Malicious Mobile Code Runtime Monitoring System and Methods

US 20160070907A1
Filed: 11/16/2015
Published: 03/10/2016
Est. Priority Date: 05/17/2000
Status: Active Grant

First Claim

Patent Images

1. A processor-based method, comprising:

receiving, by a server, a file;

detecting, by a code detector, whether the file includes one or more instances of executable code;

generating, by a protection engine, mobile protection code when one or more instances of executable code is detected by the code detector; and

receiving, by a linking engine, the generated mobile protection code and the file containing the one or more instance of executable code, and bundling, by the linking engine, the mobile protection code and the file into a sandboxed package, wherein the bundling does not alter the file.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Protection systems and methods provide for protecting one or more personal computers (“PCs”) and/or other intermittently or persistently network accessible devices or processes from undesirable or otherwise malicious operations of Java TN applets, ActiveX™ controls, JavaScript™ scripts, Visual Basic scripts, add-ins, downloaded/uploaded programs or other “Downloadables” or “mobile code” in whole or part. A protection engine embodiment provides for monitoring information received, determining whether received information does or is likely to include executable code, and if so, causes mobile protection code (MPC) to be transferred to and rendered operable within a destination device of the received information. An MPC embodiment further provides, within a Downloadable-destination, for initiating the Downloadable, enabling malicious Downloadable operation attempts to be received by the MPC, and causing (predetermined) corresponding operations to be executed in response to the attempts.

53 Citations

16 Claims

1. A processor-based method, comprising:
- receiving, by a server, a file;
  
  detecting, by a code detector, whether the file includes one or more instances of executable code;
  
  generating, by a protection engine, mobile protection code when one or more instances of executable code is detected by the code detector; and
  
  receiving, by a linking engine, the generated mobile protection code and the file containing the one or more instance of executable code, and bundling, by the linking engine, the mobile protection code and the file into a sandboxed package, wherein the bundling does not alter the file.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The processor-based method of claim 1, further comprising:
    - communicating the sandboxed package to a computing device.
  - 3. The processor-based method of claim 1, further comprising:
    - bundling, by the linking engine, at least one security policy, in the sandboxed package.
  - 4. The processor-based method of claim 1, further comprising:
    - unbundling the sandboxed package in the following order, mobile protection code first and file second.
  - 5. The processor-based method of claim 3, further comprising:
    - unbundling the sandboxed package in the following order, mobile protection code first, at least one security policy second and file third.

6. A processor-based method for monitoring for received executables, comprising:
- detecting, by a first processing device, a received executable;
  
  wrapping, by a server, the received executable with a sandbox agent, wherein wrapping includes bundling the following separate code objects into a sandbox file;
  
  the sandbox agent,a security policy related to the received executable andthe received executable, andfurther wherein the bundling does not alter the separate code objects; and
  
  sending, by the server, the file to a second processing device.
- View Dependent Claims (7, 8, 9)
- - 7. The processor-based method of claim 6, further comprising:
    - detecting, by a detector engine of the first processing device, the received executable when the received executable is determined to include an executable file type.
  - 8. The processor-based method of claim 6, further comprising:
    - detecting, by a detector engine of the first processing device, the received executable when the received executable is determined to include a code pattern indicative of an executable.
  - 9. The processor-based method of claim 6, further comprising:
    - unbundling the sandbox file in the following order at the second processing device, sandbox agent first, security policy second and received executable third.

10. A processor-based method, comprising:
- receiving, at a server, a file;
  
  detecting, by a detector engine, at least one received executable within the received file;
  
  wrapping, by the server, the received file with a sandbox agent, wherein wrapping includes bundling the following separate code objects into a sandbox file;
  
  the sandbox agent,a security policy related to the at least one received executable andthe received file, andfurther wherein the bundling does not alter the separate code objects; and
  
  sending, by the server, the sandbox file to a processing device.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The processor-based method of claim 10, wherein the detector engine is a code detector.
  - 12. The processor-based method of claim 11, further comprising:
    - detecting by a file-type detector of the code detector that the received file is an executable file type.
  - 13. The processor-based method of claim 11, further comprising:
    - detecting, by a file-type detector of the code detector, that the received file is a compressed file type;
      
      opening, by an inflator of the code detector, the compressed received file into one or more open received files; and
      
      detecting, by the file-type detector, that one or more opened received files is an executable file type.
  - 14. The processor-based method of claim 10, wherein the detector engine is a content detector.
  - 15. The processor-based method of claim 14, comprising:
    - parsing, by a parser of the detection engine, the received file into one or more portions;
      
      analyzing, by a pattern detector of the content detector, that the one or more portions of the received file include a code pattern indicating a received executable.

16. A computer-implemented method, comprising:
- receiving program code at a first computing device;
  
  detecting if the program code contains an executable file;
  
  forming a sandbox package including protection code and the program code if it contains an executable file; and
  
  sending the sandbox package to a second computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Finjan Holdings, Inc. (SoftBank Group Corp.)
Original Assignee
Finjan, Inc. (SoftBank Group Corp.)
Inventors
Edery, Yigal Mordechai, Vered, Nimrod Itzhak, Kroll, David R.

Granted Patent

US 10,552,603 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/52   during program execution, e...

G06F 21/53   by executing in a restricte...

G06F 21/562   Static detection

G06F 21/563   by source code analysis

G06F 2221/033   Test or assess software

G06F 2221/2119   Authenticating web pages, e...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

H04L 63/20   for managing network securi...

Malicious Mobile Code Runtime Monitoring System and Methods

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

53 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Malicious Mobile Code Runtime Monitoring System and Methods

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links