Method and Apparatus to Vet an Executable Program Using a Model
First Claim
1. A method comprising:
- at a network infrastructure element;
determining that an end-user platform seeks to download an executable program;
executing the executable program to develop a corresponding model of the executable program representing operating system call-based behavior of the executable program;
using the model of the executable program to vet the operating system call-based behavior of the executable program with respect to policies corresponding to the end-user platform; and
permitting the end-user platform to download the executable program when the operating system call-based behavior of the executable program vets acceptably with respect to the policies.
4 Assignments
0 Petitions
Accused Products
Abstract
A network infrastructure element (300) can be configured to, upon determining (101) that an end-user platform (305) seeks to download an executable program, execute (103) the program to develop a corresponding model that represents corresponding operating system call-based behavior. The network infrastructure element can then use (104) this model to vet the operating system call-based behavior of the program with respect to end-user platform policies. When the operating system call-based behavior vets acceptably with respect to these policies, the end-user platform can then be permitted to download (106) the executable program. If desired, the network infrastructure element can provide (107) the model to the end-user platform to permit vetting of the modeled behavior with respect to locally-maintained policies. The model provided to the end-user platform can comprise a size-reduced sliced model.
28 Citations
17 Claims
-
1. A method comprising:
at a network infrastructure element; determining that an end-user platform seeks to download an executable program; executing the executable program to develop a corresponding model of the executable program representing operating system call-based behavior of the executable program; using the model of the executable program to vet the operating system call-based behavior of the executable program with respect to policies corresponding to the end-user platform; and permitting the end-user platform to download the executable program when the operating system call-based behavior of the executable program vets acceptably with respect to the policies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A apparatus comprising a network infrastructure element having:
-
a memory; a network interface; and a control circuit operably coupled to the memory and the network interface and being configured to; determine that an end-user platform seeks to download an executable program; execute the executable program to develop a corresponding model of the executable program representing operating system call-based behavior of the executable program; use the model of the executable program to vet the operating system call-based behavior of the executable program with respect to policies corresponding to the end-user platform; and permit the end-user platform to download the executable program when the operating system call-based behavior of the executable program vets acceptably with respect to the policies. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A method comprising:
-
at an end-user platform having a plurality of policies regarding operating system calls; communicating to a network infrastructure element information regarding downloading of a particular executable program; receiving from the network infrastructure element; an approval regarding the downloading of the particular executable program; and a model of the executable program representing operating system call-based behavior of the executable program; and using the model of the executable program to vet the operating system call-based behavior of the executable program with respect to some, but not all, of the policies regarding operating system calls. - View Dependent Claims (16, 17)
-
Specification