REACTIVE ANTI-TAMPERING SYSTEM

US 20130111462A1
Filed: 10/28/2011
Published: 05/02/2013
Est. Priority Date: 10/28/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

providing a protected service executing on a client device;

providing a management infrastructure having a capability to monitor the protected service for an occurrence of a tamper event and to initiate a remedial action in response to detecting occurrence of the tamper event;

defining at least one tamper event and a corresponding remedial action; and

utilizing the management infrastructure to monitor for an occurrence of the tamper event at the protected service and to apply the remedial action to the protected service upon detection of the occurrence of the tamper event.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An enterprise computing system may utilize a management infrastructure that interacts with protected services in the system. The management infrastructure accepts requests through an anti-tamper procedure that specifies a tamper event, a crucial service to be protected, and a remedial action that may be applied when the tamper event occurs on the protected service. The anti-tamper procedure may be created by a system administrator and distributed to one or more client devices in the system. The management infrastructure monitors a protected service in accordance with the operations and actions specified in the anti-tamper procedure thereby ensuring that the integrity of the system is preserved.

37 Citations

View as Search Results

20 Claims

1. A computer-implemented method, comprising:
- providing a protected service executing on a client device;
  
  providing a management infrastructure having a capability to monitor the protected service for an occurrence of a tamper event and to initiate a remedial action in response to detecting occurrence of the tamper event;
  
  defining at least one tamper event and a corresponding remedial action; and
  
  utilizing the management infrastructure to monitor for an occurrence of the tamper event at the protected service and to apply the remedial action to the protected service upon detection of the occurrence of the tamper event.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-implemented method of claim 1, further comprising:
    - specifying the tamper event, the protected service, and the remedial action through executable instructions.
  - 3. The computer-implemented method of claim 1, wherein the management infrastructure is Windows Management Instrumentation.
  - 4. The computer-implemented method of claim 1, wherein the tamper event is a removal of a protected service and the remedial action is to install the protected service.
  - 5. The computer-implemented method of claim 1, wherein the tamper event stops a protected service and the remedial action restarts the protected service.
  - 6. The computer-implemented method of claim 1, wherein the tamper event changes a service configuration of a protected service and the remedial action restores the service configuration of the protected service to an original state.
  - 7. The computer-implemented method of claim 1, wherein the tamper event deletes a file associated with a protected service and the remedial action restores the file.
  - 8. The computer-implemented method of claim 1, wherein the tamper event uninstalled an application associated with a protected service and the remedial action installs the application.
  - 9. The computer-implemented method of claim 1, wherein the tamper event alters security properties of a protected service and the remedial action restores the security properties to an original state.
  - 10. The computer-implemented method of claim 1, wherein the tamper event and the remedial action are defined through a script file.

11. A computer-readable storage medium storing thereon processor-executable instructions, comprising:
- instructions, that when executed on a processor, receive a request to monitor a protected service;
  
  instructions, that when executed on a processor, request that a management infrastructure facilitate monitoring for occurrence of an event on a protected service; and
  
  instructions, that when executed on a processor, initiates a remedial action tailored to the event and the protected service.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. A computer-readable storage medium of claim 11, wherein the event affects execution of a protected service, wholly or in part, and the remedial action restores execution of the protected service.
  - 13. A computer-readable storage medium of claim 11, wherein the event alters a service configuration of a protected service and the remedial action restores the service configuration to an original state.
  - 14. A computer-readable storage medium of claim 11, wherein the event affects a process associated with a protected service and the remedial action reactivates the process.
  - 15. A computer-readable storage medium of claim 11, wherein the event changes security properties associated with a protected service and the remedial action restores the security properties to an original state.
  - 16. A computer-readable storage medium of claim 11, wherein the event uninstalls an application associated with a protected service and the remedial action installs the application.

17. A system, comprising:
- at least one protected service operating on a client device;
  
  a management infrastructure, operating on the client device, having a programming interface that interacts with the protected service;
  
  a script file having a first set of executable instructions that requests the management infrastructure to monitor the protected service for occurrence of an event and a second set of executable instructions that specify a remedial action that the management infrastructure performs on a protected service; and
  
  a plurality of providers, each provider coupled to the management infrastructure and a protected service, the provider configured to receive instructions from the management infrastructure and to provide data in response to instructions.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the first set of executable instructions request the management infrastructure to monitor stoppage of the protected service and the second set of executable instructions restart the protected service.
  - 19. The system of claim 17, wherein the first set of executable instructions request the management infrastructure to monitor for removal of the protected service and the second set of executable instructions install the protected service.
  - 20. The system of claim 17, wherein the first set of executable instructions request the management infrastructure to monitor for alteration of a feature of the protected service and the second set of executable instructions restore the protected service to an original state.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
UMANSKY, ALEX, Borshack, Ronen, Zeitlin, Eli

Granted Patent

US 8,756,594 B2
Time in Patent Office

Days
Field of Search
US Class Current

717/174
CPC Class Codes

G06F 21/554 involving event detection a...

REACTIVE ANTI-TAMPERING SYSTEM

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

37 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

REACTIVE ANTI-TAMPERING SYSTEM

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others