VULNERABILITY SHIELD SYSTEM
First Claim
Patent Images
1. A computer implemented method comprising:
- recognizing that a first software module is being loaded into a first operating system process running on a computer;
checking to see if the first software module is a known vulnerable software module andif the first software module is a known vulnerable software module then marking the first operating system process as a vulnerable process, andif the first software module is not a known vulnerable software module then checking to see if the first software module is marked do not run andif the first software module is marked do not run then blocking the first software module from loading;
recognizing that a new file is being written in the computer by the first operating system process; and
checking to see if the new file is an executable file andif the new file is an executable file then checking to see if the first operating system process is marked as a vulnerable process, andif the first operating system process is marked as a vulnerable process then marking the new file as a second software module marked as do not run.
1 Assignment
0 Petitions
Accused Products
Abstract
Security against computer software attacks is provided by blocking the use of known software vulnerabilities by attackers. Rather than merely discovering attacking software after it has installed itself into a computer system as in the prior art, software with a known vulnerability is monitored so that when it takes a potentially dangerous action, such as creating new attack software, that new attack software is marked and then prevented from loading. If the newly attack software cannot load, it cannot execute thus thwarting use of the newly written software to perform whatever nefarious act was intended by the attacker.
12 Citations
24 Claims
-
1. A computer implemented method comprising:
-
recognizing that a first software module is being loaded into a first operating system process running on a computer; checking to see if the first software module is a known vulnerable software module and if the first software module is a known vulnerable software module then marking the first operating system process as a vulnerable process, and if the first software module is not a known vulnerable software module then checking to see if the first software module is marked do not run and if the first software module is marked do not run then blocking the first software module from loading; recognizing that a new file is being written in the computer by the first operating system process; and checking to see if the new file is an executable file and if the new file is an executable file then checking to see if the first operating system process is marked as a vulnerable process, and if the first operating system process is marked as a vulnerable process then marking the new file as a second software module marked as do not run. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer implemented method comprising:
-
recognizing that a first software module is being loaded into a first operating system process running on a computer; checking to see if the first software module is a known vulnerable software module and if the first software module is a known vulnerable software module then checking to see if a vulnerable function is known to exist within the known vulnerable software module and if a vulnerable function is known to exist within the known vulnerable software module then marking the first operating system as a vulnerable process if the vulnerable function is used and if a vulnerable function is not known to exist within the known vulnerable software module then marking the first operating system process as a vulnerable process, and if the first software module is not a known vulnerable software module then checking to see if the first software module is marked do not run and if the first software module is marked do not run then blocking the first software module from loading; recognizing that a new file is being written in the computer by the first operating system process; and checking to see if the new file is an executable file and if the new file is an executable file then checking to see if the first operating system process is marked as a vulnerable process, and if the first operating system process is marked as a vulnerable process then marking the new file as a second software module marked as do not run.
-
-
12. A computer implemented method comprising:
-
determining that a first software module is being loaded into a first operating system process running on a computer; confirming that the first software module is a known vulnerable software module; marking the first operating system process as a vulnerable process; determining that the first operating system process is writing a second software module; confirming that the first operating system process is marked as a vulnerable process; marking the second software module as do not run; recognizing that the second software module is being loaded into the first operating system process or a second operating system process running on the computer; confirming that the second software module is marked as do not run; and blocking the second software module from loading. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A computer readable storage medium having embodied thereon a program, the program being executable by a processor to perform a method comprising:
-
recognizing that a first software module is being loaded into a first operating system process running on a computer; checking to see if the first software module is a known vulnerable software module and if the first software module is a known vulnerable software module then marking the first operating system process as a vulnerable process, and if the first software module is not a known vulnerable software module then checking to see if the first software module is marked do not run and if the first software module is marked do not run then blocking the first software module from loading; recognizing that a new file is being written in the computer by the first operating system process; and checking to see if the new file is an executable file and if the new file is an executable file then checking to see if the first operating system process is marked as a vulnerable process, and if the first operating system process is marked as a vulnerable process then marking the new file as a second software module marked as do not run.
-
-
23. A computer readable storage medium having embodied thereon a program, the program being executable by a processor to perform a method comprising:
-
determining that a first software module is being loaded into a first operating system process running on a computer; confirming that the first software module is a known vulnerable software module; marking the first operating system process as a vulnerable process; determining that the first operating system process is writing a second software module; confirming that the first operating system process is marked as a vulnerable process; marking the second software module as do not run; recognizing that the second software module is being loaded into the first operating system process or a second operating system process running on the computer; confirming that the second software module is marked as do not run; and blocking the second software module from loading.
-
-
24. A computer implemented method comprising:
-
recognizing that a first software module is being loaded into a first operating system process running on a computer; checking to see if the first software module is a known vulnerable software module and if the first software module is a known vulnerable software module then checking to see if a vulnerable function is known to exist within the known vulnerable software module and checking to see if a vulnerable parameter for the vulnerable function has a known parameter pattern and if the vulnerable function is used and its vulnerable parameter value matches the known parameter pattern then marking the first operating system process as a vulnerable process, and if a vulnerable function pattern is not known to exist within the known vulnerable software module then marking the first operating system process as a vulnerable process, and if the first software module is not a known vulnerable software module then checking to see if the first software module is marked do not run and if the first software module is marked do not run then blocking the first software module from loading; recognizing that a new file is being written in the computer by the first operating system process; and checking to see if the new file is an executable file and if the new file is an executable file then checking to see if the first operating system process is marked as a vulnerable process, and if the first operating system process is marked as a vulnerable process then marking the new file as a second software module marked as do not run.
-
Specification