HEALTH-BASED ACCESS TO NETWORK RESOURCES

US 20100192196A1
Filed: 01/29/2009
Published: 07/29/2010
Est. Priority Date: 01/29/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for protecting a computer system from accessing malicious network resources, the method comprising:

receiving a request to access a resource, wherein the request includes an identification of the resource;

determining a reputation of the requested resource, wherein the reputation indicates a likelihood that accessing the resource will cause malicious content to be downloaded to the computer system;

determining a health state of the computer system from which the request is received;

accessing an access policy that identifies one or more conditions based on the resource reputation and computer system health state for which the computer system is allowed to access the requested resource; and

applying the access policy to determine whether to allow the computer system to access the requested resource based on the access policy and thereby protect the computer system from accessing malicious network resources,wherein the preceding steps are performed by at least one processor.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A protection system is described herein that dynamically determines whether a computer system can access a particular resource based on a combination of a dynamic health state of the computer system and a dynamic reputation of the resource. When a user attempts to access a resource, the protection system intercepts the request. The protection system determines the reputation of the resource that the user is attempting to access and the health of the computer system through which the user is attempting to access the resource. Based on the determined resource reputation and the determined computer system health, the protection system determines whether to allow the requested access to the resource.

69 Citations

View as Search Results

20 Claims

1. A computer-implemented method for protecting a computer system from accessing malicious network resources, the method comprising:
- receiving a request to access a resource, wherein the request includes an identification of the resource;
  
  determining a reputation of the requested resource, wherein the reputation indicates a likelihood that accessing the resource will cause malicious content to be downloaded to the computer system;
  
  determining a health state of the computer system from which the request is received;
  
  accessing an access policy that identifies one or more conditions based on the resource reputation and computer system health state for which the computer system is allowed to access the requested resource; and
  
  applying the access policy to determine whether to allow the computer system to access the requested resource based on the access policy and thereby protect the computer system from accessing malicious network resources,wherein the preceding steps are performed by at least one processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein receiving a request comprises using a network filter installed on the computer system to intercept the request from an application.
  - 3. The method of claim 1 wherein receiving the request comprises receiving requests from multiple applications and protecting the computer system from accessing malicious network resources from the multiple applications.
  - 4. The method of claim 1 wherein determining the reputation of the requested resource comprises sending the identification of the requested resource to a web-based reputation service and receiving from the reputation service a response that indicates a reputation score for the requested resource.
  - 5. The method of claim 1 wherein determining the health state comprises accessing a Network Access Protection (NAP) server to determine the health state of the computer system.
  - 6. The method of claim 1 wherein the access policy provides more access if the computer system has a higher greater health state.
  - 7. The method of claim 1 wherein the health state of the computer system and the reputation of the requested resource change over time, and the method dynamically determines whether to allow the computer system to access the requested resource based on the computer system'"'"'s health state and the reputation of the resource at a time of the request.

8. A computer system for blocking access to a network resource based on the health of the computer requesting access to the network resource, the system comprising:
- a processor and memory configured to execute software instructions;
  
  a resource request component configured to receive requests to access resources from user programs or other applications, wherein requests received by the resource request component identify the resource to be accessed;
  
  a resource reputation component configured to determine a reputation score of the network resource for resource requests received through the resource request component;
  
  a health state component configured to determine a health score of the computer system making the resource request;
  
  a policy component configured to receive and store policies defined by an administrator to determine whether to allow or deny a particular resource access request; and
  
  an access control component configured to determine whether to allow access to a requested resource by applying the defined policies to the determined health score of the requesting computer system and the reputation score of the network resource.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The system of claim 8 wherein the resource request component employs a kernel-mode network filter to intercept network requests through an operating system provided application-programming interface (API) for adding networking filters into a networking stack.
  - 10. The system of claim 8 wherein the system operates at a resource in between a requesting computer system and the requested resource, to intercept resource requests and determine whether to allow the requesting computer system to access the requested resource.
  - 11. The system of claim 8 wherein the resource reputation component is further configured to receive a Uniform Resource Locator (URL) and send the URL to a URL reputation service hosted on the Internet to determine the reputation of the resource.
  - 12. The system of claim 8 wherein the resource reputation component is further configured to indicate whether a reputation is known for the requested network resource and wherein the policy component is configured to apply a specific policy for resources without a known reputation.
  - 13. The system of claim 8 wherein the health state component determines a health score based on an aggregation of the results of administrator-defined health policies that include one or more health checks selected from the group consisting of:
    - an operating system patch level, a virus definition level, a driver signing state, an application installation state, an application patch state, and a firewall configuration.
  - 14. The system of claim 8 wherein the policy component allows access to high reputation resources by computer systems of any health level and access to low reputation resources by computer systems of a high health level.
  - 15. The system of claim 8 wherein the administrator includes a home user that defines policies for one or more computer systems in a household.
  - 16. The system of claim 8 wherein the access control component is further configured to provide a response to the resource request when the component denies access to the network resource.

17. A computer-readable storage medium comprising instructions for controlling a computer system to use the health of the computer system to determine access to resources, wherein the instructions, when executed, cause a processor to perform actions comprising:
- receiving a health of the computer system and a reputation score of a requested resource, wherein the reputation score indicates whether a likelihood that the requested resource contains malicious content and the health indicates a level of defense of the computer system to malicious content;
  
  if the reputation score of the requested resource is above a predetermined reputation threshold, allowing the computer system to access the requested resource;
  
  if the health of the requesting computer system is above a predetermined health threshold, then allowing the computer system to access the requested resource; and
  
  if the health of the requesting computer system is below the predetermined health threshold and the reputation of the requested resource is below the predetermined reputation threshold, determining whether to allow access to the requested resource based on a combination of the health and reputation score.
- View Dependent Claims (18, 19, 20)
- - 18. The computer-readable medium of claim 17 wherein receiving the health comprises receiving the health of the computer system from a third party application health check.
  - 19. The computer-readable medium of claim 17 further comprising, if the computer system does not allow access to the requested resource, performing auto-remediation on the computer system before denying the request to access the requested resource and performing the preceding steps again based on a new health determined after performing auto-remediation.
  - 20. The computer-readable medium of claim 17 further comprising storing an audit trail indicating whether the computer system was allowed to access the requested resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Lee, Henry

Granted Patent

US 8,561,182 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/55 Detecting local intrusion o...

HEALTH-BASED ACCESS TO NETWORK RESOURCES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

69 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

HEALTH-BASED ACCESS TO NETWORK RESOURCES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

69 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links