METHOD AND APPARATUS FOR COMBATING WEB-BASED SURREPTITIOUS BINARY INSTALLATIONS

US 20120030760A1
Filed: 08/02/2010
Published: 02/02/2012
Est. Priority Date: 08/02/2010
Status: Abandoned Application

First Claim

Patent Images

1. A method for combating web-based surreptitious binary installations on a computing device, the method comprising:

intercepting a download of a file to a local file system of the computing device;

storing the file in the local file system when the file is correlated with a user consent; and

storing the file in a secure zone of the computing device when the file is not correlated with a user consent, wherein files stored in the secure zone cannot be executed or propagated.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a method and apparatus for combating web-based surreptitious binary installations. One embodiment of a method combating web-based surreptitious binary installations on a computing device includes intercepting a download of a file to a local file system of the computing device, storing the file in the local file system when the file is correlated with a user consent, and storing the file in a secure zone of the computing device when the file is not correlated with a user consent, wherein files stored in the secure zone cannot be executed or propagated.

Citations

20 Claims

1. A method for combating web-based surreptitious binary installations on a computing device, the method comprising:
- intercepting a download of a file to a local file system of the computing device;
  
  storing the file in the local file system when the file is correlated with a user consent; and
  
  storing the file in a secure zone of the computing device when the file is not correlated with a user consent, wherein files stored in the secure zone cannot be executed or propagated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the intercepting further comprises:
    - automatically redirecting the file to the secure zone at least temporarily; and
      
      attempting to correlate the file to a user consent prior to storing the file.
  - 3. The method of claim 1, wherein the user consent is inferred.
  - 4. The method of claim 3, wherein the user consent is inferred by:
    - monitoring one or more user interactions with a web browser for the appearance of a download consent dialog;
      
      intercepting one or more user inputs to the computing device subsequent to the appearance of the download consent dialog; and
      
      inferring the user consent when the one or more user inputs indicate an authorization of the download consent dialog.
  - 5. The method of claim 4, wherein the monitoring comprises:
    - maintaining one or more signatures, where each of the one or more signatures identifies an external appearance and an internal hierarchy of a class of download consent dialogs;
      
      comparing one or more user interface elements displayed on a screen of the computing device to the one or more signatures; and
      
      detecting the download consent dialog when the one or more user interface elements matches one of the one or more signatures.
  - 6. The method of claim 4, wherein the one or more user inputs are received via at least one of:
    - a keyboard or a mouse.
  - 7. The method of claim 1, wherein the download is initiated by a supervised process of a web browser.
  - 8. The method of claim 1, wherein the method is implemented within a kernel of an operating system of the computing device.

9. A non-transitory computer readable medium containing an executable program for combating web-based surreptitious binary installations on a computing device, where the program performs steps comprising:
- intercepting a download of a file to a local file system of the computing device;
  
  storing the file in the local file system when the file is correlated with a user consent; and
  
  storing the file in a secure zone of the computing device when the file is not correlated with a user consent, wherein files stored in the secure zone cannot be executed or propagated.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The non-transitory computer readable medium of claim 9, wherein the intercepting further comprises:
    - automatically redirecting the file to the secure zone at least temporarily; and
      
      attempting to correlate the file to a user consent prior to storing the file.
  - 11. The non-transitory computer readable medium of claim 9, wherein the user consent is inferred.
  - 12. The non-transitory computer readable medium of claim 11, wherein the user consent is inferred by:
    - monitoring one or more user interactions with a web browser for the appearance of a download consent dialog;
      
      intercepting one or more user inputs to the computing device subsequent to the appearance of the download consent dialog; and
      
      inferring the user consent when the one or more user inputs indicate an authorization of the download consent dialog.
  - 13. The non-transitory computer readable medium of claim 12, wherein the monitoring comprises:
    - maintaining one or more signatures, where each of the one or more signatures identifies an external appearance and an internal hierarchy of a class of download consent dialogs;
      
      comparing one or more user interface elements displayed on a screen of the computing device to the one or more signatures; and
      
      detecting the download consent dialog when the one or more user interface elements matches one of the one or more signatures.
  - 14. The non-transitory computer readable medium of claim 12, wherein the one or more user inputs are received via at least one of:
    - a keyboard or a mouse.
  - 15. The non-transitory computer readable medium of claim 9, wherein the download is initiated by a supervised process of a web browser.
  - 16. The non-transitory computer readable medium of claim 9, wherein the method is implemented within a kernel of an operating system of the computing device.

17. A system for combating web-based surreptitious binary installations on a computing device, the system comprising:
- an I/O redirector for intercepting a download of a file to a local file system of the computing device;
  
  a correlator for correlating the file to a user consent;
  
  a local file system for storing the file when the file is correlated with a user consent; and
  
  a secure zone for storing the file when the file is not correlated with a user consent, wherein the secure zone prevents the file from executing or propagating.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, further comprising:
    - a screen parser for monitoring one or more user interactions with a web browser for the appearance of a download consent dialog;
      
      a hardware event tracer for intercepting one or more user inputs to the computing device subsequent to the appearance of the download consent dialog; and
      
      a supervisor inferring the user consent when the one or more user inputs indicate an authorization of the download consent dialog.
  - 19. The system of claim 18, wherein the supervisor further coordinates one or more operations of the I/O redirector, the correlator, the screen parser, and the hardware event tracer.
  - 20. The system of claim 17, wherein the system is implemented within a kernel of an operating system of the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SRI International, Inc.
Original Assignee
SRI International, Inc.
Inventors
Porras, Phillip, Yegneswaran, Vinod, Lu, Long

Application Number

US12/848,827
Publication Number

US 20120030760A1
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/51 at application loading time...

METHOD AND APPARATUS FOR COMBATING WEB-BASED SURREPTITIOUS BINARY INSTALLATIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR COMBATING WEB-BASED SURREPTITIOUS BINARY INSTALLATIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links