SOLIDIFYING THE EXECUTABLE SOFTWARE SET OF A COMPUTER
9 Assignments
0 Petitions
Accused Products
Abstract
System and method for solidifying (or “freezing”) the set of software and configuration data available for execution on a computer. Any additional software installed on the computer after the solidification process will not execute, regardless of whether the installation is initiated or otherwise performed by a person with administrative privilege. The ability to allow new or modified software to execute on the computer rests with an integrity server separate from and outside of the solidified computer. The solidification of software and configuration data proceeds on a level of granularity selectable by the integrity server and any operators thereof.
157 Citations
40 Claims
-
1-20. -20. (canceled)
-
21. A method, comprising:
-
receiving a set of data from a first computer over a network at a second computer, wherein the first computer authorizes modifications to a plurality of software programs being executed on the second computer, and wherein a new software program downloaded by the second computer remains unexecutable until the first computer authorizes the new software program using a checksum operation; generating a calling name space translation on the second computer according to the set of data, wherein one or more original calling names associated with an original interface are translated into one or more translated calling names associated with a translated interface; and translating an original software program of the plurality of software programs to obtain a translated software program. - View Dependent Claims (22, 23, 24, 25, 26)
-
-
27. A computer system, comprising:
-
a processor; and a memory, wherein the computer system is configured for; receiving a set of data from an integrity server over a network at the computer system, wherein the integrity server authorizes modifications to a plurality of software programs being executed on the computer system, and wherein a new software program downloaded by the computer system remains unexecutable until the integrity server authorizes the new software program using a checksum operation; generating a calling name space translation on the computer system according to the set of data, wherein one or more original calling names associated with an original interface are translated into one or more translated calling names associated with a translated interface; and translating an original software program of the plurality of software programs to obtain a translated software program. - View Dependent Claims (28, 29, 30, 31, 32)
-
-
33. Logic encoded in non-transitory tangible media that includes code for execution and when executed by a processor is operable to perform operations comprising:
-
receiving a set of data from a first computer over a network at a second computer, wherein the first computer authorizes modifications to a plurality of software programs being executed on the second computer, and wherein a new software program downloaded by the second computer remains unexecutable until the first computer authorizes the new software program using a checksum operation; generating a calling name space translation on the second computer according to the set of data, wherein one or more original calling names associated with an original interface are translated into one or more translated calling names associated with a translated interface; and translating an original software program of the plurality of software programs to obtain a translated software program. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40)
-
Specification