults a security policy to determine whether to forward the downloadable to the destination computer if said validating fails.
  - 30. The security system of claim 20, wherein the monitoring program code includes program instructions for said processor to compare actual input parameters to the suspicious computer operations with at least one descriptor of valid input parameters for the suspicious computer operations.
  - 31. The security system of claim 20, wherein the monitoring program code includes program instructions for said processor to compare actual input parameters to the suspicious computer operations with at least one descriptor of invalid input parameters for the suspicious computer operations.
  - 32. The security system of claim 20, wherein said scanner accesses a dictionary of suspicious computer operations.
  - 33. The security system of claim 20, wherein the monitoring program code includes program instructions for said processor to access a dictionary of valid input parameters.
  - 34. The security system of claim 20, wherein the monitoring program code includes program instructions for said processor to access a dictionary of invalid input parameters.
  - 35. The security system of claim 20, wherein the downloadable is JavaScript program code.
  - 36. The security system of claim 20, wherein the downloadable is VBScript program code.
  - 37. The security system of claim 20, wherein the downloadable is Flash object compiled program code, and wherein said scanner de-compiles the program code to derive source code therefrom.
  - 38. The security system of claim 20, wherein the downloadable is applet compiled program code, and wherein said scanner de-compiles the program code to derive source code therefrom.

39. A method for handling suspicious downloadables, comprising:
- receiving a downloadable; and
  
  appending monitoring program code to the downloadable thereby generating a modified downloadable, wherein the monitoring program code includes program instructions;
  
  for identifying suspicious computer operations during run-time of the downloadable;
  
  for overwriting the suspicious computer operations with substitute computer operations during run-time of the downloadable; and
  
  for validating input parameters for the suspicious operations during run-time of the downloadable.
- View Dependent Claims (40, 41, 42, 43, 44, 45, 46)
- - 40. The method of claim 39, wherein the substitute computer operations validate their input parameters, and indicate if their input parameters are not successfully validated.
  - 41. The method of claim 39, wherein said identifying suspicious computer operations comprises comparing computer operations in the downloadable with a list of pre-designated computer operations.
  - 42. The method of claim 39, wherein said receiving comprises receiving the downloadable in transit to an intended destination computer, the method further comprising transmitting the modified downloadable to the destination computer if said validating is successful.
  - 43. The method of claim 39, wherein the downloadable is JavaScript program code.
  - 44. The method of claim 39, wherein the downloadable is VBScript program code.
  - 45. The method of claim 39, wherein the downloadable is Flash object compiled program code, the method further comprising de-compiling the Flash object compiled program code to derive source code therefrom.
  - 46. The method of claim 39, wherein the downloadable is applet program code, the method further comprising de-compiling the applet program code to derive source code therefrom.

47. A computer security system, comprising:
- a receiver for receiving a downloadable;
  
  a code modifier, coupled with said scanner, for appending monitoring program code to the downloadable thereby generating a modified downloadable; and
  
  a processor, coupled with said code modifier, for executing programmed instructions,wherein the monitoring program code includes program instructions for said processor;
  
  to identify suspicious computer operations during run-time of the downloadable;
  
  to overwrite the suspicious computer operations with substitute computer operations during run-time of the downloadable; and
  
  to validate input parameters for the suspicious computer operations during run time of the downloadable.
- View Dependent Claims (48, 49, 50, 51, 52, 53, 54)
- - 48. The security system of claim 47, wherein the substitute computer operations cause said processor to validate their input parameters, and to indicate if their input parameters are not successfully validated.
  - 49. The security system of claim 47, wherein the monitoring program code further includes program instructions for said processor to compare computer operations in the downloadable with a list of pre-designated computer operations.
  - 50. The computer security system of claim 47, wherein said receiver receives the downloadable in transit to an intended destination computer, the system further comprising a transmitter for transmitting the modified downloadable to the destination computer if said processor successfully validates the input parameters for the suspicious computer operations.
  - 51. The computer security system of claim 47, wherein the downloadable is JavaScript program code.
  - 52. The computer security system of claim 47, wherein the downloadable is VBScript program code.
  - 53. The computer security system of claim 47, wherein the downloadable is Flash object compiled program code, and further comprising a de-compiler for de-compiling the Flash object compiled program code to derive source code therefrom.
  - 54. The computer security system of claim 47, wherein the downloadable is applet program code, and further comprising a de-compiler for de-compiling the applet program code to derive source code therefrom.

55. A method for handling suspicious downloadables, comprising:
- scanning a downloadable to detect the presence of at least one suspicious computer operation;
  
  dynamically generating during run-time of the downloadable at least one input parameter for the at least one suspicious computer operation detected by said scanning; and
  
  determining whether or not the dynamically generated at least one input parameter corresponds to a safe input parameter for the at least one suspicious computer operation.

56. A computer security system, comprising:
- a scanner for scanning a downloadable to detect the presence of at least one suspicious computer operation; and
  
  a processor that executes programmed instructions;
  
  for dynamically generating during run-time of the downloadable at least one input parameter for the at least one suspicious computer operation detected by said scanner; and
  
  for determining whether or not the dynamically generated at least one input parameter corresponds to a safe input parameter for the at least one suspicious computer operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Finjan Software Limited (FIG LLC (d/b/a Fortress Investment Group LLC))
Original Assignee
Finjan Software Limited (FIG LLC (d/b/a Fortress Investment Group LLC))
Inventors
Taub, Israel, Yosef, Golan, Ben-Itzhak, Yuval

Application Number

US12/174,592
Publication Number

US 20090019545A1
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/54   by adding security routines...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

COMPUTER SECURITY METHOD AND SYSTEM WITH INPUT PARAMETER VALIDATION

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

56 Claims

Specification

Solutions

Use Cases

Quick Links

COMPUTER SECURITY METHOD AND SYSTEM WITH INPUT PARAMETER VALIDATION

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

56 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links