Protection of Computer System
First Claim
1. A method of protection of a computer system, the method having the steps of:
- (a) providing the computer system with an application for processing incoming files of a predefined Headerless format having a Characteristic pattern in a prearranged file location,(b) ascertaining an incoming file'"'"'s Characteristic pattern from bytes of the file,(c) determining whether or not the file has contents that are acceptable when interpreted in accordance with a file format specification associated with its Characteristic pattern,(d) allowing processing of the file by the computer system if the file has acceptable content,(e) checking an incoming file allowed for processing and having Headerless format by comparing bytes of the file with the Characteristic pattern of the predefined Headerless format, and(f) disallowing processing by the application if the file does not have the Characteristic pattern of the predefined Headerless format in the prearranged file location.
1 Assignment
0 Petitions
Accused Products
Abstract
Protection of a computer system (104) against attacks using malformed files is applied to an application (106) configured to process files of a predefined Headerless format indicated by a Characteristic pattern of bytes. An incoming file'"'"'s Characteristic pattern is checked by comparing its leading bytes with Characteristic patterns. If its leading bytes have such a pattern, the file (100) is subjected to a full content check; the file is discarded (100) if it lacks such a pattern or has contents considered damaging. A file is checked regarding suitability for further processing by comparing its leading bytes with the Characteristic pattern of the predefined Headerless format. A full content check of the file may also be carried out. The application (106) is permitted to process files having the Characteristic pattern of the predefined Headerless format and appropriate file contents. The method can deal with ZIP files (b) etc. starting with redundant data b1 even if polymorphic, provided that the file is not potentially damaging.
-
Citations
10 Claims
-
1. A method of protection of a computer system, the method having the steps of:
-
(a) providing the computer system with an application for processing incoming files of a predefined Headerless format having a Characteristic pattern in a prearranged file location, (b) ascertaining an incoming file'"'"'s Characteristic pattern from bytes of the file, (c) determining whether or not the file has contents that are acceptable when interpreted in accordance with a file format specification associated with its Characteristic pattern, (d) allowing processing of the file by the computer system if the file has acceptable content, (e) checking an incoming file allowed for processing and having Headerless format by comparing bytes of the file with the Characteristic pattern of the predefined Headerless format, and (f) disallowing processing by the application if the file does not have the Characteristic pattern of the predefined Headerless format in the prearranged file location. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of protection of a computer system, the method having the steps of:
-
(a) providing the computer system with an application for processing incoming files of a predefined Headerless format having a Characteristic pattern not located at the beginning of the file, (b) allowing processing of an incoming file by the computer system if the file does not begin with a Characteristic pattern, (c) checking for the Characteristic pattern of the predefined Headerless format in an incoming file allowed for processing, and (d) disallowing processing by the application if the file does not have the Characteristic pattern of the predefined Headerless format.
-
-
7. A protected computer system incorporating:
-
(a) an application for processing incoming files of a predefined Headerless format having a Characteristic pattern in a prearranged file location, (b) a first checking means for; i. ascertaining an incoming file'"'"'s Characteristic pattern from bytes of the file, ii. determining whether or not the file has contents that are acceptable when interpreted in accordance with a file format specification associated with its Characteristic pattern, iii. allowing processing of the file by the computer system if the file has acceptable content, (c) a second checking means for; i. checking an incoming file allowed for processing and having Headerless format by comparing bytes of the file with the Characteristic pattern of the predefined Headerless format, and ii. disallowing processing by the application if the file does not have the Characteristic pattern of the predefined Headerless format in the prearranged file location.
-
-
8. A protected computer system incorporating:
-
(a) an application for processing incoming files of a predefined Headerless format having a Characteristic pattern not located at the beginning of the file, (b) a first checking means for; i. determining whether or not the file begins with a Characteristic pattern, ii. allowing processing of the file by the computer system if the file does not begin with a Characteristic pattern, (c) a second checking means for; i. checking for the Characteristic pattern of the predefined Headerless format in an incoming file allowed for processing, and ii. disallowing processing by the application if the file does not have the Characteristic pattern of the predefined Headerless format.
-
-
9. A computer software product comprising a computer readable medium containing computer readable instructions for providing to a computer system, the computer system having an application for processing incoming files of a predefined Headerless format having a Characteristic pattern in a prearranged file location, wherein the computer readable instructions provide a means for controlling the computer system to:
-
(a) ascertain an incoming file'"'"'s Characteristic pattern from bytes of the file, (b) determine whether or not the file has contents that are acceptable when interpreted in accordance with a file format specification associated with its Characteristic pattern, (c) allow processing of the file by the computer system if the file has acceptable content, (d) check an incoming file allowed for processing and having Headerless format by comparing bytes of the file with the Characteristic pattern of the predefined Headerless format, and (e) disallow processing by the application if the file does not have the Characteristic pattern of the predefined Headerless format in the prearranged file location.
-
-
10. A computer software product comprising a computer readable medium containing computer readable instructions for providing to a computer system, the computer system having an application for processing incoming files of a predefined Headerless format having a Characteristic pattern, wherein the computer readable instructions provide a means for controlling the computer system to:
-
(a) allow processing of an incoming file by the computer system if the file does not begin with a Characteristic pattern, (b) check for the Characteristic pattern of the predefined Headerless format in an incoming file allowed for processing, and (c) disallow processing by the application if the file does not have the Characteristic pattern of the predefined Headerless format.
-
Specification