COMPUTER SYSTEM LOCK-DOWN
First Claim
1. A method of locking down a computer system to limit execution of computer program code to only that which can be verified to be approved to run on the computer system, the method comprising:
- storing within a memory of the computer system a customized, local whitelist database, the customized, local whitelist database forming part of an authentication system operable within the computer system and containing therein cryptographic hash values of code modules expressly approved for execution by the computer system;
intercepting, by a kernel mode driver of the authentication system, a request to create a process associated with a code module;
determining, by the authentication system, whether to authorize the request by causing a cryptographic hash value of the code module to be authenticated with reference to the customized, local whitelist database;
allowing, by the authentication system, the code module to be loaded and executed within the computer system if the cryptographic hash value matches one of the cryptographic hash values of code modules expressly approved for execution by the computer system that are contained within the customized, local whitelist database; and
wherein the authentication system is implemented in one or more processors and one or more computer-readable storage media associated with the computer system, the one or more computer-readable storage media having instructions tangibly embodied therein representing the authentication system that are executable by the one or more processors.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for allowing authorized code to execute on a computer system are provided. According to one embodiment, a method is provided for locking down a computer system. A customized, local whitelist database is stored with a memory of the computer system. The whitelist database forms a part of an authentication system operable within the computer system and contains therein cryptographic hash values of code modules expressly approved for execution by the computer system. A kernel mode driver of the authentication system intercepts a request to create a process associated with a code module. The authentication system determines whether to authorize the request by causing a cryptographic hash value of the code module to be authenticated against the whitelist database. The authentication system allows the code module to be loaded and executed within the computer system if the cryptographic hash value matches one of the cryptographic hash values.
-
Citations
20 Claims
-
1. A method of locking down a computer system to limit execution of computer program code to only that which can be verified to be approved to run on the computer system, the method comprising:
-
storing within a memory of the computer system a customized, local whitelist database, the customized, local whitelist database forming part of an authentication system operable within the computer system and containing therein cryptographic hash values of code modules expressly approved for execution by the computer system; intercepting, by a kernel mode driver of the authentication system, a request to create a process associated with a code module; determining, by the authentication system, whether to authorize the request by causing a cryptographic hash value of the code module to be authenticated with reference to the customized, local whitelist database; allowing, by the authentication system, the code module to be loaded and executed within the computer system if the cryptographic hash value matches one of the cryptographic hash values of code modules expressly approved for execution by the computer system that are contained within the customized, local whitelist database; and wherein the authentication system is implemented in one or more processors and one or more computer-readable storage media associated with the computer system, the one or more computer-readable storage media having instructions tangibly embodied therein representing the authentication system that are executable by the one or more processors. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer system comprising:
-
a storage device having tangibly embodied thereon instructions associated with a code module authentication system and a customized, local whitelist database, the customized, local whitelist database containing therein cryptographic hash values of code modules expressly approved for execution by the computer system; and one or more processors coupled to the storage device and operable to execute the instructions associated with the code module authentication system to perform a method comprising; intercepting a request to create a process associated with a code module; determining whether to authorize the request by causing a cryptographic hash value of the code module to be authenticated with reference to the customized, local whitelist database; and allowing the code module to be loaded and executed within the computer system if the cryptographic hash value matches one of the cryptographic hash values of code modules expressly approved for execution by the computer system that are contained within the customized, local whitelist database. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A program storage device readable by a computer system, tangibly embodying a program of instructions executable by one or more computer processors of the computer system to perform method steps for allowing authorized code to execute on the computer system comprising:
-
intercepting a request to create a process associated with a code module; determining, by the authentication system, whether to authorize the request by causing a cryptographic hash value of the code module to be authenticated with reference to a customized, local whitelist database stored within a memory of the computer system and containing therein cryptographic hash values of code modules expressly approved for execution by the computer system; and allowing the code module to be loaded and executed within the computer system if the cryptographic hash value matches one of the cryptographic hash values of code modules expressly approved for execution by the computer system that are contained within the customized, local whitelist database.
-
Specification