SYSTEMS AND METHODS TO ENFORCE SECURITY POLICIES ON THE LOADING, LINKING, AND EXECUTION OF NATIVE CODE BY MOBILE APPLICATIONS RUNNING INSIDE OF VIRTUAL MACHINES

US 20130227641A1
Filed: 04/08/2013
Published: 08/29/2013
Est. Priority Date: 01/06/2012
Status: Active Grant

First Claim

Patent Images

1. A method of enforcing policies associated with the loading, linking and/or execution of native code by an application, the method comprising:

taking an application executing, through the use of a computer processor, in a first process on a device;

providing a policy engine executing, through the use of a computer processor, in a second process on the device;

taking a request for a native code library by the application;

determining by the policy engine whether the request from the application is allowed based on a policy; and

permitting access to the native code library upon determining that the application is allowed to access the native library.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems described herein relate to enhancing security on a device by enforcing one or more policies on the loading, linking, and/or executing of native code by one or more applications executing on the device.

Citations

11 Claims

1. A method of enforcing policies associated with the loading, linking and/or execution of native code by an application, the method comprising:
- taking an application executing, through the use of a computer processor, in a first process on a device;
  
  providing a policy engine executing, through the use of a computer processor, in a second process on the device;
  
  taking a request for a native code library by the application;
  
  determining by the policy engine whether the request from the application is allowed based on a policy; and
  
  permitting access to the native code library upon determining that the application is allowed to access the native library.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the method further comprises facilitating interaction between the application and an operating system via the native code library.
  - 3. The method of claim 1, wherein providing a policy engine comprises providing a policy engine enabled to communicate with a remote policy server to obtain the policy.
  - 4. The method of claim 3, wherein the remote policy server comprises a policy server managing a policy repository comprising at least one policy.
  - 5. The method of claim 1, wherein the application is an application running inside of a virtual machine.
  - 6. The method of claim 1, further comprising taking requests from a plurality of applications.
  - 7. The method of claim 1, wherein the device is one of a mobile phone, a tablet, a laptop, and a smartphone.
  - 8. The method of claim 1, wherein the policy comprises one or more of a black list, a white list, a signature, a name check, a checksum, a library analysis check, a check for permission for an application, a process check, a user check, and a group check.
  - 9. The method of claim 1, wherein requesting a native code library by the application comprises communicating via a local cross-process communication mechanism.
  - 10. The method of claim 9, wherein the local cross-process communication mechanism comprises one of an inter-process communication mechanism, a Unix domain socket, and a shared memory.
  - 11. The method of claim 1, wherein the application is selected from the group consisting of a game, a utility, a phone application, a web browser, a music player, a tool, and an operating system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Optio Labs
Original Assignee
Optio Labs LLC
Inventors
White, Christopher Jules, Clancy, Thomas Charles III

Granted Patent

US 9,609,020 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/20   for managing network securi...

H04W 12/12   Detection or prevention of ...

H04W 12/37   Managing security policies ...

SYSTEMS AND METHODS TO ENFORCE SECURITY POLICIES ON THE LOADING, LINKING, AND EXECUTION OF NATIVE CODE BY MOBILE APPLICATIONS RUNNING INSIDE OF VIRTUAL MACHINES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS TO ENFORCE SECURITY POLICIES ON THE LOADING, LINKING, AND EXECUTION OF NATIVE CODE BY MOBILE APPLICATIONS RUNNING INSIDE OF VIRTUAL MACHINES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links