Agentless Enforcement of Application Management through Virtualized Block I/O Redirection

US 20100058431A1
Filed: 08/26/2008
Published: 03/04/2010
Est. Priority Date: 08/26/2008
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for providing application management without installation of an agent at an operating system level, the method comprising the steps of:

running a component outside of the operating system in an AMT environment;

utilizing AMT to examine the operating system for applications;

performing a security check on identified applications; and

responsive to determining that an identified application is not authorized, using AMT to redirect corresponding input/output requests to an alternative image.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Application authorization management is provided without installation of an agent at an operating system level. A component runs outside of the operating system, in an AMT environment. AMT is utilized to examine the operating system for applications. Identified applications are checked against a whitelist or a blacklist. Responsive to determining that an identified application is not authorized, AMT is used to redirect input/output requests targeting the application to an alternative image, which can, for example, warn the user that the application is not authorized.

95 Citations

View as Search Results

20 Claims

1. A computer implemented method for providing application management without installation of an agent at an operating system level, the method comprising the steps of:
- running a component outside of the operating system in an AMT environment;
  
  utilizing AMT to examine the operating system for applications;
  
  performing a security check on identified applications; and
  
  responsive to determining that an identified application is not authorized, using AMT to redirect corresponding input/output requests to an alternative image.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein performing a security check on an identified application further comprises performing at least one step from a group of steps consisting of:
    - determining whether the application is on a local whitelist of authorized applications;
      
      determining whether the application is on a remote whitelist of authorized applications;
      
      determining whether the application is on a local blacklist of unauthorized applications;
      
      determining whether the application is on a remote blacklist of unauthorized applications;
      
      performing a heuristic analysis of the application; and
      
      checking the application for at least one malicious code signature.
  - 3. The method of claim 1 wherein using AMT to redirect corresponding input/output requests to an alternative image further comprises:
    - using AMT virtualization of block input/output functionality to redirect the corresponding requests.
  - 4. The method of claim 3 wherein using AMT virtualization of block input/output functionality to redirect the corresponding requests further comprises:
    - using AMT virtualization of block input/output functionality to remap blocks containing the application.
  - 5. The method of claim 3 wherein using AMT virtualization of block input/output functionality to redirect the corresponding requests further comprises:
    - using AMT virtualization of block input/output functionality to remap blocks containing a file table entry of the application.
  - 6. The method of claim 3 wherein using AMT virtualization of block input/output functionality to redirect the corresponding requests further comprises:
    - using AMT virtualization of block input/output functionality to redirect input/output requests targeting the application to alternative sectors on which the alternative image is stored.
  - 7. The method of claim 1 wherein redirecting corresponding input/output requests to an alternative image further comprises performing a step from a group of steps consisting of:
    - redirecting corresponding input/output requests to an alternative image stored on a local physical medium on which the application is stored; and
      
      redirecting corresponding input/output requests to an alternative image stored on a remote physical medium.
  - 8. The method of claim 1 wherein redirecting corresponding input/output requests to an alternative image further comprises performing a step from a group of steps consisting of:
    - redirecting corresponding input/output requests to an alternative image comprising NOP code; and
      
      redirecting corresponding input/output requests to an alternative image comprising code to provide a notification to a user concerning the unauthorized application.
  - 9. The method of claim 1 further comprising:
    - maintaining a plurality of alternative images, each alternative image comprising code for execution in a specific environment.

10. At least one computer readable medium containing a computer program product for providing application management without installation of an agent at an operating system level, the computer program product comprising:
- program code for running a component outside of the operating system in an AMT environment;
  
  program code for utilizing AMT to examine the operating system for applications;
  
  program code for performing a security check on identified applications; and
  
  program code for responsive to determining that an identified application is not authorized, using AMT to redirect corresponding input/output requests to an alternative image.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer program product of claim 10 wherein the program code for performing a security check on an identified application further comprises program code for performing at least one step from a group of steps consisting of:
    - determining whether the application is on a local whitelist of authorized applications;
      
      determining whether the application is on a remote whitelist of authorized applications;
      
      determining whether the application is on a local blacklist of unauthorized applications;
      
      determining whether the application is on a remote blacklist of unauthorized applications;
      
      performing a heuristic analysis of the application; and
      
      checking the application for at least one malicious code signature.
  - 12. The computer program product of claim 10 wherein the program code for using AMT to redirect corresponding input/output requests to an alternative image further comprises:
    - program code for using AMT virtualization of block input/output functionality to redirect the corresponding requests.
  - 13. The computer program product of claim 12 wherein the program code for using AMT virtualization of block input/output functionality to redirect the corresponding requests further comprises:
    - program code for using AMT virtualization of block input/output functionality to remap blocks containing the application.
  - 14. The computer program product of claim 12 wherein the program code for using AMT virtualization of block input/output functionality to redirect the corresponding requests further comprises:
    - program code for using AMT virtualization of block input/output functionality to remap blocks containing a file table entry of the application.
  - 15. The computer program product of claim 12 wherein the program code for using AMT virtualization of block input/output functionality to redirect the corresponding requests further comprises:
    - program code for using AMT virtualization of block input/output functionality to redirect input/output requests targeting the application to alternative sectors on which the alternative image is stored.
  - 16. The computer program product of claim 10 wherein the program code for redirecting corresponding input/output requests to an alternative image further comprises program code for performing a step from a group of steps consisting of:
    - redirecting corresponding input/output requests to an alternative image stored on a local physical medium on which the application is stored; and
      
      redirecting corresponding input/output requests to an alternative image stored on a remote physical medium.
  - 17. The computer program product of claim 10 wherein the program code for redirecting corresponding input/output requests to an alternative image further comprises program code for performing a step from a group of steps consisting of:
    - redirecting corresponding input/output requests to an alternative image comprising NOP code; and
      
      redirecting corresponding input/output requests to an alternative image comprising code to provide a notification to a user concerning the unauthorized application.
  - 18. The computer program product of claim 10 further comprising:
    - program code for maintaining a plurality of alternative images, each alternative image comprising code for execution in a specific environment.

19. A computer system for providing application management without installation of an agent at an operating system level, the computer system comprising:
- means for running a component outside of the operating system in an AMT environment;
  
  means for utilizing AMT to examine the operating system for applications;
  
  means for performing a security check on identified applications; and
  
  means for responsive to determining that an identified application is not authorized, using AMT to redirect corresponding input/output requests to an alternative image.
- View Dependent Claims (20)
- - 20. The computer system of claim 19 wherein the means for using AMT to redirect corresponding input/output requests to an alternative image further comprises:
    - means for using AMT virtualization of block input/output functionality to redirect the corresponding requests.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
STEELE, Matthew, McCORKENDALE, Bruce, SOBEL, William E.

Granted Patent

US 9,626,511 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/554 involving event detection a...

G06F 21/57 Certifying or maintaining t...

Agentless Enforcement of Application Management through Virtualized Block I/O Redirection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

95 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Agentless Enforcement of Application Management through Virtualized Block I/O Redirection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

95 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links