SOLIDIFYING THE EXECUTABLE SOFTWARE SET OF A COMPUTER

US 20110093842A1
Filed: 12/22/2010
Published: 04/21/2011
Est. Priority Date: 09/07/2004
Status: Active Grant

First Claim

Patent Images

1-20. -20. (canceled)

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System and method for solidifying (or “freezing”) the set of software and configuration data available for execution on a computer. Any additional software installed on the computer after the solidification process will not execute, regardless of whether the installation is initiated or otherwise performed by a person with administrative privilege. The ability to allow new or modified software to execute on the computer rests with an integrity server separate from and outside of the solidified computer. The solidification of software and configuration data proceeds on a level of granularity selectable by the integrity server and any operators thereof.

157 Citations

View as Search Results

40 Claims

1-20. -20. (canceled)

21. A method, comprising:
- receiving a set of data from a first computer over a network at a second computer, wherein the first computer authorizes modifications to a plurality of software programs being executed on the second computer, and wherein a new software program downloaded by the second computer remains unexecutable until the first computer authorizes the new software program using a checksum operation;
  
  generating a calling name space translation on the second computer according to the set of data, wherein one or more original calling names associated with an original interface are translated into one or more translated calling names associated with a translated interface; and
  
  translating an original software program of the plurality of software programs to obtain a translated software program.
- View Dependent Claims (22, 23, 24, 25, 26)
- - 22. The method of claim 21, wherein the original interface comprises a language interface provided by a language interpreter residing on the first computer, and wherein the original interface comprises a set of one or more system calls provided by an operating system of the first computer.
  - 23. The method of claim 21, wherein a first checksum is associated with a first translated software program such that a first request for execution of the first translated software program triggers a second checksum being computed for the first translated software program, and wherein the first translated software program is executed when the second checksum matches the first checksum.
  - 24. The method of claim 21, wherein the one or more translated calling names are invalid for calling the original interface.
  - 25. The method of claim 21, further comprising:
    - reverse translating the translated software program to obtain a reverse translated software program, the reverse translated software program not being executable as the original software program if the translated software program comprises additional references corresponding to the one or more original calling names prior to the reverse translation.
  - 26. The method of claim 21, wherein at least a portion of the translated calling names are not mapped to a corresponding unique name in an original name space, and wherein the calling name space translation is larger than the original name space.

27. A computer system, comprising:
- a processor; and
  
  a memory, wherein the computer system is configured for;
  
  receiving a set of data from an integrity server over a network at the computer system, wherein the integrity server authorizes modifications to a plurality of software programs being executed on the computer system, and wherein a new software program downloaded by the computer system remains unexecutable until the integrity server authorizes the new software program using a checksum operation;
  
  generating a calling name space translation on the computer system according to the set of data, wherein one or more original calling names associated with an original interface are translated into one or more translated calling names associated with a translated interface; and
  
  translating an original software program of the plurality of software programs to obtain a translated software program.
- View Dependent Claims (28, 29, 30, 31, 32)
- - 28. The computer system of claim 27, wherein the original interface comprises a language interface provided by a language interpreter residing on the integrity server, and wherein the original interface comprises a set of one or more system calls provided by an operating system of the integrity server.
  - 29. The computer system of claim 27, wherein a first checksum is associated with a first translated software program such that a first request for execution of the first translated software program triggers a second checksum being computed for the first translated software program, and wherein the first translated software program is executed when the second checksum matches the first checksum.
  - 30. The computer system of claim 27, wherein the one or more translated calling names are invalid for calling the original interface.
  - 31. The computer system of claim 27, wherein the computer system is further configured for:
    - reverse translating the translated software program to obtain a reverse translated software program, the reverse translated software program not being executable as the original software program if the translated software program comprises additional references corresponding to the one or more original calling names prior to the reverse translation.
  - 32. The computer system of claim 27, wherein at least a portion of the translated calling names are not mapped to a corresponding unique name in an original name space, and wherein the calling name space translation is larger than the original name space.

33. Logic encoded in non-transitory tangible media that includes code for execution and when executed by a processor is operable to perform operations comprising:
- receiving a set of data from a first computer over a network at a second computer, wherein the first computer authorizes modifications to a plurality of software programs being executed on the second computer, and wherein a new software program downloaded by the second computer remains unexecutable until the first computer authorizes the new software program using a checksum operation;
  
  generating a calling name space translation on the second computer according to the set of data, wherein one or more original calling names associated with an original interface are translated into one or more translated calling names associated with a translated interface; and
  
  translating an original software program of the plurality of software programs to obtain a translated software program.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40)
- - 34. The logic of claim 33, wherein the original interface comprises a language interface provided by a language interpreter residing on the first computer, and wherein the original interface comprises a set of one or more system calls provided by an operating system of the first computer.
  - 35. The logic of claim 33, wherein a first checksum is associated with a first translated software program such that a first request for execution of the first translated software program triggers a second checksum being computed for the first translated software program, and wherein the first translated software program is executed when the second checksum matches the first checksum.
  - 36. The logic of claim 33, wherein the one or more translated calling names are invalid for calling the original interface.
  - 37. The logic of claim 33, the operations further comprising:
    - reverse translating the translated software program to obtain a reverse translated software program, the reverse translated software program not being executable as the original software program if the translated software program comprises additional references corresponding to the one or more original calling names prior to the reverse translation.
  - 38. The logic of claim 33, wherein at least a portion of the translated calling names are not mapped to a corresponding unique name in an original name space, and wherein the calling name space translation is larger than the original name space.
  - 39. The logic of claim 33, wherein if the second computer operates in a first operational state, newly installed software in the second computer can be executed.
  - 40. The logic of claim 39, wherein if the second computer operates in a second operational state, the newly installed software cannot be executed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Sebes, E. John

Granted Patent

US 8,561,051 B2
Time in Patent Office

Days
Field of Search
US Class Current

717/168
CPC Class Codes

G06F 21/566   Dynamic detection, i.e. det...

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2147   Locking files

SOLIDIFYING THE EXECUTABLE SOFTWARE SET OF A COMPUTER

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

157 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

SOLIDIFYING THE EXECUTABLE SOFTWARE SET OF A COMPUTER

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

157 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links