Method and Apparatus to Vet an Executable Program Using a Model

US 20100257253A1
Filed: 04/01/2009
Published: 10/07/2010
Est. Priority Date: 04/01/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

at a network infrastructure element;

determining that an end-user platform seeks to download an executable program;

executing the executable program to develop a corresponding model of the executable program representing operating system call-based behavior of the executable program;

using the model of the executable program to vet the operating system call-based behavior of the executable program with respect to policies corresponding to the end-user platform; and

permitting the end-user platform to download the executable program when the operating system call-based behavior of the executable program vets acceptably with respect to the policies.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network infrastructure element (300) can be configured to, upon determining (101) that an end-user platform (305) seeks to download an executable program, execute (103) the program to develop a corresponding model that represents corresponding operating system call-based behavior. The network infrastructure element can then use (104) this model to vet the operating system call-based behavior of the program with respect to end-user platform policies. When the operating system call-based behavior vets acceptably with respect to these policies, the end-user platform can then be permitted to download (106) the executable program. If desired, the network infrastructure element can provide (107) the model to the end-user platform to permit vetting of the modeled behavior with respect to locally-maintained policies. The model provided to the end-user platform can comprise a size-reduced sliced model.

28 Citations

View as Search Results

17 Claims

1. A method comprising:
- at a network infrastructure element;
  
  determining that an end-user platform seeks to download an executable program;
  
  executing the executable program to develop a corresponding model of the executable program representing operating system call-based behavior of the executable program;
  
  using the model of the executable program to vet the operating system call-based behavior of the executable program with respect to policies corresponding to the end-user platform; and
  
  permitting the end-user platform to download the executable program when the operating system call-based behavior of the executable program vets acceptably with respect to the policies.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein determining that an end-user platform seeks to download an executable program comprises receiving a download request sourced by the end-user platform.
  - 3. The method of claim 1 wherein executing the executable program to develop a corresponding model of the executable program representing operating system call-based behavior of the executable program comprises executing the executable program using random input content.
  - 4. The method of claim 1 wherein executing the executable program to develop a corresponding model of the executable program representing operating system call-based behavior of the executable program comprises executing the executable program a plurality of times using automatically generated differing input content.
  - 5. The method of claim 1 further comprising:
    - receiving information regarding the policies from the end-user platform.
  - 6. The method of claim 1 further comprising:
    - slicing the model to provide a sliced model;
      
      and wherein permitting the end-user platform to download the executable program also comprises communicating the sliced model to the end-user platform.
  - 7. The method of claim 1 further comprising, when the operating system call-based behavior of the executable program vets acceptably with respect to the policies:
    - computing a message-digest function with respect to the executable program to thereby create a signed version of the executable program, which signed version also comprises, in part, at least one of the policies.
  - 8. The method of claim 7 further comprising:
    - determining that another end-user platform seeks to download the executable program; and
      
      providing to the other end-user platform the signed version of the executable program.

9. A apparatus comprising a network infrastructure element having:
- a memory;
  
  a network interface; and
  
  a control circuit operably coupled to the memory and the network interface and being configured to;
  
  determine that an end-user platform seeks to download an executable program;
  
  execute the executable program to develop a corresponding model of the executable program representing operating system call-based behavior of the executable program;
  
  use the model of the executable program to vet the operating system call-based behavior of the executable program with respect to policies corresponding to the end-user platform; and
  
  permit the end-user platform to download the executable program when the operating system call-based behavior of the executable program vets acceptably with respect to the policies.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The apparatus of claim 9 wherein the control circuit is further configured to determine that an end-user platform seeks to download an executable program by receiving, via the network interface, a download request sourced by the end-user platform.
  - 11. The apparatus of claim 9 wherein the control circuit is further configured to execute the executable program to develop a corresponding model of the executable program representing operating system call-based behavior of the executable program by executing the executable program using random input content.
  - 12. The apparatus of claim 9 wherein the control circuit is further configured to execute the executable program to develop a corresponding model of the executable program representing operating system call-based behavior of the executable program by executing the executable program a plurality of times using automatically generated differing input content.
  - 13. The apparatus of claim 9 wherein the control circuit is further configured to receive, via the network interface, information regarding the policies from the end-user platform.
  - 14. The apparatus of claim 9 wherein the control circuit is further configured to slice the model to provide a sliced model, and wherein the control circuit is further configured to permit the end-user platform to download the executable program by also communicating the sliced model to the end-user platform.

15. A method comprising:
- at an end-user platform having a plurality of policies regarding operating system calls;
  
  communicating to a network infrastructure element information regarding downloading of a particular executable program;
  
  receiving from the network infrastructure element;
  
  an approval regarding the downloading of the particular executable program; and
  
  a model of the executable program representing operating system call-based behavior of the executable program; and
  
  using the model of the executable program to vet the operating system call-based behavior of the executable program with respect to some, but not all, of the policies regarding operating system calls.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15 wherein communicating to a network infrastructure element information further comprises communicating to the network infrastructure element information regarding some, but not all, of the policies regarding operating system calls to thereby permit the network infrastructure element to vet some, but not all, of the policies against the operating system call-based behavior of the executable program.
  - 17. The method of claim 15 further comprising:
    - downloading the executable program when the operating system call-based behavior of the executable program vets acceptably.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
Moore, Morris A., Saha, Dipikalyan, Saha, Subir

Granted Patent

US 8,484,625 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/217
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/52   during program execution, e...

G06F 21/566   Dynamic detection, i.e. det...

G06F 9/44589   Program code verification, ...

H04L 63/145   the attack involving the pr...

H04L 67/34   involving the movement of s...

Method and Apparatus to Vet an Executable Program Using a Model

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method and Apparatus to Vet an Executable Program Using a Model

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links